marius/log2ml
1
0
Fork 0
mirror of https://github.com/norandom/log2ml.git synced 2024-10-22 18:35:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
2a0ad000ae
log2ml/2-5-automated-machine-learning-with-gp/TPOT_Foundations.ipynb

3605 lines
259 KiB
Plaintext
Raw Blame History

{
"cells": [
{
"cell_type": "code",
"execution_count": null,
"id": "initial_id",
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"import requests\n",
"import pandas as pd\n",
"import json\n",
"\n",
"# Function to recursively normalize nested columns in a DataFrame\n",
"def recursively_normalize(data):\n",
" df = pd.json_normalize(data)\n",
" while True:\n",
" nested_cols = [col for col in df.columns if isinstance(df[col].iloc[0], (dict, list))]\n",
" if not nested_cols:\n",
" break\n",
" for col in nested_cols:\n",
" if isinstance(df[col].iloc[0], dict):\n",
" normalized = pd.json_normalize(df[col])\n",
" df = df.drop(columns=[col]).join(normalized)\n",
" elif isinstance(df[col].iloc[0], list):\n",
" df = df.explode(col)\n",
" normalized = pd.json_normalize(df[col])\n",
" df = df.drop(columns=[col]).join(normalized)\n",
" return df\n",
"\n",
"# Function to fetch the next batch using the cursor\n",
"def fetch_next_batch(cursor):\n",
" response = requests.post(\n",
" f\"{base_url}/_sql?format=json\",\n",
" headers={\"Content-Type\": \"application/json\"},\n",
" json={\"cursor\": cursor}\n",
" ).json()\n",
" return response\n",
"\n",
"# Elasticsearch base URL\n",
"base_url = \"http://192.168.20.106:9200\"\n",
"# Index name\n",
"index = \"winlogbeat-*\"\n",
"\n",
"from datetime import datetime, timedelta\n",
"\n",
"# Calculate the current time and the time one hour ago\n",
"current_time = datetime.utcnow()\n",
"one_hour_ago = current_time - timedelta(hours=1)\n",
"\n",
"# Format times in ISO8601 format as expected by Elasticsearch\n",
"current_time_iso = current_time.strftime('%Y-%m-%dT%H:%M:%SZ')\n",
"one_hour_ago_iso = one_hour_ago.strftime('%Y-%m-%dT%H:%M:%SZ')\n",
"\n",
"# SQL query with time filter\n",
"sql_query = f\"\"\"\n",
"SELECT \"@timestamp\", host.hostname, host.ip, log.level, winlog.event_id, winlog.task, message\n",
"FROM \"winlogbeat-7.10.0-2024.06.23-*\"\n",
"WHERE host.hostname = 'win10'\n",
"AND winlog.provider_name = 'Microsoft-Windows-Sysmon'\n",
"AND \"@timestamp\" >= '{one_hour_ago_iso}'\n",
"AND \"@timestamp\" <= '{current_time_iso}'\n",
"\"\"\"\n",
"\n",
"# Initial search request to start scrolling\n",
"initial_response = requests.post(\n",
" f\"{base_url}/_sql?format=json\",\n",
" headers={\"Content-Type\": \"application/json\"},\n",
" json={\n",
" \"query\": sql_query,\n",
" \"field_multi_value_leniency\": True\n",
" }\n",
").json()\n",
"\n",
"# Extract the cursor for scrolling\n",
"cursor = initial_response.get('cursor')\n",
"rows = initial_response.get('rows')\n",
"columns = [col['name'] for col in initial_response['columns']]\n",
"\n",
"# Initialize CSV file (assumes the first batch is not empty)\n",
"if rows:\n",
" df = pd.DataFrame(rows, columns=columns)\n",
" df = recursively_normalize(df.to_dict(orient='records'))\n",
" df.to_csv(\"lab_logs_blindtest_activity.csv\", mode='w', index=False, header=True)\n",
"\n",
"# Track total documents retrieved\n",
"total_documents_retrieved = len(rows)\n",
"print(f\"Retrieved {total_documents_retrieved} documents.\")\n",
"\n",
"# Loop to fetch subsequent batches of documents until no more documents are left\n",
"while cursor:\n",
" # Fetch next batch of documents using cursor\n",
" response = fetch_next_batch(cursor)\n",
" \n",
" # Update cursor for the next batch\n",
" cursor = response.get('cursor')\n",
" rows = response.get('rows')\n",
" \n",
" # If no rows, break out of the loop\n",
" if not rows:\n",
" break\n",
" \n",
" # Normalize data and append to CSV\n",
" df = pd.DataFrame(rows, columns=columns)\n",
" df = recursively_normalize(df.to_dict(orient='records'))\n",
" \n",
" # Append to CSV file without headers\n",
" df.to_csv(\"lab_logs_blindtest_activity.csv\", mode='a', index=False, header=False)\n",
" \n",
" # Convert DataFrame to JSON, line by line\n",
" json_lines = df.to_json(orient='records', lines=True).splitlines()\n",
" # Append each line to an existing JSON file\n",
" with open(\"lab_logs_blindtest_activity.json\", 'a') as file:\n",
" for line in json_lines:\n",
" file.write(line + '\\n') # Append each line and add a newline\n",
" \n",
" # Update total documents retrieved\n",
" total_documents_retrieved += len(rows)\n",
" \n",
" print(f\"Retrieved {total_documents_retrieved} documents.\")\n",
"\n",
"print(\"Files have been written.\")\n"
]
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:27:10.324996Z",
"start_time": "2024-06-23T14:27:10.066377Z"
}
},
"cell_type": "code",
"source": [
"import polars as pl\n",
"\n",
"# Define the path to your CSV file\n",
"csv_file_path = 'lab_logs_blindtest_activity.csv'\n",
"\n",
"# Load the CSV file into a DataFrame\n",
"df = pl.read_csv(csv_file_path)\n",
"\n",
"# Show the DataFrame to confirm it's loaded correctly\n",
"print(df)\n"
],
"id": "847862813f6a8c74",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"shape: (1_027, 7)\n",
"┌──────────────┬─────────────┬─────────────┬─────────────┬─────────────┬─────────────┬─────────────┐\n",
"│ @timestamp ┆ host.hostna ┆ host.ip ┆ log.level ┆ winlog.even ┆ winlog.task ┆ message │\n",
"│ --- ┆ me ┆ --- ┆ --- ┆ t_id ┆ --- ┆ --- │\n",
"│ str ┆ --- ┆ str ┆ str ┆ --- ┆ str ┆ str │\n",
"│ ┆ str ┆ ┆ ┆ i64 ┆ ┆ │\n",
"╞══════════════╪═════════════╪═════════════╪═════════════╪═════════════╪═════════════╪═════════════╡\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 10 ┆ Process ┆ Process │\n",
"│ 7:42:03.814Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ accessed ┆ accessed: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ Proces… ┆ … │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 10 ┆ Process ┆ Process │\n",
"│ 7:42:03.814Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ accessed ┆ accessed: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ Proces… ┆ … │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 1 ┆ Process ┆ Process │\n",
"│ 7:42:03.820Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ Create ┆ Create: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ ProcessC… ┆ Ut… │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 13 ┆ Registry ┆ Registry │\n",
"│ 7:42:03.846Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ value set ┆ value set: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: … │\n",
"│ ┆ ┆ ┆ ┆ ┆ Regi… ┆ │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 1 ┆ Process ┆ Process │\n",
"│ 7:42:03.864Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ Create ┆ Create: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ ProcessC… ┆ Ut… │\n",
"│ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 1 ┆ Process ┆ Process │\n",
"│ 8:35:53.050Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ Create ┆ Create: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ ProcessC… ┆ Ut… │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 10 ┆ Process ┆ Process │\n",
"│ 8:35:53.125Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ accessed ┆ accessed: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ Proces… ┆ … │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 1 ┆ Process ┆ Process │\n",
"│ 8:35:56.448Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ Create ┆ Create: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ ProcessC… ┆ Ut… │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 22 ┆ Dns query ┆ Dns query: │\n",
"│ 8:37:46.518Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ DnsQuery) ┆ UtcTime… │\n",
"│ 2024-06-23T0 ┆ win10 ┆ fe80::965b: ┆ information ┆ 1 ┆ Process ┆ Process │\n",
"│ 8:37:54.182Z ┆ ┆ 5bf2:7f22:d ┆ ┆ ┆ Create ┆ Create: │\n",
"│ ┆ ┆ 30 ┆ ┆ ┆ (rule: ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ ┆ ┆ ProcessC… ┆ Ut… │\n",
"└──────────────┴─────────────┴─────────────┴─────────────┴─────────────┴─────────────┴─────────────┘\n"
]
}
],
"execution_count": 2
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:27:15.761561Z",
"start_time": "2024-06-23T14:27:15.718703Z"
}
},
"cell_type": "code",
"source": [
"import polars as pl\n",
"\n",
"def remove_keyword_lines(batch, keywords):\n",
" def modify_line(line):\n",
" # Check each keyword; filter the line if the keyword is at the start followed by a colon\n",
" for keyword in keywords:\n",
" if line.startswith(f\"{keyword}:\"):\n",
" # Special handling for 'User' keyword\n",
" if keyword == 'User':\n",
" parts = line.split('\\\\')\n",
" if len(parts) > 1:\n",
" return f\"User: {parts[1]}\" # Only keep the part after the backslash\n",
" elif keyword == 'SourceHostname':\n",
" parts = line.split('.')\n",
" if len(parts) > 0:\n",
" return f\"{keyword}: {parts[0].split(': ')[1]}\" # Only keep the part before the first dot, remove keyword duplication\n",
" return None # For other keywords, remove the line altogether\n",
" return line # Return the line unchanged if no keyword conditions are met\n",
"\n",
" # Use map_elements to apply a function to each message in the batch\n",
" return batch.map_elements(lambda message: '\\n'.join(\n",
" filter(None, (modify_line(line) for line in message.split('\\n')))), \n",
" return_dtype=pl.Utf8)\n",
"\n",
"\n",
"\n",
"\n",
"# Define a list of keywords to filter out\n",
"keywords_to_filter = [\"UtcTime\", \"SourceProcessGUID\",\"ProcessGuid\", \"TargetProcessGUID\", \"TargetObject\", \"FileVersion\", \"Hashes\", \"LogonGuid\", \"LogonId\", \"CreationUtcTime\", \"User\", \"ParentProcessGuid\", \"SourceHostname\"]\n",
"\n",
"\n",
"# Load your DataFrame (assuming 'df' is already loaded)\n",
"# Apply the transformation to the 'message' column using map_batches\n",
"df_f = df.with_columns(\n",
" pl.col(\"message\").map_batches(lambda batch: remove_keyword_lines(batch, keywords_to_filter), return_dtype=pl.Utf8).alias(\"filtered_message\")\n",
")\n",
"\n",
"# Assuming df_f is your DataFrame with the 'filtered_message' column\n",
"# Fetch the first three rows from the 'filtered_message' column\n",
"first_messages = df_f[\"filtered_message\"].head(200)\n",
"\n",
"# Print each message completely\n",
"for i, message in enumerate(first_messages):\n",
" print(f\"Message {i+1}:\")\n",
" print(message)\n",
" print(\"-\" * 50) # Separator for readability\n"
],
"id": "fc93fe038bcb00c5",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Message 1:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 2:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 3:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 5196\n",
"Image: C:\\Windows\\servicing\\TrustedInstaller.exe\n",
"Description: Windows Modules Installer\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: TrustedInstaller.exe\n",
"CommandLine: C:\\Windows\\servicing\\TrustedInstaller.exe\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 824\n",
"ParentImage: C:\\Windows\\System32\\services.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\services.exe\n",
"--------------------------------------------------\n",
"Message 4:\n",
"Registry value set:\n",
"RuleName: Tamper-Winlogon\n",
"EventType: SetValue\n",
"ProcessId: 5196\n",
"Image: C:\\Windows\\servicing\\TrustedInstaller.exe\n",
"Details: CreateSession\n",
"--------------------------------------------------\n",
"Message 5:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 6140\n",
"Image: C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2664_none_7dfa24947c9c0a36\\TiWorker.exe\n",
"Description: Windows Modules Installer Worker\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: TiWorker.exe\n",
"CommandLine: C:\\Windows\\winsxs\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2664_none_7dfa24947c9c0a36\\TiWorker.exe -Embedding\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 1000\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p\n",
"--------------------------------------------------\n",
"Message 6:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 2036\n",
"Image: C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\MicrosoftEdgeUpdate.exe\n",
"Description: Microsoft Edge Update\n",
"Product: Microsoft Edge Update\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: msedgeupdate.dll\n",
"CommandLine: \"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\MicrosoftEdgeUpdate.exe\" /c\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 7:\n",
"Dns query:\n",
"RuleName: -\n",
"ProcessId: 3508\n",
"QueryName: ncc.avast.com\n",
"QueryStatus: 0\n",
"QueryResults: type: 5 ncc.avast.com.edgesuite.net;type: 5 a1488.dscd.akamai.net;::ffff:23.72.36.187;::ffff:23.72.36.112;\n",
"Image: C:\\Program Files\\Avast Software\\Avast\\aswToolsSvc.exe\n",
"--------------------------------------------------\n",
"Message 8:\n",
"Dns query:\n",
"RuleName: -\n",
"ProcessId: 4592\n",
"QueryName: ecs.office.com\n",
"QueryStatus: 0\n",
"QueryResults: type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;\n",
"Image: C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeC2RClient.exe\n",
"--------------------------------------------------\n",
"Message 9:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4492\n",
"Image: C:\\Windows\\System32\\taskhostw.exe\n",
"Description: Host Process for Windows Tasks\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: taskhostw.exe\n",
"CommandLine: taskhostw.exe\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 10:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 2788\n",
"Image: C:\\Windows\\System32\\WinBioPlugIns\\FaceFodUninstaller.exe\n",
"Description: -\n",
"Product: -\n",
"Company: -\n",
"OriginalFileName: -\n",
"CommandLine: \"C:\\Windows\\System32\\WinBioPlugIns\\FaceFodUninstaller.exe\"\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 11:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 6472\n",
"Image: C:\\Windows\\System32\\lpremove.exe\n",
"Description: MUI Language pack cleanup\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: lpremove.exe\n",
"CommandLine: \"C:\\Windows\\system32\\lpremove.exe\"\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 12:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 6104\n",
"Image: C:\\Windows\\System32\\UsoClient.exe\n",
"Description: UsoClient\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: UsoClient\n",
"CommandLine: \"C:\\Windows\\system32\\usoclient.exe\" ReportPolicies\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 13:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 14:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 15:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 16:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 17:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4324\n",
"Image: C:\\Windows\\System32\\sc.exe\n",
"Description: Service Control Manager Configuration Tool\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: sc.exe\n",
"CommandLine: \"C:\\Windows\\system32\\sc.exe\" start w32time task_started\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: LOCAL SERVICE\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 18:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 19:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 20:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 21:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 22:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 5828\n",
"Image: C:\\Windows\\System32\\taskhostw.exe\n",
"Description: Host Process for Windows Tasks\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: taskhostw.exe\n",
"CommandLine: taskhostw.exe\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: LOCAL SERVICE\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 23:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4996\n",
"Image: C:\\Windows\\System32\\rundll32.exe\n",
"Description: Windows host process (Rundll32)\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: RUNDLL32.EXE\n",
"CommandLine: \"C:\\Windows\\system32\\rundll32.exe\" C:\\Windows\\system32\\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 24:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 5376\n",
"Image: C:\\Windows\\System32\\Defrag.exe\n",
"Description: Disk Defragmenter Module\n",
"Product: Windows Drive Optimizer\n",
"Company: Microsoft Corp.\n",
"OriginalFileName: Defrag.EXE\n",
"CommandLine: \"C:\\Windows\\system32\\defrag.exe\" -c -h -o -$\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 25:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4240\n",
"Image: C:\\Windows\\System32\\dmclient.exe\n",
"Description: Microsoft Feedback SIUF Deployment Manager Client\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: dmclient.exe\n",
"CommandLine: \"C:\\Windows\\system32\\dmclient.exe\"\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 26:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 27:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 28:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4980\n",
"Image: C:\\Windows\\System32\\tzsync.exe\n",
"Description: TimeZone Sync Task\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: tzsync.exe\n",
"CommandLine: \"C:\\Windows\\system32\\tzsync.exe\"\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 29:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 1528\n",
"Image: C:\\Windows\\System32\\DiskSnapshot.exe\n",
"Description: DiskSnapshot.exe\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: DiskSnapshot.exe\n",
"CommandLine: \"C:\\Windows\\system32\\disksnapshot.exe\" -z\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 30:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 2384\n",
"Image: C:\\Windows\\System32\\rundll32.exe\n",
"Description: Windows host process (Rundll32)\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: RUNDLL32.EXE\n",
"CommandLine: \"C:\\Windows\\system32\\rundll32.exe\" Windows.Storage.ApplicationData.dll,CleanupTemporaryState\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 31:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 5156\n",
"Image: C:\\Windows\\System32\\dstokenclean.exe\n",
"Description: Data Sharing Service Maintenance Driver\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: dstokenclean.exe\n",
"CommandLine: \"C:\\Windows\\system32\\dstokenclean.exe\"\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 32:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 33:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 34:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 5632\n",
"Image: C:\\Windows\\System32\\svchost.exe\n",
"Description: Host Process for Windows Services\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: svchost.exe\n",
"CommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s wisvc\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 824\n",
"ParentImage: C:\\Windows\\System32\\services.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\services.exe\n",
"--------------------------------------------------\n",
"Message 35:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 2388\n",
"Image: C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ngentask.exe\n",
"Description: Microsoft .NET Framework optimization service\n",
"Product: Microsoft® .NET Framework\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: NGenTask.exe\n",
"CommandLine: \"C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\NGenTask.exe\" /RuntimeWide /StopEvent:480\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 4492\n",
"ParentImage: C:\\Windows\\System32\\taskhostw.exe\n",
"ParentCommandLine: taskhostw.exe\n",
"--------------------------------------------------\n",
"Message 36:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 6460\n",
"Image: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ngentask.exe\n",
"Description: Microsoft .NET Framework optimization service\n",
"Product: Microsoft® .NET Framework\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: NGenTask.exe\n",
"CommandLine: \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\NGenTask.exe\" /RuntimeWide /StopEvent:1132\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 4492\n",
"ParentImage: C:\\Windows\\System32\\taskhostw.exe\n",
"ParentCommandLine: taskhostw.exe\n",
"--------------------------------------------------\n",
"Message 37:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 38:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 39:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4292\n",
"Image: C:\\Windows\\System32\\svchost.exe\n",
"Description: Host Process for Windows Services\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: svchost.exe\n",
"CommandLine: C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 824\n",
"ParentImage: C:\\Windows\\System32\\services.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\services.exe\n",
"--------------------------------------------------\n",
"Message 40:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 41:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 42:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 43:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 44:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 45:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 46:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 47:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1096\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 48:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4196\n",
"Image: C:\\Windows\\System32\\Speech_OneCore\\common\\SpeechModelDownload.exe\n",
"Description: Speech Model Download Executable\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: SpeechModelDownload.exe\n",
"CommandLine: \"C:\\Windows\\system32\\speech_onecore\\common\\SpeechModelDownload.exe\"\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: NETWORK SERVICE\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 49:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 5472\n",
"Image: C:\\Windows\\System32\\taskhostw.exe\n",
"Description: Host Process for Windows Tasks\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: taskhostw.exe\n",
"CommandLine: taskhostw.exe -IntegrityCheck\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 50:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 3320\n",
"Image: C:\\Windows\\System32\\rundll32.exe\n",
"Description: Windows host process (Rundll32)\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: RUNDLL32.EXE\n",
"CommandLine: \"C:\\Windows\\system32\\rundll32.exe\" sysmain.dll,PfSvWsSwapAssessmentTask\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 51:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 52:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 53:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 54:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 55:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 56:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 57:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 1184\n",
"Image: C:\\Windows\\System32\\WinSAT.exe\n",
"Description: Windows System Assessment Tool\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: WinSAT.exe\n",
"CommandLine: \"C:\\Windows\\system32\\winsat.exe\" disk -wsswap\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 3320\n",
"ParentImage: C:\\Windows\\System32\\rundll32.exe\n",
"ParentCommandLine: \"C:\\Windows\\system32\\rundll32.exe\" sysmain.dll,PfSvWsSwapAssessmentTask\n",
"--------------------------------------------------\n",
"Message 58:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 3720\n",
"Image: C:\\Windows\\System32\\Defrag.exe\n",
"Description: Disk Defragmenter Module\n",
"Product: Windows Drive Optimizer\n",
"Company: Microsoft Corp.\n",
"OriginalFileName: Defrag.EXE\n",
"CommandLine: \"C:\\Windows\\system32\\defrag.exe\" -p 8a4 -s 0000000000000160 -b -OnlyPreferred C:\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2212\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain\n",
"--------------------------------------------------\n",
"Message 59:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+11918|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 60:\n",
"Process accessed:\n",
"RuleName: -\n",
"SourceProcessId: 1072\n",
"SourceThreadId: 1132\n",
"SourceImage: C:\\Windows\\system32\\svchost.exe\n",
"TargetProcessId: 872\n",
"TargetImage: C:\\Windows\\system32\\lsass.exe\n",
"GrantedAccess: 0x1000\n",
"CallTrace: C:\\Windows\\SYSTEM32\\ntdll.dll+9d584|C:\\Windows\\System32\\KERNELBASE.dll+69f06|c:\\windows\\system32\\lsm.dll+e7f8|c:\\windows\\system32\\lsm.dll+dc6b|c:\\windows\\system32\\lsm.dll+11a1e|C:\\Windows\\System32\\RPCRT4.dll+799e3|C:\\Windows\\System32\\RPCRT4.dll+dd77b|C:\\Windows\\System32\\RPCRT4.dll+5ce8c|C:\\Windows\\System32\\RPCRT4.dll+59ee8|C:\\Windows\\System32\\RPCRT4.dll+39fa6|C:\\Windows\\System32\\RPCRT4.dll+398f8|C:\\Windows\\System32\\RPCRT4.dll+4766f|C:\\Windows\\System32\\RPCRT4.dll+46a78|C:\\Windows\\System32\\RPCRT4.dll+46061|C:\\Windows\\System32\\RPCRT4.dll+45ace|C:\\Windows\\System32\\RPCRT4.dll+4a1a2|C:\\Windows\\SYSTEM32\\ntdll.dll+20330|C:\\Windows\\SYSTEM32\\ntdll.dll+52f76|C:\\Windows\\System32\\KERNEL32.DLL+17614|C:\\Windows\\SYSTEM32\\ntdll.dll+526a1\n",
"--------------------------------------------------\n",
"Message 61:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\student_ladm\\appdata\\local\\microsoft\\teams\\previous\\squirrel.exe\n",
"--------------------------------------------------\n",
"Message 62:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 63:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 08/28/2020 18:31:14\n",
"--------------------------------------------------\n",
"Message 64:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 1.10.54.0\n",
"--------------------------------------------------\n",
"Message 65:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\student_ladm\\appdata\\local\\microsoft\\teams\\stage\\squirrel.exe\n",
"--------------------------------------------------\n",
"Message 66:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 67:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 08/15/2022 18:11:47\n",
"--------------------------------------------------\n",
"Message 68:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 3.3.0.0\n",
"--------------------------------------------------\n",
"Message 69:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\student_ladm\\appdata\\local\\microsoft\\teams\\current\\squirrel.exe\n",
"--------------------------------------------------\n",
"Message 70:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 71:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 02/03/2022 01:00:13\n",
"--------------------------------------------------\n",
"Message 72:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 3.0.1.0\n",
"--------------------------------------------------\n",
"Message 73:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\teams\\current\\teams.exe\n",
"--------------------------------------------------\n",
"Message 74:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 75:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 04/21/2020 14:21:06\n",
"--------------------------------------------------\n",
"Message 76:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 1.3.0.28779\n",
"--------------------------------------------------\n",
"Message 77:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\teams\\update.exe\n",
"--------------------------------------------------\n",
"Message 78:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 79:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 08/28/2020 18:31:14\n",
"--------------------------------------------------\n",
"Message 80:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 1.10.54.0\n",
"--------------------------------------------------\n",
"Message 81:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: Microsoft Corporation\n",
"--------------------------------------------------\n",
"Message 82:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\cookie_exporter.exe\n",
"--------------------------------------------------\n",
"Message 83:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 84:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 85:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 86:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\elevation_service.exe\n",
"--------------------------------------------------\n",
"Message 87:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 88:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 89:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 90:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\identity_helper.exe\n",
"--------------------------------------------------\n",
"Message 91:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 92:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 93:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 94:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\bho\\ie_to_edge_stub.exe\n",
"--------------------------------------------------\n",
"Message 95:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 96:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 97:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 98:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\msedge.exe\n",
"--------------------------------------------------\n",
"Message 99:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 100:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 101:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 102:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\msedgewebview2.exe\n",
"--------------------------------------------------\n",
"Message 103:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 104:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 105:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 106:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\msedge_proxy.exe\n",
"--------------------------------------------------\n",
"Message 107:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 108:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 109:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 110:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\msedge_pwa_launcher.exe\n",
"--------------------------------------------------\n",
"Message 111:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 112:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 113:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 114:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\notification_helper.exe\n",
"--------------------------------------------------\n",
"Message 115:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 116:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 117:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 118:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\pwahelper.exe\n",
"--------------------------------------------------\n",
"Message 119:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 120:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 121:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 122:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edgewebview\\application\\126.0.2592.68\\installer\\setup.exe\n",
"--------------------------------------------------\n",
"Message 123:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 124:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 125:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 126:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: Microsoft Corporation\n",
"--------------------------------------------------\n",
"Message 127:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\teams\\current\\squirrel.exe\n",
"--------------------------------------------------\n",
"Message 128:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 129:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 08/28/2020 18:31:14\n",
"--------------------------------------------------\n",
"Message 130:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 1.10.54.0\n",
"--------------------------------------------------\n",
"Message 131:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\cookie_exporter.exe\n",
"--------------------------------------------------\n",
"Message 132:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 133:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 134:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 135:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\elevation_service.exe\n",
"--------------------------------------------------\n",
"Message 136:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 137:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 138:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 139:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\identity_helper.exe\n",
"--------------------------------------------------\n",
"Message 140:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 141:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 142:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 143:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\bho\\ie_to_edge_stub.exe\n",
"--------------------------------------------------\n",
"Message 144:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 145:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 146:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 147:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\msedge.exe\n",
"--------------------------------------------------\n",
"Message 148:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 149:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 150:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 151:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\msedgewebview2.exe\n",
"--------------------------------------------------\n",
"Message 152:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 153:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 154:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 155:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\msedge_proxy.exe\n",
"--------------------------------------------------\n",
"Message 156:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 157:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 158:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 159:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\msedge_pwa_launcher.exe\n",
"--------------------------------------------------\n",
"Message 160:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 161:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 162:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 163:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\notification_click_helper.exe\n",
"--------------------------------------------------\n",
"Message 164:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 165:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 166:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 167:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\notification_helper.exe\n",
"--------------------------------------------------\n",
"Message 168:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 169:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 170:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 171:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\pwahelper.exe\n",
"--------------------------------------------------\n",
"Message 172:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 173:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 174:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 175:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\program files (x86)\\microsoft\\edge\\application\\126.0.2592.68\\installer\\setup.exe\n",
"--------------------------------------------------\n",
"Message 176:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 177:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 06/19/2024 23:34:22\n",
"--------------------------------------------------\n",
"Message 178:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 126.0.2592.68\n",
"--------------------------------------------------\n",
"Message 179:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: Microsoft Corporation\n",
"--------------------------------------------------\n",
"Message 180:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\onedrive\\21.220.1024.0005\\onedrivesetup.exe\n",
"--------------------------------------------------\n",
"Message 181:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 182:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 04/29/2042 07:55:35\n",
"--------------------------------------------------\n",
"Message 183:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 21.220.1024.5\n",
"--------------------------------------------------\n",
"Message 184:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\onedrive\\21.220.1024.0005\\onedriveupdaterservice.exe\n",
"--------------------------------------------------\n",
"Message 185:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 186:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 01/30/2009 20:46:00\n",
"--------------------------------------------------\n",
"Message 187:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 21.220.1024.5\n",
"--------------------------------------------------\n",
"Message 188:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: Microsoft Corporation\n",
"--------------------------------------------------\n",
"Message 189:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 5488\n",
"Image: C:\\Windows\\System32\\taskhostw.exe\n",
"Description: Host Process for Windows Tasks\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: taskhostw.exe\n",
"CommandLine: taskhostw.exe\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 190:\n",
"Process Create:\n",
"RuleName: -\n",
"ProcessId: 4728\n",
"Image: C:\\Windows\\System32\\SrTasks.exe\n",
"Description: Microsoft® Windows System Protection background tasks.\n",
"Product: Microsoft® Windows® Operating System\n",
"Company: Microsoft Corporation\n",
"OriginalFileName: srtasks.exe\n",
"CommandLine: \"C:\\Windows\\system32\\srtasks.exe\" ExecuteScheduledSPPCreation\n",
"CurrentDirectory: C:\\Windows\\system32\\\n",
"User: SYSTEM\n",
"TerminalSessionId: 0\n",
"IntegrityLevel: System\n",
"ParentProcessId: 2024\n",
"ParentImage: C:\\Windows\\System32\\svchost.exe\n",
"ParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n",
"--------------------------------------------------\n",
"Message 191:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\onedrive\\21.220.1024.0005\\filecoauth.exe\n",
"--------------------------------------------------\n",
"Message 192:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 193:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 09/04/1976 00:39:52\n",
"--------------------------------------------------\n",
"Message 194:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 21.220.1024.5\n",
"--------------------------------------------------\n",
"Message 195:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\onedrive\\21.220.1024.0005\\filesyncconfig.exe\n",
"--------------------------------------------------\n",
"Message 196:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n",
"Message 197:\n",
"Registry value set:\n",
"RuleName: InvDB-CompileTimeClaim\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 02/11/2005 13:45:08\n",
"--------------------------------------------------\n",
"Message 198:\n",
"Registry value set:\n",
"RuleName: InvDB-Ver\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: 21.220.1024.5\n",
"--------------------------------------------------\n",
"Message 199:\n",
"Registry value set:\n",
"RuleName: InvDB-Path\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: c:\\users\\ansible\\appdata\\local\\microsoft\\onedrive\\21.220.1024.0005\\filesynchelper.exe\n",
"--------------------------------------------------\n",
"Message 200:\n",
"Registry value set:\n",
"RuleName: InvDB-Pub\n",
"EventType: SetValue\n",
"ProcessId: 2156\n",
"Image: C:\\Windows\\system32\\CompatTelRunner.exe\n",
"Details: microsoft corporation\n",
"--------------------------------------------------\n"
]
}
],
"execution_count": 3
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:27:52.793229Z",
"start_time": "2024-06-23T14:27:52.788792Z"
}
},
"cell_type": "code",
"source": [
"# Assuming df_f is your modified DataFrame with all necessary columns including 'filtered_message'\n",
"# Select specific columns from the DataFrame\n",
"selected_columns_df = df_f.select([\"log.level\", \"winlog.event_id\", \"winlog.task\",\"filtered_message\"])\n",
"\n",
"# Write the selected columns to a CSV file\n",
"selected_columns_df.write_csv('lab_logs_blindtest_activity_filtered.csv')\n"
],
"id": "ff54936e81a933fd",
"outputs": [],
"execution_count": 5
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:27:53.905616Z",
"start_time": "2024-06-23T14:27:53.898061Z"
}
},
"cell_type": "code",
"source": "selected_columns_df.head(5)",
"id": "da3c38ca8c474ba",
"outputs": [
{
"data": {
"text/plain": [
"shape: (5, 4)\n",
"┌─────────────┬─────────────────┬─────────────────────────────────┬─────────────────────┐\n",
"│ log.level ┆ winlog.event_id ┆ winlog.task ┆ filtered_message │\n",
"│ --- ┆ --- ┆ --- ┆ --- │\n",
"│ str ┆ i64 ┆ str ┆ str │\n",
"╞═════════════╪═════════════════╪═════════════════════════════════╪═════════════════════╡\n",
"│ information ┆ 10 ┆ Process accessed (rule: Proces… ┆ Process accessed: │\n",
"│ ┆ ┆ ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ … │\n",
"│ information ┆ 10 ┆ Process accessed (rule: Proces… ┆ Process accessed: │\n",
"│ ┆ ┆ ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ … │\n",
"│ information ┆ 1 ┆ Process Create (rule: ProcessC… ┆ Process Create: │\n",
"│ ┆ ┆ ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ Pr… │\n",
"│ information ┆ 13 ┆ Registry value set (rule: Regi… ┆ Registry value set: │\n",
"│ ┆ ┆ ┆ RuleName: … │\n",
"│ information ┆ 1 ┆ Process Create (rule: ProcessC… ┆ Process Create: │\n",
"│ ┆ ┆ ┆ RuleName: - │\n",
"│ ┆ ┆ ┆ Pr… │\n",
"└─────────────┴─────────────────┴─────────────────────────────────┴─────────────────────┘"
],
"text/html": [
"<div><style>\n",
".dataframe > thead > tr,\n",
".dataframe > tbody > tr {\n",
" text-align: right;\n",
" white-space: pre-wrap;\n",
"}\n",
"</style>\n",
"<small>shape: (5, 4)</small><table border=\"1\" class=\"dataframe\"><thead><tr><th>log.level</th><th>winlog.event_id</th><th>winlog.task</th><th>filtered_message</th></tr><tr><td>str</td><td>i64</td><td>str</td><td>str</td></tr></thead><tbody><tr><td>&quot;information&quot;</td><td>10</td><td>&quot;Process accessed (rule: Proces…</td><td>&quot;Process accessed:\n",
"RuleName: -\n",
"…</td></tr><tr><td>&quot;information&quot;</td><td>10</td><td>&quot;Process accessed (rule: Proces…</td><td>&quot;Process accessed:\n",
"RuleName: -\n",
"…</td></tr><tr><td>&quot;information&quot;</td><td>1</td><td>&quot;Process Create (rule: ProcessC…</td><td>&quot;Process Create:\n",
"RuleName: -\n",
"Pr…</td></tr><tr><td>&quot;information&quot;</td><td>13</td><td>&quot;Registry value set (rule: Regi…</td><td>&quot;Registry value set:\n",
"RuleName: …</td></tr><tr><td>&quot;information&quot;</td><td>1</td><td>&quot;Process Create (rule: ProcessC…</td><td>&quot;Process Create:\n",
"RuleName: -\n",
"Pr…</td></tr></tbody></table></div>"
]
},
"execution_count": 6,
"metadata": {},
"output_type": "execute_result"
}
],
"execution_count": 6
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:28:18.658902Z",
"start_time": "2024-06-23T14:28:18.654894Z"
}
},
"cell_type": "code",
"source": [
"# Assuming 'selected_columns_df' is your existing DataFrame\n",
"# Create an index series directly\n",
"index_series = pl.Series(\"index\", range(selected_columns_df.height))\n",
"\n",
"# Insert the index series as the first column using the recommended method\n",
"selected_columns_df = selected_columns_df.insert_column(0, index_series)\n",
"\n",
"# Write the DataFrame to a CSV file, including the new index column\n",
"selected_columns_df.write_csv('lab_logs_blindtest_activity_filtered.csv')\n"
],
"id": "35cd4cc645761608",
"outputs": [],
"execution_count": 7
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T13:45:49.429720Z",
"start_time": "2024-06-23T13:43:42.591856Z"
}
},
"cell_type": "code",
"source": "%conda install numpy scipy scikit-learn pandas joblib pytorch",
"id": "b3f6a7f89fb1f92e",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Retrieving notices: ...working... done\r\n",
"Channels:\r\n",
" - defaults\r\n",
" - conda-forge\r\n",
"Platform: osx-64\r\n",
"Collecting package metadata (repodata.json): done\r\n",
"Solving environment: done\r\n",
"\r\n",
"## Package Plan ##\r\n",
"\r\n",
" environment location: /Users/mc/anaconda3\r\n",
"\r\n",
" added / updated specs:\r\n",
" - joblib\r\n",
" - numpy\r\n",
" - pandas\r\n",
" - pytorch\r\n",
" - scikit-learn\r\n",
" - scipy\r\n",
"\r\n",
"\r\n",
"The following packages will be downloaded:\r\n",
"\r\n",
" package | build\r\n",
" ---------------------------|-----------------\r\n",
" joblib-1.4.2 | py311hecd8cb5_0 532 KB\r\n",
" openpyxl-3.1.2 | py311h6c40b1e_0 644 KB\r\n",
" pandas-2.2.2 | py311he327ffe_0 14.9 MB\r\n",
" pytorch-2.3.0 |cpu_py311hfffa08c_0 61.7 MB\r\n",
" ------------------------------------------------------------\r\n",
" Total: 77.7 MB\r\n",
"\r\n",
"The following NEW packages will be INSTALLED:\r\n",
"\r\n",
" gmp pkgs/main/osx-64::gmp-6.2.1-he9d5cce_3 \r\n",
" gmpy2 pkgs/main/osx-64::gmpy2-2.1.2-py311h1c2e9e1_0 \r\n",
" mpc pkgs/main/osx-64::mpc-1.1.0-h6ef4df4_1 \r\n",
" mpfr pkgs/main/osx-64::mpfr-4.0.2-h9066e36_1 \r\n",
" mpmath pkgs/main/osx-64::mpmath-1.3.0-py311hecd8cb5_0 \r\n",
" numexpr pkgs/main/osx-64::numexpr-2.8.7-py311h91b6869_0 \r\n",
" pandas pkgs/main/osx-64::pandas-2.2.2-py311he327ffe_0 \r\n",
" pytorch pkgs/main/osx-64::pytorch-2.3.0-cpu_py311hfffa08c_0 \r\n",
" sympy pkgs/main/osx-64::sympy-1.12-py311hecd8cb5_0 \r\n",
"\r\n",
"The following packages will be UPDATED:\r\n",
"\r\n",
" joblib 1.2.0-py311hecd8cb5_0 --> 1.4.2-py311hecd8cb5_0 \r\n",
" openpyxl 3.0.10-py311h6c40b1e_0 --> 3.1.2-py311h6c40b1e_0 \r\n",
"\r\n",
"\r\n",
"\r\n",
"Downloading and Extracting Packages:\r\n",
"pytorch-2.3.0 | 61.7 MB | | 0% \r\n",
"pandas-2.2.2 | 14.9 MB | | 0% \u001B[A\r\n",
"\r\n",
"openpyxl-3.1.2 | 644 KB | | 0% \u001B[A\u001B[A\r\n",
"\r\n",
"\r\n",
"joblib-1.4.2 | 532 KB | | 0% \u001B[A\u001B[A\u001B[A\r\n",
"\r\n",
"openpyxl-3.1.2 | 644 KB | 9 | 2% \u001B[A\u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | | 0% \u001B[A\r\n",
"\r\n",
"\r\n",
"pytorch-2.3.0 | 61.7 MB | | 0% \u001B[A\u001B[A\u001B[A\r\n",
"\r\n",
"openpyxl-3.1.2 | 644 KB | ########2 | 22% \u001B[A\u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | 3 | 1% \u001B[A\r\n",
"\r\n",
"\r\n",
"pytorch-2.3.0 | 61.7 MB | | 0% \u001B[A\u001B[A\u001B[A\r\n",
"\r\n",
"openpyxl-3.1.2 | 644 KB | #####################1 | 57% \u001B[A\u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | 7 | 2% \u001B[A\r\n",
"\r\n",
"\r\n",
"pytorch-2.3.0 | 61.7 MB | 1 | 0% \u001B[A\u001B[A\u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | #1 | 3% \u001B[A\r\n",
"\r\n",
"openpyxl-3.1.2 | 644 KB | ################################1 | 87% \u001B[A\u001B[A\r\n",
"\r\n",
"\r\n",
"pytorch-2.3.0 | 61.7 MB | 2 | 1% \u001B[A\u001B[A\u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | 4 | 1% \u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | ###4 | 9% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | 6 | 2% \u001B[A\r\n",
"\r\n",
"\r\n",
"joblib-1.4.2 | 532 KB | ##################################### | 100% \u001B[A\u001B[A\u001B[A\r\n",
"\r\n",
"\r\n",
"joblib-1.4.2 | 532 KB | ##################################### | 100% \u001B[A\u001B[A\u001B[A\r\n",
"\r\n",
"pytorch-2.3.0 | 61.7 MB | 7 | 2% \u001B[A\u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | 8 | 2% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | #1 | 3% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | #3 | 4% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | #4 | 4% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | #9 | 5% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | ##1 | 6% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | ##4 | 7% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | ##8 | 8% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | ### | 8% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | ###4 | 9% \u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | ######################## | 65% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | #### | 11% \u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | ############################# | 78% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | ####5 | 12% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | #####1 | 14% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | #####3 | 15% \u001B[A\r\n",
"pytorch-2.3.0 | 61.7 MB | ############1 | 33% \u001B[A\r\n",
"pandas-2.2.2 | 14.9 MB | ##################################### | 100% \u001B[A\r\n",
" \u001B[A\r\n",
" \u001B[A\r\n",
"\r\n",
" \u001B[A\u001B[A\r\n",
"\r\n",
"\r\n",
" \u001B[A\u001B[A\u001B[A\r\n",
"Preparing transaction: done\r\n",
"Verifying transaction: done\r\n",
"Executing transaction: done\r\n",
"\n",
"Note: you may need to restart the kernel to use updated packages.\n"
]
}
],
"execution_count": 62
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T13:56:10.774237Z",
"start_time": "2024-06-23T13:55:53.417184Z"
}
},
"cell_type": "code",
"source": "%pip install deap update_checker tqdm stopit xgboost",
"id": "47de32d351fad54f",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Collecting deap\r\n",
" Downloading deap-1.4.1.tar.gz (1.1 MB)\r\n",
"\u001B[2K \u001B[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001B[0m \u001B[32m1.1/1.1 MB\u001B[0m \u001B[31m3.3 MB/s\u001B[0m eta \u001B[36m0:00:00\u001B[0m00:01\u001B[0m00:01\u001B[0m0m\r\n",
"\u001B[?25h Preparing metadata (setup.py) ... \u001B[?25ldone\r\n",
"\u001B[?25hCollecting update_checker\r\n",
" Downloading update_checker-0.18.0-py3-none-any.whl.metadata (2.3 kB)\r\n",
"Requirement already satisfied: tqdm in /Users/mc/anaconda3/lib/python3.11/site-packages (4.65.0)\r\n",
"Collecting stopit\r\n",
" Downloading stopit-1.1.2.tar.gz (18 kB)\r\n",
" Preparing metadata (setup.py) ... \u001B[?25ldone\r\n",
"\u001B[?25hRequirement already satisfied: xgboost in /Users/mc/anaconda3/lib/python3.11/site-packages (2.0.3)\r\n",
"Requirement already satisfied: numpy in /Users/mc/anaconda3/lib/python3.11/site-packages (from deap) (1.26.4)\r\n",
"Requirement already satisfied: requests>=2.3.0 in /Users/mc/anaconda3/lib/python3.11/site-packages (from update_checker) (2.31.0)\r\n",
"Requirement already satisfied: scipy in /Users/mc/anaconda3/lib/python3.11/site-packages (from xgboost) (1.10.0)\r\n",
"Requirement already satisfied: charset-normalizer<4,>=2 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update_checker) (2.0.4)\r\n",
"Requirement already satisfied: idna<4,>=2.5 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update_checker) (3.4)\r\n",
"Requirement already satisfied: urllib3<3,>=1.21.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update_checker) (2.0.7)\r\n",
"Requirement already satisfied: certifi>=2017.4.17 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update_checker) (2024.6.2)\r\n",
"Downloading update_checker-0.18.0-py3-none-any.whl (7.0 kB)\r\n",
"Building wheels for collected packages: deap, stopit\r\n",
" Building wheel for deap (setup.py) ... \u001B[?25ldone\r\n",
"\u001B[?25h Created wheel for deap: filename=deap-1.4.1-cp311-cp311-macosx_10_9_x86_64.whl size=104125 sha256=f96288a3d78b5805d248bd7b3b208fde1cc034141a602688c3fda474dd70351f\r\n",
" Stored in directory: /Users/mc/Library/Caches/pip/wheels/f8/64/b8/65eacfbff3024ae2e2beb22e691d5c8abb89fbd863b8049b5f\r\n",
" Building wheel for stopit (setup.py) ... \u001B[?25ldone\r\n",
"\u001B[?25h Created wheel for stopit: filename=stopit-1.1.2-py3-none-any.whl size=11939 sha256=97f0cca9a0cd37dfe9b6f44dd8ab496a305c15a23e1b1f61fb45480eb31d7968\r\n",
" Stored in directory: /Users/mc/Library/Caches/pip/wheels/da/77/2d/adbc56bc4db95ad80c6d4e71cd69e2d9d122174904342e3f7f\r\n",
"Successfully built deap stopit\r\n",
"Installing collected packages: stopit, deap, update_checker\r\n",
"Successfully installed deap-1.4.1 stopit-1.1.2 update_checker-0.18.0\r\n",
"Note: you may need to restart the kernel to use updated packages.\n"
]
}
],
"execution_count": 63
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:01:04.898242Z",
"start_time": "2024-06-23T14:00:53.155446Z"
}
},
"cell_type": "code",
"source": "%pip install tpot",
"id": "737d462c559936e2",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Collecting tpot\r\n",
" Downloading TPOT-0.12.2-py3-none-any.whl.metadata (2.0 kB)\r\n",
"Requirement already satisfied: numpy>=1.16.3 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (1.26.4)\r\n",
"Requirement already satisfied: scipy>=1.3.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (1.10.0)\r\n",
"Collecting scikit-learn>=1.4.1 (from tpot)\r\n",
" Downloading scikit_learn-1.5.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata (11 kB)\r\n",
"Requirement already satisfied: deap>=1.2 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (1.4.1)\r\n",
"Requirement already satisfied: update-checker>=0.16 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (0.18.0)\r\n",
"Requirement already satisfied: tqdm>=4.36.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (4.65.0)\r\n",
"Requirement already satisfied: stopit>=1.1.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (1.1.2)\r\n",
"Requirement already satisfied: pandas>=0.24.2 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (2.2.2)\r\n",
"Requirement already satisfied: joblib>=0.13.2 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (1.4.2)\r\n",
"Requirement already satisfied: xgboost>=1.1.0 in /Users/mc/anaconda3/lib/python3.11/site-packages (from tpot) (2.0.3)\r\n",
"Requirement already satisfied: python-dateutil>=2.8.2 in /Users/mc/anaconda3/lib/python3.11/site-packages (from pandas>=0.24.2->tpot) (2.8.2)\r\n",
"Requirement already satisfied: pytz>=2020.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from pandas>=0.24.2->tpot) (2023.3.post1)\r\n",
"Requirement already satisfied: tzdata>=2022.7 in /Users/mc/anaconda3/lib/python3.11/site-packages (from pandas>=0.24.2->tpot) (2023.3)\r\n",
"Collecting threadpoolctl>=3.1.0 (from scikit-learn>=1.4.1->tpot)\r\n",
" Downloading threadpoolctl-3.5.0-py3-none-any.whl.metadata (13 kB)\r\n",
"Requirement already satisfied: requests>=2.3.0 in /Users/mc/anaconda3/lib/python3.11/site-packages (from update-checker>=0.16->tpot) (2.31.0)\r\n",
"Requirement already satisfied: six>=1.5 in /Users/mc/anaconda3/lib/python3.11/site-packages (from python-dateutil>=2.8.2->pandas>=0.24.2->tpot) (1.16.0)\r\n",
"Requirement already satisfied: charset-normalizer<4,>=2 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update-checker>=0.16->tpot) (2.0.4)\r\n",
"Requirement already satisfied: idna<4,>=2.5 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update-checker>=0.16->tpot) (3.4)\r\n",
"Requirement already satisfied: urllib3<3,>=1.21.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update-checker>=0.16->tpot) (2.0.7)\r\n",
"Requirement already satisfied: certifi>=2017.4.17 in /Users/mc/anaconda3/lib/python3.11/site-packages (from requests>=2.3.0->update-checker>=0.16->tpot) (2024.6.2)\r\n",
"Downloading TPOT-0.12.2-py3-none-any.whl (87 kB)\r\n",
"\u001B[2K \u001B[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001B[0m \u001B[32m87.4/87.4 kB\u001B[0m \u001B[31m800.0 kB/s\u001B[0m eta \u001B[36m0:00:00\u001B[0m\u001B[36m0:00:01\u001B[0m0m\r\n",
"\u001B[?25hDownloading scikit_learn-1.5.0-cp311-cp311-macosx_10_9_x86_64.whl (12.1 MB)\r\n",
"\u001B[2K \u001B[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\u001B[0m \u001B[32m12.1/12.1 MB\u001B[0m \u001B[31m6.9 MB/s\u001B[0m eta \u001B[36m0:00:00\u001B[0m00:01\u001B[0m00:01\u001B[0m\r\n",
"\u001B[?25hDownloading threadpoolctl-3.5.0-py3-none-any.whl (18 kB)\r\n",
"Installing collected packages: threadpoolctl, scikit-learn, tpot\r\n",
" Attempting uninstall: threadpoolctl\r\n",
" Found existing installation: threadpoolctl 2.2.0\r\n",
" Uninstalling threadpoolctl-2.2.0:\r\n",
" Successfully uninstalled threadpoolctl-2.2.0\r\n",
" Attempting uninstall: scikit-learn\r\n",
" Found existing installation: scikit-learn 1.1.3\r\n",
" Uninstalling scikit-learn-1.1.3:\r\n",
" Successfully uninstalled scikit-learn-1.1.3\r\n",
"\u001B[31mERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.\r\n",
"orange3 3.36.2 requires scikit-learn!=1.2.*,<1.4,>=1.1.0, but you have scikit-learn 1.5.0 which is incompatible.\u001B[0m\u001B[31m\r\n",
"\u001B[0mSuccessfully installed scikit-learn-1.5.0 threadpoolctl-3.5.0 tpot-0.12.2\r\n",
"Note: you may need to restart the kernel to use updated packages.\n"
]
}
],
"execution_count": 65
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:28:38.433594Z",
"start_time": "2024-06-23T14:28:27.080547Z"
}
},
"cell_type": "code",
"source": [
"import os\n",
"os.environ[\"KMP_DUPLICATE_LIB_OK\"] = \"TRUE\"\n",
"\n",
"import polars as pl\n",
"import re\n",
"from transformers import BertTokenizer, BertModel\n",
"import torch\n",
"from tpot import TPOTClassifier\n",
"from sklearn.model_selection import train_test_split\n",
"from sklearn.preprocessing import LabelEncoder"
],
"id": "ae96e41f08c7908b",
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"/Users/mc/anaconda3/lib/python3.11/site-packages/transformers/utils/generic.py:260: UserWarning: torch.utils._pytree._register_pytree_node is deprecated. Please use torch.utils._pytree.register_pytree_node instead.\n",
" torch.utils._pytree._register_pytree_node(\n"
]
}
],
"execution_count": 8
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:28:38.439369Z",
"start_time": "2024-06-23T14:28:38.435669Z"
}
},
"cell_type": "code",
"source": [
"# Extract relevant information using regular expressions\n",
"def extract_info(text):\n",
" image = re.search(r\"Image: (.*?\\.exe)\", text, re.IGNORECASE)\n",
" target_filename = re.search(r\"TargetFilename: (.*?\\.exe)\", text, re.IGNORECASE)\n",
" return {\n",
" \"image\": image.group(1) if image else \"\",\n",
" \"target_filename\": target_filename.group(1) if target_filename else \"\",\n",
" \"text\": text\n",
" }"
],
"id": "5cecd995c579cd0f",
"outputs": [],
"execution_count": 9
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:28:38.453982Z",
"start_time": "2024-06-23T14:28:38.440333Z"
}
},
"cell_type": "code",
"source": [
"# Apply extraction to the Polars DataFrame using map_elements\n",
"selected_columns_df = selected_columns_df.with_columns(\n",
" pl.col(\"filtered_message\").map_elements(lambda x: extract_info(x), return_dtype=pl.Object).alias(\"extracted_info\")\n",
")"
],
"id": "c2f84d1d644f9111",
"outputs": [],
"execution_count": 10
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:28:38.462528Z",
"start_time": "2024-06-23T14:28:38.456183Z"
}
},
"cell_type": "code",
"source": [
"# Extract fields from the extracted_info column using map_elements with return_dtype\n",
"selected_columns_df = selected_columns_df.with_columns(\n",
" pl.col(\"extracted_info\").map_elements(lambda x: x['image'], return_dtype=pl.Utf8).alias(\"image\"),\n",
" pl.col(\"extracted_info\").map_elements(lambda x: x['target_filename'], return_dtype=pl.Utf8).alias(\"target_filename\"),\n",
" pl.col(\"extracted_info\").map_elements(lambda x: x['text'], return_dtype=pl.Utf8).alias(\"text\")\n",
").drop(\"extracted_info\")"
],
"id": "b4c8e805cdb9b634",
"outputs": [],
"execution_count": 11
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:28:38.467734Z",
"start_time": "2024-06-23T14:28:38.463610Z"
}
},
"cell_type": "code",
"source": "print(selected_columns_df)",
"id": "c700056897cc8dd8",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"shape: (1_027, 8)\n",
"┌───────┬────────────┬────────────┬────────────┬────────────┬────────────┬────────────┬────────────┐\n",
"│ index ┆ log.level ┆ winlog.eve ┆ winlog.tas ┆ filtered_m ┆ image ┆ target_fil ┆ text │\n",
"│ --- ┆ --- ┆ nt_id ┆ k ┆ essage ┆ --- ┆ ename ┆ --- │\n",
"│ i64 ┆ str ┆ --- ┆ --- ┆ --- ┆ str ┆ --- ┆ str │\n",
"│ ┆ ┆ i64 ┆ str ┆ str ┆ ┆ str ┆ │\n",
"╞═══════╪════════════╪════════════╪════════════╪════════════╪════════════╪════════════╪════════════╡\n",
"│ 0 ┆ informatio ┆ 10 ┆ Process ┆ Process ┆ C:\\Windows ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ accessed ┆ accessed: ┆ \\system32\\ ┆ ┆ accessed: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ svchost.ex ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ Proces… ┆ - ┆ … ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ … ┆ ┆ ┆ … │\n",
"│ 1 ┆ informatio ┆ 10 ┆ Process ┆ Process ┆ C:\\Windows ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ accessed ┆ accessed: ┆ \\system32\\ ┆ ┆ accessed: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ svchost.ex ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ Proces… ┆ - ┆ … ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ … ┆ ┆ ┆ … │\n",
"│ 2 ┆ informatio ┆ 1 ┆ Process ┆ Process ┆ C:\\Windows ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ Create ┆ Create: ┆ \\servicing ┆ ┆ Create: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ \\TrustedIn ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ - ┆ … ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ Pr… ┆ ┆ ┆ Pr… │\n",
"│ 3 ┆ informatio ┆ 13 ┆ Registry ┆ Registry ┆ C:\\Windows ┆ ┆ Registry │\n",
"│ ┆ n ┆ ┆ value set ┆ value set: ┆ \\servicing ┆ ┆ value set: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ \\TrustedIn ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ Regi… ┆ … ┆ … ┆ ┆ … │\n",
"│ 4 ┆ informatio ┆ 1 ┆ Process ┆ Process ┆ C:\\Windows ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ Create ┆ Create: ┆ \\WinSxS\\am ┆ ┆ Create: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ d64_micros ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ - ┆ … ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ Pr… ┆ ┆ ┆ Pr… │\n",
"│ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … │\n",
"│ 1022 ┆ informatio ┆ 1 ┆ Process ┆ Process ┆ C:\\Program ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ Create ┆ Create: ┆ Files (x86 ┆ ┆ Create: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ )\\Microso… ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ - ┆ ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ Pr… ┆ ┆ ┆ Pr… │\n",
"│ 1023 ┆ informatio ┆ 10 ┆ Process ┆ Process ┆ C:\\Program ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ accessed ┆ accessed: ┆ Files (x86 ┆ ┆ accessed: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ )\\Microso… ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ Proces… ┆ - ┆ ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ … ┆ ┆ ┆ … │\n",
"│ 1024 ┆ informatio ┆ 1 ┆ Process ┆ Process ┆ C:\\Windows ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ Create ┆ Create: ┆ \\System32\\ ┆ ┆ Create: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ taskhostw. ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ - ┆ … ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ Pr… ┆ ┆ ┆ Pr… │\n",
"│ 1025 ┆ informatio ┆ 22 ┆ Dns query ┆ Dns query: ┆ ┆ ┆ Dns query: │\n",
"│ ┆ n ┆ ┆ (rule: ┆ RuleName: ┆ ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ DnsQuery) ┆ - ┆ ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ Process… ┆ ┆ ┆ Process… │\n",
"│ 1026 ┆ informatio ┆ 1 ┆ Process ┆ Process ┆ C:\\Program ┆ ┆ Process │\n",
"│ ┆ n ┆ ┆ Create ┆ Create: ┆ Files\\RUXI ┆ ┆ Create: │\n",
"│ ┆ ┆ ┆ (rule: ┆ RuleName: ┆ M\\PLUGSch… ┆ ┆ RuleName: │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ - ┆ ┆ ┆ - │\n",
"│ ┆ ┆ ┆ ┆ Pr… ┆ ┆ ┆ Pr… │\n",
"└───────┴────────────┴────────────┴────────────┴────────────┴────────────┴────────────┴────────────┘\n"
]
}
],
"execution_count": 12
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:28:58.121865Z",
"start_time": "2024-06-23T14:28:58.118749Z"
}
},
"cell_type": "code",
"source": [
"def define_label(row):\n",
" conditions = {\n",
" (\"EXCEL.EXE\" in row['image'] and \".exe\" in row['target_filename']): \"bad\",\n",
" (row['index'] == 874): \"bad\",\n",
" # Add more conditions here if needed\n",
" }\n",
" return conditions.get(True, \"good\")"
],
"id": "8d21ff3214accd7a",
"outputs": [],
"execution_count": 13
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:29:01.928229Z",
"start_time": "2024-06-23T14:29:01.923231Z"
}
},
"cell_type": "code",
"source": [
"# Apply the define_label function\n",
"selected_columns_df = selected_columns_df.with_columns(\n",
" pl.struct([\"index\", \"image\", \"target_filename\"]).map_elements(define_label, return_dtype=pl.Utf8).alias(\"label\")\n",
")"
],
"id": "3017223325f75d03",
"outputs": [],
"execution_count": 14
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:29:02.937309Z",
"start_time": "2024-06-23T14:29:02.933702Z"
}
},
"cell_type": "code",
"source": "print(selected_columns_df)",
"id": "feac611ac2db9fb",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"shape: (1_027, 9)\n",
"┌───────┬─────────────┬────────────┬────────────┬───┬────────────┬────────────┬────────────┬───────┐\n",
"│ index ┆ log.level ┆ winlog.eve ┆ winlog.tas ┆ … ┆ image ┆ target_fil ┆ text ┆ label │\n",
"│ --- ┆ --- ┆ nt_id ┆ k ┆ ┆ --- ┆ ename ┆ --- ┆ --- │\n",
"│ i64 ┆ str ┆ --- ┆ --- ┆ ┆ str ┆ --- ┆ str ┆ str │\n",
"│ ┆ ┆ i64 ┆ str ┆ ┆ ┆ str ┆ ┆ │\n",
"╞═══════╪═════════════╪════════════╪════════════╪═══╪════════════╪════════════╪════════════╪═══════╡\n",
"│ 0 ┆ information ┆ 10 ┆ Process ┆ … ┆ C:\\Windows ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ accessed ┆ ┆ \\system32\\ ┆ ┆ accessed: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ svchost.ex ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ Proces… ┆ ┆ … ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ … ┆ │\n",
"│ 1 ┆ information ┆ 10 ┆ Process ┆ … ┆ C:\\Windows ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ accessed ┆ ┆ \\system32\\ ┆ ┆ accessed: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ svchost.ex ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ Proces… ┆ ┆ … ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ … ┆ │\n",
"│ 2 ┆ information ┆ 1 ┆ Process ┆ … ┆ C:\\Windows ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ \\servicing ┆ ┆ Create: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ \\TrustedIn ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ … ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ │\n",
"│ 3 ┆ information ┆ 13 ┆ Registry ┆ … ┆ C:\\Windows ┆ ┆ Registry ┆ good │\n",
"│ ┆ ┆ ┆ value set ┆ ┆ \\servicing ┆ ┆ value set: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ \\TrustedIn ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ Regi… ┆ ┆ … ┆ ┆ … ┆ │\n",
"│ 4 ┆ information ┆ 1 ┆ Process ┆ … ┆ C:\\Windows ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ \\WinSxS\\am ┆ ┆ Create: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ d64_micros ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ … ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ │\n",
"│ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … │\n",
"│ 1022 ┆ information ┆ 1 ┆ Process ┆ … ┆ C:\\Program ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ Files (x86 ┆ ┆ Create: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ )\\Microso… ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ │\n",
"│ 1023 ┆ information ┆ 10 ┆ Process ┆ … ┆ C:\\Program ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ accessed ┆ ┆ Files (x86 ┆ ┆ accessed: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ )\\Microso… ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ Proces… ┆ ┆ ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ … ┆ │\n",
"│ 1024 ┆ information ┆ 1 ┆ Process ┆ … ┆ C:\\Windows ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ \\System32\\ ┆ ┆ Create: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ taskhostw. ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ … ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ │\n",
"│ 1025 ┆ information ┆ 22 ┆ Dns query ┆ … ┆ ┆ ┆ Dns query: ┆ good │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ DnsQuery) ┆ ┆ ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ Process… ┆ │\n",
"│ 1026 ┆ information ┆ 1 ┆ Process ┆ … ┆ C:\\Program ┆ ┆ Process ┆ good │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ Files\\RUXI ┆ ┆ Create: ┆ │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ M\\PLUGSch… ┆ ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ ┆ ┆ - ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ │\n",
"└───────┴─────────────┴────────────┴────────────┴───┴────────────┴────────────┴────────────┴───────┘\n"
]
}
],
"execution_count": 15
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:30:07.444109Z",
"start_time": "2024-06-23T14:30:07.436034Z"
}
},
"cell_type": "code",
"source": [
"bad_rows = selected_columns_df.filter(pl.col(\"label\") == \"bad\")\n",
"print(bad_rows)"
],
"id": "5d634a8db0b99c4",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"shape: (2, 9)\n",
"┌───────┬─────────────┬────────────┬────────────┬───┬────────────┬────────────┬────────────┬───────┐\n",
"│ index ┆ log.level ┆ winlog.eve ┆ winlog.tas ┆ … ┆ image ┆ target_fil ┆ text ┆ label │\n",
"│ --- ┆ --- ┆ nt_id ┆ k ┆ ┆ --- ┆ ename ┆ --- ┆ --- │\n",
"│ i64 ┆ str ┆ --- ┆ --- ┆ ┆ str ┆ --- ┆ str ┆ str │\n",
"│ ┆ ┆ i64 ┆ str ┆ ┆ ┆ str ┆ ┆ │\n",
"╞═══════╪═════════════╪════════════╪════════════╪═══╪════════════╪════════════╪════════════╪═══════╡\n",
"│ 832 ┆ information ┆ 11 ┆ File ┆ … ┆ C:\\Program ┆ C:\\Users\\s ┆ File ┆ bad │\n",
"│ ┆ ┆ ┆ created ┆ ┆ Files\\Micr ┆ tudent\\App ┆ created: ┆ │\n",
"│ ┆ ┆ ┆ (rule: Fil ┆ ┆ osoft Off… ┆ Data\\Local ┆ RuleName: ┆ │\n",
"│ ┆ ┆ ┆ eCreate… ┆ ┆ ┆ … ┆ EXE ┆ │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ │\n",
"│ 874 ┆ information ┆ 3 ┆ Network ┆ … ┆ C:\\Users\\s ┆ ┆ Network ┆ bad │\n",
"│ ┆ ┆ ┆ connection ┆ ┆ tudent\\App ┆ ┆ connection ┆ │\n",
"│ ┆ ┆ ┆ detected ┆ ┆ Data\\Local ┆ ┆ detected: ┆ │\n",
"│ ┆ ┆ ┆ (r… ┆ ┆ … ┆ ┆ R… ┆ │\n",
"└───────┴─────────────┴────────────┴────────────┴───┴────────────┴────────────┴────────────┴───────┘\n"
]
}
],
"execution_count": 16
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:37:58.896397Z",
"start_time": "2024-06-23T14:30:20.524206Z"
}
},
"cell_type": "code",
"source": [
"tokenizer = BertTokenizer.from_pretrained('bert-base-uncased')\n",
"model = BertModel.from_pretrained('bert-base-uncased')\n",
"\n",
"def vectorize_text(text):\n",
" inputs = tokenizer(text, return_tensors='pt', truncation=True, padding=True)\n",
" outputs = model(**inputs)\n",
" return outputs.last_hidden_state.mean(dim=1).detach().numpy()\n",
"\n",
"# Apply vectorization to the Polars DataFrame using map_elements\n",
"selected_columns_df = selected_columns_df.with_columns(\n",
" pl.col(\"text\").map_elements(lambda x: vectorize_text(x).flatten(), return_dtype=pl.Object).alias(\"text_vector\")\n",
")\n",
"\n",
"print(selected_columns_df)"
],
"id": "9262f948e3361ee9",
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"/Users/mc/anaconda3/lib/python3.11/site-packages/huggingface_hub/file_download.py:1132: FutureWarning: `resume_download` is deprecated and will be removed in version 1.0.0. Downloads always resume when possible. If you want to force a new download, use `force_download=True`.\n",
" warnings.warn(\n"
]
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"shape: (1_027, 10)\n",
"┌───────┬─────────────┬────────────┬────────────┬───┬────────────┬────────────┬───────┬────────────┐\n",
"│ index ┆ log.level ┆ winlog.eve ┆ winlog.tas ┆ … ┆ target_fil ┆ text ┆ label ┆ text_vecto │\n",
"│ --- ┆ --- ┆ nt_id ┆ k ┆ ┆ ename ┆ --- ┆ --- ┆ r │\n",
"│ i64 ┆ str ┆ --- ┆ --- ┆ ┆ --- ┆ str ┆ str ┆ --- │\n",
"│ ┆ ┆ i64 ┆ str ┆ ┆ str ┆ ┆ ┆ object │\n",
"╞═══════╪═════════════╪════════════╪════════════╪═══╪════════════╪════════════╪═══════╪════════════╡\n",
"│ 0 ┆ information ┆ 10 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-3.212887 │\n",
"│ ┆ ┆ ┆ accessed ┆ ┆ ┆ accessed: ┆ ┆ 05e-01 -8. │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 51057563e- │\n",
"│ ┆ ┆ ┆ Proces… ┆ ┆ ┆ - ┆ ┆ … │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ … ┆ ┆ │\n",
"│ 1 ┆ information ┆ 10 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-3.122658 │\n",
"│ ┆ ┆ ┆ accessed ┆ ┆ ┆ accessed: ┆ ┆ 13e-01 -9. │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 11662821e- │\n",
"│ ┆ ┆ ┆ Proces… ┆ ┆ ┆ - ┆ ┆ … │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ … ┆ ┆ │\n",
"│ 2 ┆ information ┆ 1 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-3.229663 │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ ┆ Create: ┆ ┆ 37e-01 -5. │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 04846917e- │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ ┆ - ┆ ┆ … │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ ┆ │\n",
"│ 3 ┆ information ┆ 13 ┆ Registry ┆ … ┆ ┆ Registry ┆ good ┆ [-2.114389 │\n",
"│ ┆ ┆ ┆ value set ┆ ┆ ┆ value set: ┆ ┆ 69e-01 -1. │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 26859054e- │\n",
"│ ┆ ┆ ┆ Regi… ┆ ┆ ┆ … ┆ ┆ … │\n",
"│ 4 ┆ information ┆ 1 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-3.781927 │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ ┆ Create: ┆ ┆ 82e-01 │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 1.29612401 │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ ┆ - ┆ ┆ e-… │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ ┆ │\n",
"│ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … ┆ … │\n",
"│ 1022 ┆ information ┆ 1 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-3.417365 │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ ┆ Create: ┆ ┆ 55e-01 -7. │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 53258318e- │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ ┆ - ┆ ┆ … │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ ┆ │\n",
"│ 1023 ┆ information ┆ 10 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-2.859322 │\n",
"│ ┆ ┆ ┆ accessed ┆ ┆ ┆ accessed: ┆ ┆ 73e-01 │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 3.61725502 │\n",
"│ ┆ ┆ ┆ Proces… ┆ ┆ ┆ - ┆ ┆ e-… │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ … ┆ ┆ │\n",
"│ 1024 ┆ information ┆ 1 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-3.556979 │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ ┆ Create: ┆ ┆ 30e-01 -3. │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 89229059e- │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ ┆ - ┆ ┆ … │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ ┆ │\n",
"│ 1025 ┆ information ┆ 22 ┆ Dns query ┆ … ┆ ┆ Dns query: ┆ good ┆ [-2.601829 │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 47e-01 -1. │\n",
"│ ┆ ┆ ┆ DnsQuery) ┆ ┆ ┆ - ┆ ┆ 70182362e- │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ Process… ┆ ┆ … │\n",
"│ 1026 ┆ information ┆ 1 ┆ Process ┆ … ┆ ┆ Process ┆ good ┆ [-3.442858 │\n",
"│ ┆ ┆ ┆ Create ┆ ┆ ┆ Create: ┆ ┆ 46e-01 -9. │\n",
"│ ┆ ┆ ┆ (rule: ┆ ┆ ┆ RuleName: ┆ ┆ 36851799e- │\n",
"│ ┆ ┆ ┆ ProcessC… ┆ ┆ ┆ - ┆ ┆ … │\n",
"│ ┆ ┆ ┆ ┆ ┆ ┆ Pr… ┆ ┆ │\n",
"└───────┴─────────────┴────────────┴────────────┴───┴────────────┴────────────┴───────┴────────────┘\n"
]
}
],
"execution_count": 17
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:42:20.663602Z",
"start_time": "2024-06-23T14:42:20.350354Z"
}
},
"cell_type": "code",
"source": [
"df = selected_columns_df.to_pandas()\n",
"\n",
"# Save the Pandas DataFrame to a Parquet file\n",
"df.to_parquet(\"vectorized_texts.parquet\")"
],
"id": "91e007e2b208dc7f",
"outputs": [],
"execution_count": 23
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T14:42:43.948447Z",
"start_time": "2024-06-23T14:42:43.214997Z"
}
},
"cell_type": "code",
"source": [
"import pandas as pd\n",
"# Load the DataFrame from the Parquet file\n",
"loaded_df = pd.read_parquet(\"vectorized_texts.parquet\")\n",
"\n",
"# Verify the loaded DataFrame\n",
"print(loaded_df)"
],
"id": "48a10b20636b4a2d",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
" index log.level winlog.event_id \\\n",
"0 0 information 10 \n",
"1 1 information 10 \n",
"2 2 information 1 \n",
"3 3 information 13 \n",
"4 4 information 1 \n",
"... ... ... ... \n",
"1022 1022 information 1 \n",
"1023 1023 information 10 \n",
"1024 1024 information 1 \n",
"1025 1025 information 22 \n",
"1026 1026 information 1 \n",
"\n",
" winlog.task \\\n",
"0 Process accessed (rule: ProcessAccess) \n",
"1 Process accessed (rule: ProcessAccess) \n",
"2 Process Create (rule: ProcessCreate) \n",
"3 Registry value set (rule: RegistryEvent) \n",
"4 Process Create (rule: ProcessCreate) \n",
"... ... \n",
"1022 Process Create (rule: ProcessCreate) \n",
"1023 Process accessed (rule: ProcessAccess) \n",
"1024 Process Create (rule: ProcessCreate) \n",
"1025 Dns query (rule: DnsQuery) \n",
"1026 Process Create (rule: ProcessCreate) \n",
"\n",
" filtered_message \\\n",
"0 Process accessed:\\nRuleName: -\\nSourceProcessI... \n",
"1 Process accessed:\\nRuleName: -\\nSourceProcessI... \n",
"2 Process Create:\\nRuleName: -\\nProcessId: 5196\\... \n",
"3 Registry value set:\\nRuleName: Tamper-Winlogon... \n",
"4 Process Create:\\nRuleName: -\\nProcessId: 6140\\... \n",
"... ... \n",
"1022 Process Create:\\nRuleName: -\\nProcessId: 5312\\... \n",
"1023 Process accessed:\\nRuleName: -\\nSourceProcessI... \n",
"1024 Process Create:\\nRuleName: -\\nProcessId: 5000\\... \n",
"1025 Dns query:\\nRuleName: -\\nProcessId: 9568\\nQuer... \n",
"1026 Process Create:\\nRuleName: -\\nProcessId: 8728\\... \n",
"\n",
" image target_filename \\\n",
"0 C:\\Windows\\system32\\svchost.exe \n",
"1 C:\\Windows\\system32\\svchost.exe \n",
"2 C:\\Windows\\servicing\\TrustedInstaller.exe \n",
"3 C:\\Windows\\servicing\\TrustedInstaller.exe \n",
"4 C:\\Windows\\WinSxS\\amd64_microsoft-windows-serv... \n",
"... ... ... \n",
"1022 C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\Mi... \n",
"1023 C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\Mi... \n",
"1024 C:\\Windows\\System32\\taskhostw.exe \n",
"1025 \n",
"1026 C:\\Program Files\\RUXIM\\PLUGScheduler.exe \n",
"\n",
" text label \\\n",
"0 Process accessed:\\nRuleName: -\\nSourceProcessI... good \n",
"1 Process accessed:\\nRuleName: -\\nSourceProcessI... good \n",
"2 Process Create:\\nRuleName: -\\nProcessId: 5196\\... good \n",
"3 Registry value set:\\nRuleName: Tamper-Winlogon... good \n",
"4 Process Create:\\nRuleName: -\\nProcessId: 6140\\... good \n",
"... ... ... \n",
"1022 Process Create:\\nRuleName: -\\nProcessId: 5312\\... good \n",
"1023 Process accessed:\\nRuleName: -\\nSourceProcessI... good \n",
"1024 Process Create:\\nRuleName: -\\nProcessId: 5000\\... good \n",
"1025 Dns query:\\nRuleName: -\\nProcessId: 9568\\nQuer... good \n",
"1026 Process Create:\\nRuleName: -\\nProcessId: 8728\\... good \n",
"\n",
" text_vector \n",
"0 [-0.32128870487213135, -0.008510575629770756, ... \n",
"1 [-0.3122658133506775, -0.00911662820726633, 0.... \n",
"2 [-0.3229663372039795, -0.0005048469174653292, ... \n",
"3 [-0.21143896877765656, -0.12685905396938324, 0... \n",
"4 [-0.3781927824020386, 0.12961240112781525, 0.4... \n",
"... ... \n",
"1022 [-0.3417365550994873, -0.07532583177089691, 0.... \n",
"1023 [-0.2859322726726532, 0.0036172550171613693, 0... \n",
"1024 [-0.3556979298591614, -0.038922905921936035, 0... \n",
"1025 [-0.2601829469203949, -0.17018236219882965, 0.... \n",
"1026 [-0.34428584575653076, -0.09368517994880676, 0... \n",
"\n",
"[1027 rows x 10 columns]\n"
]
}
],
"execution_count": 25
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T15:40:20.568804Z",
"start_time": "2024-06-23T15:35:44.243587Z"
}
},
"cell_type": "code",
"source": [
"import os\n",
"import pandas as pd\n",
"import torch\n",
"from sklearn.model_selection import train_test_split\n",
"from sklearn.preprocessing import LabelEncoder\n",
"from tpot import TPOTClassifier\n",
"\n",
"# Load the DataFrame from the Parquet file\n",
"df = pd.read_parquet(\"vectorized_texts.parquet\")\n",
"\n",
"# Ensure to use only CPU for PyTorch\n",
"device = torch.device(\"cpu\")\n",
"\n",
"# Encode labels\n",
"le = LabelEncoder()\n",
"df['label_encoded'] = le.fit_transform(df['label'])\n",
"\n",
"# Split data\n",
"X_train, X_test, y_train, y_test = train_test_split(df['text_vector'].tolist(), df['label_encoded'], test_size=0.2, random_state=42)\n",
"\n",
"# Convert lists to numpy arrays\n",
"X_train = torch.tensor(X_train, device=device).numpy()\n",
"X_test = torch.tensor(X_test, device=device).numpy()\n",
"\n",
"# TPOT classifier with higher verbosity\n",
"tpot = TPOTClassifier(verbosity=3, generations=5, population_size=20)\n",
"tpot.fit(X_train, y_train)\n",
"\n",
"# Evaluate the model\n",
"print(\"TPOT Score:\", tpot.score(X_test, y_test))\n",
"\n",
"# Save the trained model\n",
"tpot.export('tpot_pipeline.py')\n",
"\n",
"# Print the exported pipeline\n",
"with open('tpot_pipeline.py') as f:\n",
" print(f.read())\n",
"\n",
"# Example of using the trained model\n",
"predictions = tpot.predict(X_test)\n",
"print(\"Predictions:\", predictions)\n"
],
"id": "75d84e297b03eaf4",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"32 operators have been imported by TPOT.\n"
]
},
{
"data": {
"text/plain": [
"Optimization Progress: 0%| | 0/120 [00:00<?, ?pipeline/s]"
],
"application/vnd.jupyter.widget-view+json": {
"version_major": 2,
"version_minor": 0,
"model_id": "cdd334c618a04e55a3f580c1d7e5239b"
}
},
"metadata": {},
"output_type": "display_data"
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=1 Unsupported set of arguments: The combination of penalty='l1' and loss='hinge' is not supported, Parameters: penalty='l1', loss='hinge', dual=True.\n",
"\n",
"Generation 1 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tLogisticRegression(input_matrix, LogisticRegression__C=20.0, LogisticRegression__dual=False, LogisticRegression__penalty=l2)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=1 Unsupported set of arguments: The combination of penalty='l1' and loss='hinge' is not supported, Parameters: penalty='l1', loss='hinge', dual=False.\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=1 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=1 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"\n",
"Generation 2 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tLogisticRegression(input_matrix, LogisticRegression__C=20.0, LogisticRegression__dual=False, LogisticRegression__penalty=l2)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Unsupported set of arguments: The combination of penalty='l1' and loss='squared_hinge' are not supported when dual=True, Parameters: penalty='l1', loss='squared_hinge', dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=1 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"\n",
"Generation 3 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tLogisticRegression(input_matrix, LogisticRegression__C=20.0, LogisticRegression__dual=False, LogisticRegression__penalty=l2)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Negative values in data passed to MultinomialNB (input X).\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"\n",
"Generation 4 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tLogisticRegression(input_matrix, LogisticRegression__C=20.0, LogisticRegression__dual=False, LogisticRegression__penalty=l2)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=1 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"_pre_test decorator: _random_mutation_operator: num_test=2 Unsupported set of arguments: The combination of penalty='l1' and loss='hinge' is not supported, Parameters: penalty='l1', loss='hinge', dual=False.\n",
"_pre_test decorator: _random_mutation_operator: num_test=3 Solver lbfgs supports only dual=False, got dual=True.\n",
"\n",
"Generation 5 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tLogisticRegression(input_matrix, LogisticRegression__C=20.0, LogisticRegression__dual=False, LogisticRegression__penalty=l2)\n",
"TPOT Score: 1.0\n",
"import numpy as np\n",
"import pandas as pd\n",
"from sklearn.linear_model import LogisticRegression\n",
"from sklearn.model_selection import train_test_split\n",
"\n",
"# NOTE: Make sure that the outcome column is labeled 'target' in the data file\n",
"tpot_data = pd.read_csv('PATH/TO/DATA/FILE', sep='COLUMN_SEPARATOR', dtype=np.float64)\n",
"features = tpot_data.drop('target', axis=1)\n",
"training_features, testing_features, training_target, testing_target = \\\n",
" train_test_split(features, tpot_data['target'], random_state=None)\n",
"\n",
"# Average CV score on the training set was: 0.9975683665927569\n",
"exported_pipeline = LogisticRegression(C=20.0, dual=False, penalty=\"l2\")\n",
"\n",
"exported_pipeline.fit(training_features, training_target)\n",
"results = exported_pipeline.predict(testing_features)\n",
"\n",
"Predictions: [1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1]\n"
]
}
],
"execution_count": 28
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T15:40:32.639885Z",
"start_time": "2024-06-23T15:40:32.632855Z"
}
},
"cell_type": "code",
"source": "print(\"The accuracy of the best model is: \", tpot.score(X_test, y_test))\n",
"id": "6cf76b5736411710",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"The accuracy of the best model is: 1.0\n"
]
}
],
"execution_count": 29
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T15:45:08.745744Z",
"start_time": "2024-06-23T15:45:04.326699Z"
}
},
"cell_type": "code",
"source": "%pip install matplotlib",
"id": "d99c8aa5529a72d1",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Requirement already satisfied: matplotlib in /Users/mc/anaconda3/lib/python3.11/site-packages (3.8.0)\r\n",
"Requirement already satisfied: contourpy>=1.0.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (1.2.0)\r\n",
"Requirement already satisfied: cycler>=0.10 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (0.11.0)\r\n",
"Requirement already satisfied: fonttools>=4.22.0 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (4.25.0)\r\n",
"Requirement already satisfied: kiwisolver>=1.0.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (1.4.4)\r\n",
"Requirement already satisfied: numpy<2,>=1.21 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (1.26.4)\r\n",
"Requirement already satisfied: packaging>=20.0 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (23.1)\r\n",
"Requirement already satisfied: pillow>=6.2.0 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (10.2.0)\r\n",
"Requirement already satisfied: pyparsing>=2.3.1 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (3.0.9)\r\n",
"Requirement already satisfied: python-dateutil>=2.7 in /Users/mc/anaconda3/lib/python3.11/site-packages (from matplotlib) (2.8.2)\r\n",
"Requirement already satisfied: six>=1.5 in /Users/mc/anaconda3/lib/python3.11/site-packages (from python-dateutil>=2.7->matplotlib) (1.16.0)\r\n",
"Note: you may need to restart the kernel to use updated packages.\n"
]
}
],
"execution_count": 30
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T16:14:34.361740Z",
"start_time": "2024-06-23T15:45:13.819963Z"
}
},
"cell_type": "code",
"source": [
"import os\n",
"import pandas as pd\n",
"import torch\n",
"from sklearn.model_selection import train_test_split\n",
"from sklearn.preprocessing import LabelEncoder\n",
"from tpot import TPOTClassifier\n",
"from collections import Counter\n",
"\n",
"# Load the DataFrame from the Parquet file\n",
"df = pd.read_parquet(\"vectorized_texts.parquet\")\n",
"\n",
"# Ensure to use only CPU for PyTorch\n",
"device = torch.device(\"cpu\")\n",
"\n",
"# Encode labels\n",
"le = LabelEncoder()\n",
"df['label_encoded'] = le.fit_transform(df['label'])\n",
"\n",
"# Split data\n",
"X_train, X_test, y_train, y_test = train_test_split(df['text_vector'].tolist(), df['label_encoded'], test_size=0.2, random_state=42)\n",
"\n",
"# Convert lists to numpy arrays\n",
"X_train = torch.tensor(X_train, device=device).numpy()\n",
"X_test = torch.tensor(X_test, device=device).numpy()\n",
"\n",
"# TPOT classifier with higher verbosity\n",
"tpot = TPOTClassifier(verbosity=3, generations=5, population_size=20)\n",
"tpot.fit(X_train, y_train)\n",
"\n",
"# Evaluate the model\n",
"print(\"TPOT Score:\", tpot.score(X_test, y_test))\n",
"\n",
"# Save the trained model\n",
"tpot.export('tpot_pipeline.py')\n",
"\n",
"# Print the exported pipeline\n",
"with open('tpot_pipeline.py') as f:\n",
" print(f.read())\n",
"\n",
"# Example of using the trained model\n",
"predictions = tpot.predict(X_test)\n",
"print(\"Predictions:\", predictions)\n",
"\n",
"# Extract information about models tested\n",
"evaluated_pipelines = tpot.evaluated_individuals_\n"
],
"id": "705690ce71dfda4c",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"32 operators have been imported by TPOT.\n"
]
},
{
"data": {
"text/plain": [
"Optimization Progress: 0%| | 0/120 [00:00<?, ?pipeline/s]"
],
"application/vnd.jupyter.widget-view+json": {
"version_major": 2,
"version_minor": 0,
"model_id": "f7e3f3bcb7f64b0eb87cc1a70a31169b"
}
},
"metadata": {},
"output_type": "display_data"
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"_pre_test decorator: _random_mutation_operator: num_test=0 The 'loss' parameter of SGDClassifier must be a str among {'perceptron', 'squared_hinge', 'modified_huber', 'log_loss', 'huber', 'epsilon_insensitive', 'hinge', 'squared_error', 'squared_epsilon_insensitive'}. Got 'log' instead..\n",
"\n",
"Generation 1 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tGradientBoostingClassifier(input_matrix, GradientBoostingClassifier__learning_rate=0.001, GradientBoostingClassifier__max_depth=9, GradientBoostingClassifier__max_features=0.5, GradientBoostingClassifier__min_samples_leaf=14, GradientBoostingClassifier__min_samples_split=17, GradientBoostingClassifier__n_estimators=100, GradientBoostingClassifier__subsample=0.55)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only dual=False, got dual=True.\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"\n",
"Generation 2 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tGradientBoostingClassifier(input_matrix, GradientBoostingClassifier__learning_rate=0.001, GradientBoostingClassifier__max_depth=9, GradientBoostingClassifier__max_features=0.5, GradientBoostingClassifier__min_samples_leaf=14, GradientBoostingClassifier__min_samples_split=17, GradientBoostingClassifier__n_estimators=100, GradientBoostingClassifier__subsample=0.55)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Negative values in data passed to MultinomialNB (input X).\n",
"\n",
"Generation 3 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tGradientBoostingClassifier(input_matrix, GradientBoostingClassifier__learning_rate=0.001, GradientBoostingClassifier__max_depth=9, GradientBoostingClassifier__max_features=0.5, GradientBoostingClassifier__min_samples_leaf=14, GradientBoostingClassifier__min_samples_split=17, GradientBoostingClassifier__n_estimators=100, GradientBoostingClassifier__subsample=0.55)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Negative values in data passed to MultinomialNB (input X).\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Negative values in data passed to MultinomialNB (input X).\n",
"Pipeline encountered that has previously been evaluated during the optimization process. Using the score from the previous evaluation.\n",
"\n",
"Generation 4 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tGradientBoostingClassifier(input_matrix, GradientBoostingClassifier__learning_rate=0.001, GradientBoostingClassifier__max_depth=9, GradientBoostingClassifier__max_features=0.5, GradientBoostingClassifier__min_samples_leaf=14, GradientBoostingClassifier__min_samples_split=17, GradientBoostingClassifier__n_estimators=100, GradientBoostingClassifier__subsample=0.55)\n",
"_pre_test decorator: _random_mutation_operator: num_test=0 Solver lbfgs supports only 'l2' or None penalties, got l1 penalty..\n",
"\n",
"Generation 5 - Current Pareto front scores:\n",
"\n",
"-1\t0.9975683665927569\tGradientBoostingClassifier(input_matrix, GradientBoostingClassifier__learning_rate=0.001, GradientBoostingClassifier__max_depth=9, GradientBoostingClassifier__max_features=0.5, GradientBoostingClassifier__min_samples_leaf=14, GradientBoostingClassifier__min_samples_split=17, GradientBoostingClassifier__n_estimators=100, GradientBoostingClassifier__subsample=0.55)\n",
"TPOT Score: 1.0\n",
"import numpy as np\n",
"import pandas as pd\n",
"from sklearn.ensemble import GradientBoostingClassifier\n",
"from sklearn.model_selection import train_test_split\n",
"\n",
"# NOTE: Make sure that the outcome column is labeled 'target' in the data file\n",
"tpot_data = pd.read_csv('PATH/TO/DATA/FILE', sep='COLUMN_SEPARATOR', dtype=np.float64)\n",
"features = tpot_data.drop('target', axis=1)\n",
"training_features, testing_features, training_target, testing_target = \\\n",
" train_test_split(features, tpot_data['target'], random_state=None)\n",
"\n",
"# Average CV score on the training set was: 0.9975683665927569\n",
"exported_pipeline = GradientBoostingClassifier(learning_rate=0.001, max_depth=9, max_features=0.5, min_samples_leaf=14, min_samples_split=17, n_estimators=100, subsample=0.55)\n",
"\n",
"exported_pipeline.fit(training_features, training_target)\n",
"results = exported_pipeline.predict(testing_features)\n",
"\n",
"Predictions: [1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1\n",
" 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1]\n"
]
},
{
"ename": "AttributeError",
"evalue": "'dict' object has no attribute '_final_estimator'",
"output_type": "error",
"traceback": [
"\u001B[0;31m---------------------------------------------------------------------------\u001B[0m",
"\u001B[0;31mAttributeError\u001B[0m Traceback (most recent call last)",
"Cell \u001B[0;32mIn[31], line 50\u001B[0m\n\u001B[1;32m 48\u001B[0m model_counter \u001B[38;5;241m=\u001B[39m Counter()\n\u001B[1;32m 49\u001B[0m \u001B[38;5;28;01mfor\u001B[39;00m pipeline \u001B[38;5;129;01min\u001B[39;00m evaluated_pipelines\u001B[38;5;241m.\u001B[39mvalues():\n\u001B[0;32m---> 50\u001B[0m \u001B[38;5;28;01mfor\u001B[39;00m step \u001B[38;5;129;01min\u001B[39;00m pipeline\u001B[38;5;241m.\u001B[39m_final_estimator\u001B[38;5;241m.\u001B[39msteps:\n\u001B[1;32m 51\u001B[0m model_counter[step[\u001B[38;5;241m0\u001B[39m]] \u001B[38;5;241m+\u001B[39m\u001B[38;5;241m=\u001B[39m \u001B[38;5;241m1\u001B[39m\n\u001B[1;32m 53\u001B[0m \u001B[38;5;28mprint\u001B[39m(\u001B[38;5;124m\"\u001B[39m\u001B[38;5;124mModels and their occurrences:\u001B[39m\u001B[38;5;124m\"\u001B[39m)\n",
"\u001B[0;31mAttributeError\u001B[0m: 'dict' object has no attribute '_final_estimator'"
]
}
],
"execution_count": 31
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2024-06-23T16:17:12.274731Z",
"start_time": "2024-06-23T16:17:11.509163Z"
}
},
"cell_type": "code",
"source": [
"# Count occurrences of each model type\n",
"model_counter = Counter()\n",
"for pipeline_str in evaluated_pipelines.keys():\n",
" models = re.findall(r'\\w+\\(.*?\\)', pipeline_str)\n",
" for model in models:\n",
" model_name = model.split('(')[0]\n",
" model_counter[model_name] += 1\n",
"\n",
"print(\"Models and their occurrences:\")\n",
"for model, count in model_counter.items():\n",
" print(f\"{model}: {count}\")\n",
"\n",
"# Visualize the count of different models\n",
"import matplotlib.pyplot as plt\n",
"\n",
"model_names = list(model_counter.keys())\n",
"model_counts = list(model_counter.values())\n",
"\n",
"plt.figure(figsize=(12, 6))\n",
"plt.barh(model_names, model_counts, color='skyblue')\n",
"plt.xlabel('Number of Occurrences')\n",
"plt.ylabel('Model')\n",
"plt.title('Frequency of Models Tested by TPOT')\n",
"plt.show()"
],
"id": "565066bf3b5f0820",
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Models and their occurrences:\n",
"GradientBoostingClassifier: 43\n",
"KNeighborsClassifier: 10\n",
"DecisionTreeClassifier: 10\n",
"BernoulliNB: 11\n",
"LogisticRegression: 4\n",
"MLPClassifier: 8\n",
"ExtraTreesClassifier: 8\n",
"XGBClassifier: 7\n",
"RandomForestClassifier: 11\n",
"LinearSVC: 1\n",
"GaussianNB: 1\n",
"SGDClassifier: 3\n"
]
},
{
"data": {
"text/plain": [
"<Figure size 1200x600 with 1 Axes>"
],
"image/png": "iVBORw0KGgoAAAANSUhEUgAABIwAAAIhCAYAAAAsBCGlAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjguMCwgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy81sbWrAAAACXBIWXMAAA9hAAAPYQGoP6dpAACpD0lEQVR4nOzdeXxN1/7/8fdJIoOcDCRIVAYkQUyRGlpaQw1BKaWlaEkpNVdRU81Uah7amocorqGmGkrVEBRVVFBiChGtqNaQVIxJzu8Pv5yvLaHmaL2ej8d+XGfvtdf+7H3OfTxu3nettU0Wi8UiAAAAAAAA4P+zyeoCAAAAAAAA8GwhMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADAgMAIAAE9MZGSkTCZTplv37t2zurzn1oYNG1S6dGk5OzvLZDJp+fLlmbaLi4uzfl8DBw7MtE3Lli2tbR6nypUrq3Llyg91rr+/v8LDwx/5+nf77d6+3e25PKiJEycqMjLysfR1p/upMyoqSiaTSYsXL34iNaTXcT9bVFSU4bdnMplkY2MjDw8P1a5dWzt27MjQ9/nz59W7d28FBwcre/bscnV11UsvvaSvvvpKN2/etLYLDw+/rxoe9fcDAP8FdlldAAAA+O+bNWuWChcubNiXN2/eLKrm+WaxWNSoUSMFBQVpxYoVcnZ2VqFChe55jouLiyIjI9W/f3/Z2Pzf/994+fJlffPNN3J1dVVSUtKTLv2pmjhxouGeVq9eraFDh2b4LefLl++xXc/T0/M/HVTcGfQMGTJEmzZt0saNGw37g4ODdeHCBUlSp06d1LRpU6WmpurgwYMaNGiQqlSpoh07dqhUqVKSpMOHD6tGjRq6fPmyunXrpvLly+vq1atatWqVPvroI33zzTf67rvvlD17dvXr109t27a1XuuXX35Rhw4dNGzYMFWpUsW6P1euXE/qMQDAvwaBEQAAeOKKFSum0qVL31fbmzdvymQyyc6O/5nyJJw5c0YXLlzQm2++qapVq97XOY0bN9b06dO1YcMGVa9e3bp/4cKFSk1NVf369TV37twnVXKWCA4ONnw+fPiwpAf7LcPopZdeMnzOlSuXbGxsMuyXZA2MfH19rccrVKiggIAAVa1aVRMnTtS0adOUmpqqhg0bKikpST///LOCgoKsfdSuXVuVKlXSO++8o65du2ry5MkqWLCgChYsaG1z7do1SVJgYGCmdQDA84wpaQAAIMukT4OZM2eOunXrphdeeEEODg46fvy4JGn9+vWqWrWqXF1dlT17dlWoUEEbNmzI0M/q1asVEhIiBwcH5c+fX6NGjdLAgQMN06TSp7hkNu0nsyk7x44dU9OmTZU7d245ODioSJEi+uqrrzKtf/78+fr000+VN29eubq6qlq1ajpy5EiG66xdu1ZVq1aVm5ubsmfPriJFiigiIkKSNGfOHJlMpkyn2wwePFjZsmXTmTNn7vk8f/zxR1WtWlUuLi7Knj27ypcvr9WrV1uPDxw40DoipmfPnjKZTPL3979nn5JUqFAhlS9fXjNnzjTsnzlzpho0aCA3N7cM56SlpWnEiBEqXLiwHBwclDt3bjVv3ly//faboZ3FYtGIESPk5+cnR0dHhYaGas2aNZnWkZSUpO7duyt//vyyt7fXCy+8oC5duig5Ofme9aelpWno0KEqVKiQnJyc5O7urhIlSmj8+PH/eO//ZOHChXr55Zfl7Owss9mssLAw7d2719DmxIkTeuedd5Q3b145ODgoT548qlq1qqKjoyXdmkJ38OBBbd682Tol6vbv5X7vOykpSa1bt5aHh4fMZrNq1qypo0ePPtD9XLt2TV27dpWXl5ecnJxUqVIlw/08jt/po0gPdU6dOiVJWrZsmQ4dOqRevXoZwqJ0jRs3Vo0aNTRjxgydPXv2idUFAP9FBEYAAOCJS01NVUpKimG7Xe/evRUfH6/Jkydr5cqVyp07t+bOnasaNWrI1dVVs2fP1qJFi5QzZ06FhYUZQqMNGzaoXr16cnFx0YIFCzRy5EgtWrRIs2bNeuh6Dx06pDJlyujXX3/V6NGjtWrVKr3++uvq3LmzBg0alKF9nz59dOrUKU2fPl1Tp07VsWPHVLduXaWmplrbzJgxQ7Vr11ZaWpr1Pjt37mwNUBo3biwvL68MoVRKSoqmTJmiN998857T+DZv3qzXXntNiYmJmjFjhubPny8XFxfVrVtXCxculCR98MEHWrp0qaRbU3127NihZcuW3dczadWqlZYvX66LFy9Kko4cOaLt27erVatWmbZv166devbsqerVq2vFihUaMmSI1q5dq/Lly+uvv/6yths0aJC13fLly9WuXTu1bt06Q+B25coVVapUSbNnz1bnzp21Zs0a9ezZU5GRkXrjjTdksVjuWvuIESM0cOBANWnSRKtXr9bChQvVqlUrXbp06b7u/W6GDRumJk2aKDg4WIsWLdKcOXP0999/69VXX9WhQ4es7WrXrq09e/ZoxIgR+uGHHzRp0iSVKlXKev1ly5apQIECKlWqlHbs2GH4Xu73vi0Wi+rXr28NX5ctW6aXXnpJtWrVeqB76tOnj06cOKHp06dr+vTpOnPmjCpXrqwTJ05IevTf6aNKD5PTp4z98MMPkqT69evf9Zz69esrJSVFUVFRT6wuAPhPsgAAADwhs2bNskjKdLt586Zl06ZNFkmWihUrGs5LTk625MyZ01K3bl3D/tTUVEvJkiUtZcuWte4rV66cJW/evJarV69a9yUlJVly5sxpuf1/6pw8edIiyTJr1qwMdUqyDBgwwPo5LCzMki9fPktiYqKhXceOHS2Ojo6WCxcuWCwWi7X+2rVrG9otWrTIIsmyY8cOi8Visfz9998WV1dXyyuvvGJJS0u76/MaMGCAxd7e3vLHH39Y9y1cuNAiybJ58+a7nmexWCwvvfSSJXfu3Ja///7bui8lJcVSrFgxS758+azXTX8OI0eOvGd/d7b9+++/LWaz2fLll19aLBaL5ZNPPrHkz5/fkpaWZunQoYPhWcfExFgkWdq3b2/ob+fOnRZJlj59+lgsFovl4sWLFkdHR8ubb75paLdt2zaLJEulSpWs+yIiIiw2NjaWXbt2GdouXrzYIsny3XffWff5+flZWrRoYf1cp04dS0hIyD/e772k/5bTrx8fH2+xs7OzdOrUydDu77//tnh5eVkaNWpksVgslr/++ssiyTJu3Lh79l+0aFHD/aa73/tes2aNRZJl/PjxhnafffZZht93ZtJ/y6GhoYbfaFxcnCVbtmyWDz74wLrvUX6nt2vRooXF2dk502Ppv73hw4dbbt68abl27Zplz549ljJlylgkWVavXm2xWCyWmjVrWiRZrl27dtfrpD+b4cOH3/W+v/nmm/uuGwCeF4wwAgAAT9zXX3+tXbt2Gbbb1yhq2LChof327dt14cIFtWjRwjAqKS0tTTVr1tSuXbuUnJys5ORk7dq1Sw0aNJCjo6P1/PSRNQ/j2rVr2rBhg958801lz57dcP3atWvr2rVr+umnnwznvPHGG4bPJUqUkPR/02a2b9+upKQktW/f/p5vE2vXrp0kadq0adZ9X375pYoXL66KFSve9bzk5GTt3LlTb731lsxms3W/ra2t3nvvPf3222+ZTpF7EGazWW+//bZmzpyplJQUff3113r//fczvZ9NmzZJUoYFnMuWLasiRYpYR4jt2LFD165dU7NmzQztypcvLz8/P8O+VatWqVixYgoJCTF8J2FhYdY3a91N2bJltW/fPrVv317ff//9Y1mg+/vvv1dKSoqaN29uqMfR0VGVKlWy1pMzZ04VLFhQI0eO1JgxY7R3716lpaXd93Xu977Tn/mdz7Jp06YPdF9NmzY1fKd+fn4qX768tX/p4X+nD6Nnz57Kli2bHB0d9eKLLyo+Pl5TpkxR7dq177sPy/8fhfW43+QHAP91rCYJAACeuCJFitxzoWBvb2/D5z/++EOS9NZbb931nAsXLshkMiktLU1eXl4Zjme2736cP39eKSkp+uKLL/TFF19k2ub2KVWS5OHhYfjs4OAgSbp69aok6c8//5T0z2/UypMnjxo3bqwpU6aoV69eOnjwoLZu3aopU6bc87yLFy/KYrFkeI7S/72N7vz58/fs4360atVKr7zyij777DP9+eefd32jV/q17lZPepCW3u5+vr8//vhDx48fV7Zs2TK95p3fye169+4tZ2dnzZ07V5MnT5atra0qVqyo4cOHP/QC1um/0TJlymR6PP1tciaTSRs2bNDgwYM1YsQIdevWTTlz5lSzZs302WefycXF5R+vcz/3ff78ednZ2WX4LT7ofw/u9l3s27fP+vlhf6cP46OPPtK7774rGxsbubu7K3/+/Ibgx9fXV5J08uTJDG9iTBcXFydJ8vHxeez1AcB/GYERAADIcnf+P/+enp6SpC+++OKuby7KkyeP9Y1qmS1me+e+9BFI169fN+y/M0jJkSOHdWROhw4dMr12/vz573E3GaWvt3Lngs+Z+eijjzRnzhx9++23Wrt2rdzd3TOMGrlTjhw5ZGNjo4SEhAzH0hcgTn+mj6JChQoqVKiQBg8erOrVq9/1D/D00CIhISFDSHbmzBlrLent7vb93b7ws6enp5ycnDIsvH378buxs7NT165d1bVrV126dEnr169Xnz59FBYWptOnTyt79ux3v+m7SL/e4sWLM4yGupOfn59mzJghSTp69KgWLVqkgQMH6saNG5o8efI/Xud+7tvDw0MpKSk6f/68ITR60IWe7/Zd3BlEPczv9GHky5fvnqFe9erVNXXqVC1fvly9evXKtM3y5ctlZ2enypUrP/b6AOC/jMAIAAA8cypUqCB3d3cdOnRIHTt2vGs7e3t7lS1bVkuXLtXIkSOtodDff/+tlStXGtrmyZNHjo6O2r9/v2H/t99+a/icPXt2ValSRXv37lWJEiVkb2//yPdTvnx5ubm5afLkyXrnnXfuOTXmxRdfVPny5TV8+HD9+uuvatOmjZydne/Zv7Ozs8qVK6elS5dq1KhRcnJyknTr7WBz585Vvnz5Mn2D1MPo27evFi9efNcwTZJee+01SdLcuXMNI3B27dqlmJgYffrpp5JuvfHK0dFR8+bNM0xL3L59u06dOmUIjOrUqaNhw4bJw8PjgQO727m7u+utt97S77//ri5duiguLk7BwcEP3E9YWJjs7OwUGxubYUrlvQQFBalv375asmSJfvnlF+t+BwcH64i0293vfVepUkUjRozQvHnz1LlzZ+v+//3vf/ddmyTNnz9fXbt2tf5GT506pe3bt6t58+aGdg/zO30S3nzzTQUHB+vzzz9XgwYNMvzOFy5cqHXr1qlt27YPPeoQAJ5XBEYAAOCZYzab9cUXX6hFixa6cOGC3nrrLeXOnVt//vmn9u3bpz///FOTJk2SJA0ZMkQ1a9ZU9erV1a1bN6Wmpmr48OFydnbWhQsXrH2aTCa9++67mjlzpgoWLKiSJUvq559/zvQP6vHjx+uVV17Rq6++qnbt2snf319///23jh8/rpUrV2rjxo0PfD+jR4/WBx98oGrVqql169bKkyePjh8/rn379unLL780tP/oo4/UuHFjmUwmtW/f/r6uERERoerVq6tKlSrq3r277O3tNXHiRP3666+aP3/+Y1u/5d1339W77757zzaFChVSmzZt9MUXX8jGxka1atVSXFyc+vXrJx8fH3388ceSbo2M6t69u4YOHaoPPvhAb7/9tk6fPq2BAwdm+OO+S5cuWrJkiSpWrKiPP/5YJUqUUFpamuLj47Vu3Tp169ZN5cqVy7SeunXrqlixYipdurRy5cqlU6dOady4cfLz81NgYOBDPQd/f38NHjxYn376qU6cOKGaNWsqR44c+uOPP/Tzzz/L2dlZgwYN0v79+9WxY0e9/fbbCgwMlL29vTZu3Kj9+/cbRsQUL15cCxYs0MKFC1WgQAE5OjqqePHi933fNWrUUMWKFdWjRw8lJyerdOnS2rZtm+bMmfNA93Xu3Dm9+eabat26tRITEzVgwAA5Ojqqd+/eGdo+zO/0cbO1tdWSJUtUvXp1vfzyy+rWrZtefvllXb9+XStXrtTUqVNVqVIljR49OkvqA4B/MwIjAADwTHr33Xfl6+urESNG6MMPP9Tff/+t3LlzKyQkxLB2Tvrr2Pv27Wt95Xf79u119epVDRo0yNBn+h+NI0aM0OXLl/Xaa69p1apVhpEskhQcHKxffvlFQ4YMUd++fXXu3Dm5u7srMDDwgRbbvV2rVq2UN29eDR8+XB988IEsFov8/f3VokWLDG3r168vBwcHValS5b4DjUqVKmnjxo0aMGCAwsPDlZaWppIlS2rFihWqU6fOQ9X8KCZNmqSCBQtqxowZ+uqrr+Tm5qaaNWsqIiLCML1p8ODBcnZ21sSJEzVnzhwVLlxYkydP1qhRowz9OTs7a+vWrfr88881depUnTx5Uk5OTvL19VW1atUyfIe3q1KlipYsWaLp06crKSlJXl5eql69uvr163fXtYHuR+/evRUcHKzx48dr/vz5un79ury8vFSmTBm1bdtW0q31fwoWLKiJEyfq9OnTMplMKlCggEaPHq1OnTpZ+xo0aJASEhLUunVr/f333/Lz81NcXNx937eNjY1WrFihrl27asSIEbpx44YqVKig77777q5r+2Rm2LBh2rVrl95//30lJSWpbNmyWrBggQoWLJih7cP8Tp+EwoULKzo6WqNGjdKcOXM0ZMgQ2dnZKTg4WOPGjVObNm0e6XsGgOeVyZL+2gAAAID/kIEDB2rQoEH6N/5PnZUrV+qNN97Q6tWrHzqgAp40fqcA8N/GCCMAAIBnxKFDh3Tq1Cl169ZNISEhqlWrVlaXBGTA7xQAng82WV0AAAAAbmnfvr3eeOMN5ciR47GuOwQ8TvxOAeD5wJQ0AAAAAAAAGDDCCAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABb0kDskhaWprOnDkjFxcXFosEAAAAADxxFotFf//9t/LmzSsbm3uPISIwArLImTNn5OPjk9VlAAAAAACeM6dPn1a+fPnu2YbACMgiLi4ukm79F9XV1TWLqwEAAAAA/NclJSXJx8fH+vfovRAYAVkkfRqaq6srgREAAAAA4Km5n2VRWPQaAAAAAAAABgRGAAAAAAAAMCAwAgAAAAAAgAGBEQAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAAADAiMAAAAAAAAYEBgBAAAAAADAgMAIAAAAAAAABgRGAAAAAAAAMCAwAgAAAAAAgAGBEQAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAAADAiMAAAAAAAAYEBgBAAAAAADAgMAIAAAAAAAABgRGAAAAAAAAMLDL6gKA592YfeflaL6R1WU8Vb1KeWZ1CQAAAACAe2CEEQAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAAADAiMAAAAAAAAYEBgBAAAAAADAgMAIAAAAAAAABgRGAAAAAAAAMCAwAgAAAAAAgAGBEZ4JlStXVpcuXZ7KtUwmk5YvX279fPjwYb300ktydHRUSEiI4uLiZDKZFB0d/VTqAQAAAADgWUNg9Bw5d+6cPvzwQ/n6+srBwUFeXl4KCwvTjh07rG327t2rxo0by9vbWw4ODvLz81OdOnW0cuVKWSwWSbIGKumbi4uLihYtqg4dOujYsWMZrnvjxg2NGDFCJUuWVPbs2eXp6akKFSpo1qxZunnz5lO7/3QJCQmqVauW9fOAAQPk7OysI0eOaMOGDfLx8VFCQoKKFSv21GsDAAAAAOBZYJfVBeDpadiwoW7evKnZs2erQIEC+uOPP7RhwwZduHBBkvTtt9+qUaNGqlatmmbPnq2CBQvq/Pnz2r9/v/r27atXX31V7u7u1v7Wr1+vokWL6sqVKzpw4IDGjx+vkiVLauXKlapataqkW2FRWFiY9u3bpyFDhqhChQpydXXVTz/9pFGjRqlUqVIKCQl5qs/By8vL8Dk2Nlavv/66/Pz87trmQd24cUP29vaP1AcAAAAAAFmFEUbPiUuXLunHH3/U8OHDVaVKFfn5+als2bLq3bu3Xn/9dSUnJ6tVq1Z6/fXXtXr1atWoUUMFCxZU2bJl9cEHH2jfvn1yc3Mz9Onh4SEvLy8VKFBA9erV0/r161WuXDm1atVKqampkqRx48Zpy5Yt2rBhgzp06KCQkBAVKFBATZs21c6dOxUYGJhpvXPnzlXp0qXl4uIiLy8vNW3aVOfOnbMev3jxopo1a6ZcuXLJyclJgYGBmjVrlqRbYU3Hjh3l7e0tR0dH+fv7KyIiwnru7VPSTCaT9uzZo8GDB8tkMmngwIGZTkk7dOiQateuLbPZrDx58ui9997TX3/9ZT1euXJldezYUV27dpWnp6eqV6/+SN8XAAAAAABZicDoOWE2m2U2m7V8+XJdv349w/F169bp/Pnz6tGjx137MJlM97yGjY2NPvroI506dUp79uyRJM2bN0/VqlVTqVKlMrTPli2bnJ2dM+3rxo0bGjJkiPbt26fly5fr5MmTCg8Ptx7v16+fDh06pDVr1igmJkaTJk2Sp6enJGnChAlasWKFFi1apCNHjmju3Lny9/fP9DoJCQkqWrSounXrpoSEBHXv3j3TNpUqVVJISIh2796ttWvX6o8//lCjRo0M7WbPni07Oztt27ZNU6ZMydDP9evXlZSUZNgAAAAAAHgWMSXtOWFnZ6fIyEi1bt1akydPVmhoqCpVqqR33nlHJUqU0NGjRyVJhQoVsp6za9cuValSxfp5wYIFqlOnzj2vU7hwYUm31jkqW7asjh07psqVKz9wvS1btrT+u0CBApowYYLKli2ry5cvy2w2Kz4+XqVKlVLp0qUlyRAIxcfHKzAwUK+88opMJpNhqtmdvLy8ZGdnJ7PZbJ2GdvvIIUmaNGmSQkNDNWzYMOu+mTNnysfHR0ePHlVQUJAkKSAgQCNGjLjrtSIiIjRo0KD7fwgAAAAAAGQRRhg9Rxo2bKgzZ85oxYoVCgsLU1RUlEJDQxUZGZlp+xIlSig6OlrR0dFKTk5WSkrKP14jfWHs9NFIFovlH0cmZWbv3r2qV6+e/Pz85OLiYg2d4uPjJUnt2rXTggULFBISoh49emj79u3Wc8PDwxUdHa1ChQqpc+fOWrdu3QNf/3Z79uzRpk2brKO0zGazNRiLjY21tksPr+6md+/eSkxMtG6nT59+pLoAAAAAAHhSCIyeM46Ojqpevbr69++v7du3Kzw8XAMGDLCuJXTkyBFrWwcHBwUEBCggIOC++4+JiZEk5c+fX5IUFBRk3Xe/kpOTVaNGDZnNZs2dO1e7du3SsmXLJN2aqiZJtWrV0qlTp9SlSxedOXNGVatWtU4nCw0N1cmTJzVkyBBdvXpVjRo10ltvvfVANdwuLS1NdevWtYZn6duxY8dUsWJFa7u7Ta9L5+DgIFdXV8MGAAAAAMCziMDoORccHGwNaHLmzKnhw4c/dF9paWmaMGGC8ufPb12zqGnTplq/fr327t2boX1KSoqSk5Mz7D98+LD++usvff7553r11VdVuHBhw4LX6XLlyqXw8HDNnTtX48aN09SpU63HXF1d1bhxY02bNk0LFy7UkiVLrG+De1ChoaE6ePCg/P39rQFa+vZPIREAAAAAAP9GBEbPifPnz+u1117T3LlztX//fp08eVLffPONRowYoXr16slsNmv69OlavXq1Xn/9dX3//fc6ceKE9u/fb12Xx9bWNkOfZ8+e1YkTJ7RixQpVq1ZNP//8s2bMmGFt26VLF1WoUEFVq1bVV199pX379unEiRNatGiRypUrp2PHjmWo1dfXV/b29vriiy+sfQ8ZMsTQpn///vr22291/PhxHTx4UKtWrVKRIkUkSWPHjtWCBQt0+PBhHT16VN988428vLzk7u7+UM+uQ4cOunDhgpo0aaKff/5ZJ06c0Lp169SyZUvr2+AAAAAAAPgvYdHr54TZbFa5cuU0duxYxcbG6ubNm/Lx8VHr1q3Vp08fSdKbb76p7du3a/jw4WrevLkuXLggNzc3lS5dOtMFr6tVqyZJyp49u/z8/FSlShVNnTrVMIXNwcFBP/zwg8aOHaspU6aoe/fuyp49u4oUKaLOnTurWLFiGWrNlSuXIiMj1adPH02YMEGhoaEaNWqU3njjDWsbe3t79e7dW3FxcXJyctKrr76qBQsWWO91+PDhOnbsmGxtbVWmTBl99913srF5uHw0b9682rZtm3r27KmwsDBdv35dfn5+qlmz5kP3CQAAAADAs8xkSV+lGMBTlZSUJDc3Nw3YckKOZpesLuep6lXKM6tLAAAAAIDnTvrfoYmJif+4ri7DIwAAAAAAAGBAYAQAAAAAAAADAiMAAAAAAAAYEBgBAAAAAADAgMAIAAAAAAAABgRGAAAAAAAAMCAwAgAAAAAAgIFdVhcAPO+6lvSQq6trVpcBAAAAAIAVI4wAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADCwy+oCgOfdmH3n5Wi+8dj661XK87H1BQAAAAB4PjHCCAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERvhXioyMlLu7e1aXAQAAAADAfxKBETJ19uxZffTRRwoICJCjo6Py5MmjV155RZMnT9aVK1eyujw1btxYR48efez9mkwmOTo66tSpU4b99evXV3h4uPVzeHi4TCaTdfPw8FDNmjW1f//+x14TAAAAAABPG4ERMjhx4oRKlSqldevWadiwYdq7d6/Wr1+vjz/+WCtXrtT69euzukQ5OTkpd+7cT6Rvk8mk/v37/2O7mjVrKiEhQQkJCdqwYYPs7OxUp06dJ1ITAAAAAABPE4ERMmjfvr3s7Oy0e/duNWrUSEWKFFHx4sXVsGFDrV69WnXr1pUkjRkzRsWLF5ezs7N8fHzUvn17Xb582drPwIEDFRISYuh73Lhx8vf3t36OiopS2bJl5ezsLHd3d1WoUME6umffvn2qUqWKXFxc5OrqqhdffFG7d++WlHFKWmxsrOrVq6c8efLIbDarTJkyGYItf39/DRs2TC1btpSLi4t8fX01derUDPffqVMnzZ07VwcOHLjnc3JwcJCXl5e8vLwUEhKinj176vTp0/rzzz//8RkDAAAAAPAsIzCCwfnz57Vu3Tp16NBBzs7OmbYxmUySJBsbG02YMEG//vqrZs+erY0bN6pHjx73fa2UlBTVr19flSpV0v79+7Vjxw61adPG2n+zZs2UL18+7dq1S3v27FGvXr2ULVu2TPu6fPmyateurfXr12vv3r0KCwtT3bp1FR8fb2g3evRolS5dWnv37lX79u3Vrl07HT582NCmfPnyqlOnjnr37n3f93L58mXNmzdPAQEB8vDwyLTN9evXlZSUZNgAAAAAAHgWERjB4Pjx47JYLCpUqJBhv6enp8xms8xms3r27ClJ6tKli6pUqaL8+fPrtdde05AhQ7Ro0aL7vlZSUpISExNVp04dFSxYUEWKFFGLFi3k6+srSYqPj1e1atVUuHBhBQYG6u2331bJkiUz7atkyZL68MMPVbx4cQUGBmro0KEqUKCAVqxYYWhXu3ZttW/fXgEBAerZs6c8PT0VFRWVob+IiAitXbtWW7duvWv9q1atsj4TFxcXrVixQgsXLpSNTeb/tYqIiJCbm5t18/Hxuc8nBQAAAADA00VghEylj/JJ9/PPPys6OlpFixbV9evXJUmbNm1S9erV9cILL8jFxUXNmzfX+fPnlZycfF/XyJkzp8LDw62jgcaPH6+EhATr8a5du+qDDz5QtWrV9Pnnnys2NvaufSUnJ6tHjx4KDg6Wu7u7zGazDh8+nGGEUYkSJQz36OXlpXPnzmXoLzg4WM2bN7eGY5mpUqWKoqOjFR0drZ07d6pGjRqqVatWhgWz0/Xu3VuJiYnW7fTp03ftGwAAAACArERgBIOAgACZTKYM07QKFCiggIAAOTk5SZJOnTql2rVrq1ixYlqyZIn27Nmjr776SpJ08+ZNSbemrFksFkM/6cfSzZo1Szt27FD58uW1cOFCBQUF6aeffpJ0aw2kgwcP6vXXX9fGjRsVHBysZcuWZVr3J598oiVLluizzz7T1q1bFR0dreLFi+vGjRuGdndOaTOZTEpLS8u0z0GDBmnv3r1avnx5psednZ0VEBCggIAAlS1bVjNmzFBycrKmTZuWaXsHBwe5uroaNgAAAAAAnkUERjDw8PBQ9erV9eWXX95zpNDu3buVkpKi0aNH66WXXlJQUJDOnDljaJMrVy6dPXvWEBpFR0dn6KtUqVLq3bu3tm/frmLFiul///uf9VhQUJA+/vhjrVu3Tg0aNNCsWbMyrWfr1q0KDw/Xm2++qeLFi8vLy0txcXEPdvN38PHxUceOHdWnTx+lpqb+Y3uTySQbGxtdvXr1ka4LAAAAAEBWIzBCBhMnTlRKSopKly6thQsXKiYmRkeOHNHcuXN1+PBh2draqmDBgkpJSdEXX3yhEydOaM6cOZo8ebKhn8qVK+vPP//UiBEjFBsbq6+++kpr1qyxHj958qR69+6tHTt26NSpU1q3bp2OHj2qIkWK6OrVq+rYsaOioqJ06tQpbdu2Tbt27VKRIkUyrTkgIEBLly5VdHS09u3bp6ZNm9515NCD6N27t86cOZPhjWvSrUWsz549q7NnzyomJkadOnXS5cuXrW+RAwAAAADg34rACBkULFhQe/fuVbVq1dS7d2+VLFlSpUuX1hdffKHu3btryJAhCgkJ0ZgxYzR8+HAVK1ZM8+bNU0REhKGfIkWKaOLEifrqq69UsmRJ/fzzz+revbv1ePbs2XX48GE1bNhQQUFBatOmjTp27KgPP/xQtra2On/+vJo3b66goCA1atRItWrV0qBBgzKteezYscqRI4fKly+vunXrKiwsTKGhoY/8LHLmzKmePXvq2rVrGY6tXbtW3t7e8vb2Vrly5bRr1y598803qly58iNfFwAAAACArGSy3LnIDICnIikpSW5ubhqw5YQczS6Prd9epTwfW18AAAAAgP+O9L9DExMT/3FdXUYYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAA7usLgB43nUt6SFXV9esLgMAAAAAACtGGAEAAAAAAMCAwAgAAAAAAAAGBEYAAAAAAAAwIDACAAAAAACAAYERAAAAAAAADAiMAAAAAAAAYGCX1QUAz7sx+87L0XzjsfXXq5TnY+sLAAAAAPB8YoQRAAAAAAAADAiMAAAAAAAAYEBgBAAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAMCAwAgAAAAAAAAGBEYAAAAAAAAwIDACAAAAAACAAYERniiTyaTly5dndRkAAAAAAOABEBjhkYWHh6t+/fqZHktISFCtWrWebkF3kZqaqoiICBUuXFhOTk7KmTOnXnrpJc2aNUuSVLduXVWrVi3Tc3fs2CGTyaRffvnFum/JkiWqXLmy3NzcZDabVaJECQ0ePFgXLlx4KvcDAAAAAMCTQmCEJ8rLy0sODg5ZWoPFYlFKSooGDhyocePGaciQITp06JA2bdqk1q1b6+LFi5KkVq1aaePGjTp16lSGPmbOnKmQkBCFhoZKkj799FM1btxYZcqU0Zo1a/Trr79q9OjR2rdvn+bMmfNU7w8AAAAAgMeNwAhP1O1T0uLi4mQymbR06VJVqVJF2bNnV8mSJbVjxw7DOdu3b1fFihXl5OQkHx8fde7cWcnJydbjc+fOVenSpeXi4iIvLy81bdpU586dsx6PioqSyWTS999/r9KlS8vBwUFbt27VypUr1b59e7399tvKnz+/SpYsqVatWqlr166SpDp16ih37tyKjIw01HPlyhUtXLhQrVq1kiT9/PPPGjZsmEaPHq2RI0eqfPny8vf3V/Xq1bVkyRK1aNHiCTxJAAAAAACeHgIjPHWffvqpunfvrujoaAUFBalJkyZKSUmRJB04cEBhYWFq0KCB9u/fr4ULF+rHH39Ux44dreffuHFDQ4YM0b59+7R8+XKdPHlS4eHhGa7To0cPRUREKCYmRiVKlJCXl5c2btyoP//8M9O67Ozs1Lx5c0VGRspisVj3f/PNN7px44aaNWsmSZo3b57MZrPat2+faT/u7u6Z7r9+/bqSkpIMGwAAAAAAzyICIzx13bt31+uvv66goCANGjRIp06d0vHjxyVJI0eOVNOmTdWlSxcFBgaqfPnymjBhgr7++mtdu3ZNktSyZUvVqlVLBQoU0EsvvaQJEyZozZo1unz5suE6gwcPVvXq1VWwYEF5eHhozJgx+vPPP+Xl5aUSJUqobdu2WrNmjeGcli1bKi4uTlFRUdZ9M2fOVIMGDZQjRw5J0rFjx1SgQAFly5btge47IiJCbm5u1s3Hx+dBHx0AAAAAAE8FgRGeuhIlSlj/7e3tLUnWKWV79uxRZGSkzGazdQsLC1NaWppOnjwpSdq7d6/q1asnPz8/ubi4qHLlypKk+Ph4w3VKly5t+BwcHKxff/1VP/30k95//3398ccfqlu3rj744ANrm8KFC6t8+fKaOXOmJCk2NlZbt25Vy5YtrW0sFotMJtMD33fv3r2VmJho3U6fPv3AfQAAAAAA8DQQGOGpu31kTnrwkpaWZv3PDz/8UNHR0dZt3759OnbsmAoWLKjk5GTVqFFDZrNZc+fO1a5du7Rs2TJJt6aq3c7Z2TnDtW1sbFSmTBl9/PHHWrZsmSIjIzVjxgxrGCXdWvx6yZIlSkpK0qxZs+Tn56eqVatajwcFBSk2NlY3b958oPt2cHCQq6urYQMAAAAA4FlEYIRnSmhoqA4ePKiAgIAMm729vQ4fPqy//vpLn3/+uV599VUVLlzYsOD1gwoODpYkw6LajRo1kq2trf73v/9p9uzZev/99w0jipo2barLly9r4sSJmfZ56dKlh64HAAAAAIBngV1WF4D/hsTEREVHRxv25cyZ84H76dmzp1566SV16NBBrVu3lrOzs2JiYvTDDz/oiy++kK+vr+zt7fXFF1+obdu2+vXXXzVkyJD76vutt95ShQoVVL58eXl5eenkyZPq3bu3goKCVLhwYWs7s9msxo0bq0+fPkpMTMywoHa5cuXUo0cPdevWTb///rvefPNN5c2bV8ePH9fkyZP1yiuv6KOPPnrgewcAAAAA4FnBCCM8FlFRUSpVqpRh69+//wP3U6JECW3evFnHjh3Tq6++qlKlSqlfv37WtY5y5cqlyMhIffPNNwoODtbnn3+uUaNG3VffYWFhWrlyperWraugoCC1aNFChQsX1rp162RnZ8xOW7VqpYsXL6patWry9fXN0Nfw4cP1v//9Tzt37lRYWJiKFi2qrl27qkSJEmrRosUD3zcAAAAAAM8Sk+X294cDeGqSkpLk5uamAVtOyNHs8tj67VXK87H1BQAAAAD470j/OzQxMfEf19VlhBEAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADCwy+oCgOdd15IecnV1zeoyAAAAAACwYoQRAAAAAAAADAiMAAAAAAAAYEBgBAAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAMCAwAgAAAAAAAAGBEYAAAAAAAAwsMvqAoDn3Zh95+VovpHVZQDPtV6lPLO6BAAAAOCZwggjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAAwKjx8jf31/jxo3L6jL+dcLDw1W/fv2ncq07v6OzZ8+qevXqcnZ2lru7uyTJZDJp+fLlT6UeAAAAAACeRf+5wCg8PFwmk0kmk0l2dnby9fVVu3btdPHixawu7bHx9/e33mP6li9fviyvKbOwzGKxaOrUqSpXrpzMZrPc3d1VunRpjRs3TleuXHnqde7atUtt2rSxfh47dqwSEhIUHR2to0ePSpISEhJUq1atp14bAAAAAADPCrusLuBJqFmzpmbNmqWUlBQdOnRILVu21KVLlzR//vysLu2xGTx4sFq3bm39bGtr+9B93bx5U9myZXscZWXw3nvvaenSperbt6++/PJL5cqVS/v27dO4cePk7+//1EYWpcuVK5fhc2xsrF588UUFBgZa93l5eT3SNW7cuCF7e/tH6gMAAAAAgKz0nxthJEkODg7y8vJSvnz5VKNGDTVu3Fjr1q2TJKWmpqpVq1bKnz+/nJycVKhQIY0fP95wfvoUqVGjRsnb21seHh7q0KGDbt68aW1z7tw51a1bV05OTsqfP7/mzZuXoY74+HjVq1dPZrNZrq6uatSokf744w/r8YEDByokJEQzZ86Ur6+vzGaz2rVrp9TUVI0YMUJeXl7KnTu3Pvvsswx9u7i4yMvLy7rdHoRMmjRJBQsWlL29vQoVKqQ5c+YYzjWZTJo8ebLq1asnZ2dnDR06VJK0cuVKvfjii3J0dFSBAgU0aNAgpaSkGOr19fWVg4OD8ubNq86dO0uSKleurFOnTunjjz+2jniSpEWLFmnevHmaP3+++vTpozJlysjf31/16tXTxo0bVaVKlUy/v7Vr1+qVV16Ru7u7PDw8VKdOHcXGxlqP37hxQx07dpS3t7ccHR3l7++viIiIf6xTMo6E8vf315IlS/T111/LZDIpPDzc+nxun5L2+++/q3HjxsqRI4c8PDxUr149xcXFWY+n/14iIiKUN29eBQUFZXpfAAAAAAD8W/wnRxjd7sSJE1q7dq11BE1aWpry5cunRYsWydPTU9u3b1ebNm3k7e2tRo0aWc/btGmTvL29tWnTJh0/flyNGzdWSEiIdVRPeHi4Tp8+rY0bN8re3l6dO3fWuXPnrOdbLBbVr19fzs7O2rx5s1JSUtS+fXs1btxYUVFR1naxsbFas2aN1q5dq9jYWL311ls6efKkgoKCtHnzZm3fvl0tW7ZU1apV9dJLL/3j/S5btkwfffSRxo0bp2rVqmnVqlV6//33lS9fPkNAM2DAAEVERGjs2LGytbXV999/r3fffVcTJkzQq6++qtjYWOvUrQEDBmjx4sUaO3asFixYoKJFi+rs2bPat2+fJGnp0qUqWbKk2rRpYxj1NG/ePBUqVEj16tXLUKfJZJKbm1um95CcnKyuXbuqePHiSk5OVv/+/fXmm28qOjpaNjY2mjBhglasWKFFixbJ19dXp0+f1unTpyXpnnXeadeuXWrevLlcXV01fvx4OTk5ZWhz5coVValSRa+++qq2bNkiOzs7DR06VDVr1tT+/futI4k2bNggV1dX/fDDD7JYLJle7/r167p+/br1c1JSUqbtAAAAAADIav/JwGjVqlUym81KTU3VtWvXJEljxoyRJGXLlk2DBg2yts2fP7+2b9+uRYsWGQKjHDly6Msvv5Stra0KFy6s119/XRs2bFDr1q119OhRrVmzRj/99JPKlSsnSZoxY4aKFCliPX/9+vXav3+/Tp48KR8fH0nSnDlzVLRoUe3atUtlypSRdCvAmjlzplxcXBQcHKwqVaroyJEj+u6772RjY6NChQpp+PDhioqKMgRGPXv2VN++fa2fhw0bps6dO2vUqFEKDw9X+/btJUldu3bVTz/9pFGjRhkCo6ZNm6ply5bWz++995569eqlFi1aSJIKFCigIUOGqEePHhowYIDi4+Pl5eWlatWqKVu2bPL19VXZsmUlSTlz5pStra111FO6Y8eOqVChQg/8/TVs2NDwecaMGcqdO7cOHTqkYsWKKT4+XoGBgXrllVdkMpnk5+dnbXuvOu+UK1cuOTg4yMnJ6a7T0BYsWCAbGxtNnz7dOnJq1qxZcnd3V1RUlGrUqCFJcnZ21vTp0+85FS0iIsLw2wMAAAAA4Fn1n5ySVqVKFUVHR2vnzp3q1KmTwsLC1KlTJ+vxyZMnq3Tp0sqVK5fMZrOmTZum+Ph4Qx9FixY1rAvk7e1tHUEUExMjOzs7lS5d2nq8cOHC1rdspbfx8fGxhkWSFBwcLHd3d8XExFj3+fv7y8XFxfo5T548Cg4Olo2NjWHf7aOXJOmTTz5RdHS0dWvevLn1uhUqVDC0rVChguGakgy1S9KePXs0ePBgmc1m69a6dWslJCToypUrevvtt3X16lUVKFBArVu31rJlywzT1TJjsVisIcuDiI2NVdOmTVWgQAG5uroqf/78kmT9jsLDwxUdHa1ChQqpc+fO1umGkh6qznvZs2ePjh8/LhcXF+tzyZkzp65du2aYJle8ePF/XLeod+/eSkxMtG7po6IAAAAAAHjW/CcDI2dnZwUEBKhEiRKaMGGCrl+/bh3ZsWjRIn388cdq2bKl1q1bp+joaL3//vu6ceOGoY87F4E2mUxKS0uTJOuUo3uFIXcLS+7cn9l17nXtdJ6engoICLBut4dVd143s1qcnZ0Nn9PS0jRo0CBDCHXgwAEdO3ZMjo6O8vHx0ZEjR/TVV1/JyclJ7du3V8WKFQ3rOt0pKCgoQ1B1P+rWravz589r2rRp2rlzp3bu3ClJ1u8oNDRUJ0+e1JAhQ3T16lU1atRIb731liQ9VJ33kpaWphdffNHwXNLfqNa0aVNruzufZ2YcHBzk6upq2AAAAAAAeBb9JwOjOw0YMECjRo3SmTNntHXrVpUvX17t27dXqVKlFBAQYBgpcj+KFCmilJQU7d6927rvyJEjunTpkvVzcHCw4uPjDaNIDh06pMTERMPUtcetSJEi+vHHHw37tm/f/o/XDA0N1ZEjRwwhVPqWPtrJyclJb7zxhiZMmKCoqCjt2LFDBw4ckCTZ29srNTXV0GfTpk119OhRffvttxmuZ7FYlJiYmGH/+fPnFRMTo759+6pq1aoqUqSILl68mKGdq6urGjdurGnTpmnhwoVasmSJLly48I91PqjQ0FAdO3ZMuXPnzvBc7rYGEwAAAAAA/3b/yTWM7lS5cmUVLVpUw4YNU2BgoL7++mt9//33yp8/v+bMmaNdu3ZZpz3dj0KFCqlmzZpq3bq1pk6dKjs7O3Xp0sWwaHK1atVUokQJNWvWTOPGjbMuel2pUqUM08Eep08++USNGjVSaGioqlatqpUrV2rp0qVav379Pc/r37+/6tSpIx8fH7399tuysbHR/v37deDAAQ0dOlSRkZFKTU1VuXLllD17ds2ZM0dOTk7W9YP8/f21ZcsWvfPOO3JwcJCnp6caNWqkZcuWqUmTJurXr5+qV6+uXLly6cCBAxo7dqw6deqk+vXrG+pIfxPZ1KlT5e3trfj4ePXq1cvQZuzYsfL29lZISIhsbGz0zTffyMvLS+7u7v9Y54Nq1qyZRo4cqXr16mnw4MHKly+f4uPjtXTpUn3yySfKly/fQ/ULAAAAAMCz7LkYYSTdWvx52rRpql+/vho0aKDGjRurXLlyOn/+vHWB6Acxa9Ys+fj4qFKlSmrQoIHatGmj3LlzW4+nv5o9R44cqlixoqpVq6YCBQpo4cKFj/O2Mqhfv77Gjx+vkSNHqmjRopoyZYpmzZqlypUr3/O8sLAwrVq1Sj/88IPKlCmjl156SWPGjLEGLe7u7po2bZoqVKigEiVKaMOGDVq5cqU8PDwkSYMHD1ZcXJwKFiyoXLlyWZ/B//73P40ZM0bLli1TpUqVVKJECQ0cOFD16tVTWFhYhjpsbGy0YMEC7dmzR8WKFdPHH3+skSNHGtqYzWYNHz5cpUuXVpkyZRQXF2ddJPyf6nxQ2bNn15YtW+Tr66sGDRqoSJEiatmypa5evcqUMgAAAADAf5bJcrd3gAN4opKSkuTm5qYBW07I0ezyzycAeGJ6lfLM6hIAAACAJy7979DExMR/HATx3IwwAgAAAAAAwP0hMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwMAuqwsAnnddS3rI1dU1q8sAAAAAAMCKEUYAAAAAAAAwIDACAAAAAACAAYERAAAAAAAADAiMAAAAAAAAYEBgBAAAAAAAAAMCIwAAAAAAABjYZXUBwPNuzL7zcjTfyOoy8C/Uq5RnVpcAAAAA4D+KEUYAAAAAAAAwIDACAAAAAACAAYERAAAAAAAADAiMAAAAAAAAYEBgBAAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAMCAwAgAAAAAAAAGBEbIcpGRkXJ3d38q1woPD1f9+vWtny0Wi9q0aaOcOXPKZDIpOjpalStXVpcuXZ5KPQAAAAAAPIsIjJ4TqampKl++vBo2bGjYn5iYKB8fH/Xt29e6b8mSJXrttdeUI0cOZc+eXYUKFVLLli21d+9ea5vIyEiZTCbrZjab9eKLL2rp0qUZrr1p0ybVrl1bHh4eyp49u4KDg9WtWzf9/vvvT+6G72L8+PGKjIy0fl67dq0iIyO1atUqJSQkqFixYlq6dKmGDBny1GsDAAAAAOBZQWD0nLC1tdXs2bO1du1azZs3z7q/U6dOypkzp/r37y9J6tmzpxo3bqyQkBCtWLFCBw8e1NSpU1WwYEH16dPH0Kerq6sSEhKUkJCgvXv3KiwsTI0aNdKRI0esbaZMmaJq1arJy8tLS5Ys0aFDhzR58mQlJiZq9OjRT+fmb+Pm5mYYzRQbGytvb2+VL19eXl5esrOzU86cOeXi4vLQ10hNTVVaWtpjqBYAAAAAgKxBYPQcCQwMVEREhDp16qQzZ87o22+/1YIFCzR79mzZ29vrp59+0ogRIzRmzBiNGTNGr776qvLnz69KlSrp008/1XfffWfoz2QyycvLS15eXgoMDNTQoUNlY2Oj/fv3S5J+++03de7cWZ07d9bMmTNVuXJl+fv7q2LFipo+fbo1pLpTbGys6tWrpzx58shsNqtMmTJav369oc3EiRMVGBgoR0dH5cmTR2+99Zb12OLFi1W8eHE5OTnJw8ND1apVU3JysiTjlLTw8HB16tRJ8fHxMplM8vf3l6QMU9Ju3LihHj166IUXXpCzs7PKlSunqKgo6/H0KXWrVq1ScHCwHBwcdOrUqYf5igAAAAAAeCbYZXUBeLo6deqkZcuWqXnz5jpw4ID69++vkJAQSdL8+fNlNpvVvn37TM81mUx37Tc1NVVff/21JCk0NFSS9M0331jDlszcbd2iy5cvq3bt2ho6dKgcHR01e/Zs1a1bV0eOHJGvr692796tzp07a86cOSpfvrwuXLigrVu3SpISEhLUpEkTjRgxQm+++ab+/vtvbd26VRaLJcN1xo8fr4IFC2rq1KnatWuXbG1tM63n/fffV1xcnBYsWKC8efNq2bJlqlmzpg4cOKDAwEBJ0pUrVxQREaHp06fLw8NDuXPnztDP9evXdf36devnpKSkuzxNAAAAAACyFoHRc8ZkMmnSpEkqUqSIihcvrl69elmPHT16VAUKFJCd3f/9LMaMGWMYCfT777/Lzc1N0q31j8xmsyTp6tWrypYtm3X6miQdO3ZMrq6u8vb2fqAaS5YsqZIlS1o/Dx06VMuWLdOKFSvUsWNHxcfHy9nZWXXq1JGLi4v8/PxUqlQpSbcCo5SUFDVo0EB+fn6SpOLFi2d6HTc3N7m4uMjW1lZeXl6ZtomNjdX8+fP122+/KW/evJKk7t27a+3atZo1a5aGDRsmSbp586YmTpxoqPtOERERGjRo0AM9CwAAAAAAsgJT0p5DM2fOVPbs2XXy5En99ttvhmN3jiJq2bKloqOjNWXKFCUnJxtG6ri4uCg6OlrR0dHau3evhg0bpg8//FArV66UdOsNZPcalXQ3ycnJ6tGjh4KDg+Xu7i6z2azDhw8rPj5eklS9enX5+fmpQIECeu+99zRv3jxduXJF0q2wqWrVqipevLjefvttTZs2TRcvXnzgGtL98ssvslgsCgoKktlstm6bN29WbGystZ29vb1KlChxz7569+6txMRE63b69OmHrgsAAAAAgCeJwOg5s2PHDo0dO1bffvutXn75ZbVq1coaAgUGBio2NlY3b960tnd3d1dAQIBeeOGFDH3Z2NgoICBAAQEBKlGihLp27aoqVapo+PDhkqSgoCAlJiYqISHhgWr85JNPtGTJEn322WfaunWroqOjVbx4cd24cUPSraDql19+0fz58+Xt7a3+/furZMmSunTpkmxtbfXDDz9ozZo1Cg4O1hdffKFChQrp5MmTD/W80tLSZGtrqz179ljDsejoaMXExGj8+PHWdk5OTv8Yjjk4OMjV1dWwAQAAAADwLCIweo5cvXpVLVq00Icffqhq1app+vTp2rVrl6ZMmSJJatKkiS5fvqyJEyc+9DVsbW119epVSdJbb70le3t7jRgxItO2ly5dynT/1q1bFR4erjfffFPFixeXl5eX4uLiDG3s7OxUrVo1jRgxQvv371dcXJw2btwo6dYoqQoVKmjQoEHau3ev7O3ttWzZsoe6n1KlSik1NVXnzp2zhmPp292msQEAAAAA8G/HGkbPkV69eiktLc06AsjX11ejR49W165dVbNmTb388svq1q2bunXrplOnTqlBgwby8fFRQkKCZsyYIZPJJBub/8sYLRaLzp49K+lWGPXDDz/o+++/t6555OPjo7Fjx6pjx45KSkpS8+bN5e/vr99++01ff/21zGazRo8enaHOgIAALV26VHXr1pXJZFK/fv0Mr6lftWqVTpw4oYoVKypHjhz67rvvlJaWpkKFCmnnzp3asGGDatSoody5c2vnzp36888/VaRIkYd6ZkFBQWrWrJmaN2+u0aNHq1SpUvrrr7+0ceNGFS9eXLVr136ofgEAAAAAeJYRGD0nNm/erK+++kpRUVFydna27m/durUWL16sVq1aaf369Ro1apTKli2rSZMmaebMmbpy5Yry5MmjihUraseOHYZpVElJSdYFrR0cHOTn56fBgwerZ8+e1jbt27dXUFCQRo0apTfffFNXr16Vv7+/6tSpo65du2Za69ixY9WyZUuVL19enp6e6tmzp+GNYu7u7lq6dKkGDhyoa9euKTAwUPPnz1fRokUVExOjLVu2aNy4cUpKSpKfn59Gjx6tWrVqPfSzmzVrloYOHapu3brp999/l4eHh15++WXCIgAAAADAf5bJktn7xgE8cUlJSXJzc9OALSfkaHbJ6nLwL9SrlGdWlwAAAADgXyT979DExMR/XFeXNYwAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAM7LK6AOB517Wkh1xdXbO6DAAAAAAArBhhBAAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAMCAwAgAAAAAAAAGBEYAAAAAAAAwIDACAAAAAACAgV1WFwA878bsOy9H842sLgOQJPUq5ZnVJQAAAAB4BjDCCAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACFnO399f48aNe+LXiYuLk8lkUnR0tHXftm3bVLx4cWXLlk3169dXVFSUTCaTLl269MTrAQAAAADgWUVg9AjCw8NlMpkybDVr1ryv8ytXrqwuXbo8ch3pQci9toEDBz7ydR5GUlKSPv30UxUuXFiOjo7y8vJStWrVtHTpUlkslqdai4+PjxISElSsWDHrvq5duyokJEQnT55UZGSkypcvr4SEBLm5uT3V2gAAAAAAeJbYZXUB/3Y1a9bUrFmzDPscHBweW/8Wi0Wpqamys7v7V5UehKQbNWqU1q5dq/Xr11v3mc3mB+rzcbh06ZJeeeUVJSYmaujQoSpTpozs7Oy0efNm9ejRQ6+99prc3d2faA23s7W1lZeXl2FfbGys2rZtq3z58ln33dnmQd24cUP29vaP1AcAAAAAAFmJEUaPyMHBQV5eXoYtR44cioqKkr29vbZu3WptO3r0aHl6eiohIUHh4eHavHmzxo8fbx0FFBcXZ50S9f3336t06dJycHDQ1q1bFRsbq3r16ilPnjwym80qU6aMNRBKD0LSN7PZLDs7O+vnw4cPy8XFJUOfFotFI0aMUIECBeTk5KSSJUtq8eLFhvs7dOiQateuLbPZrDx58ui9997TX3/9ZT2+ePFiFS9eXE5OTvLw8FC1atWUnJwsSerTp4/i4uK0c+dOtWjRQsHBwQoKClLr1q0VHR1tCLFuN2bMGBUvXlzOzs7y8fFR+/btdfnyZevxU6dOqW7dusqRI4ecnZ1VtGhRfffdd5KkixcvqlmzZsqVK5ecnJwUGBhoDfRun5KW/u/z58+rZcuWMplMioyMzHRK2vbt21WxYkU5OTnJx8dHnTt3tt6jdGtK3dChQxUeHi43Nze1bt36YX5KAAAAAAA8MwiMnpD06WbvvfeeEhMTtW/fPn366aeaNm2avL29NX78eL388stq3bq1EhISlJCQIB8fH+v5PXr0UEREhGJiYlSiRAldvnxZtWvX1vr167V3716FhYWpbt26io+Pv++a7uyzb9++mjVrliZNmqSDBw/q448/1rvvvqvNmzdLkhISElSpUiWFhIRo9+7dWrt2rf744w81atTIerxJkyZq2bKlYmJiFBUVpQYNGshisSgtLU0LFixQs2bNlDdv3gy1pIdambGxsdGECRP066+/avbs2dq4caN69OhhPd6hQwddv35dW7Zs0YEDBzR8+HBr+NSvXz8dOnRIa9asUUxMjCZNmiRPT88M10gfleXq6qpx48YpISFBjRs3ztDuwIEDCgsLU4MGDbR//34tXLhQP/74ozp27GhoN3LkSBUrVkx79uxRv379Mr2v69evKykpybABAAAAAPAsYkraI1q1alWGkTI9e/ZUv379NHToUK1fv15t2rTRwYMH9d577+nNN9+UJLm5ucne3l7Zs2fPdArU4MGDVb16detnDw8PlSxZ0vp56NChWrZsmVasWJEhvLib2/tMTk7WmDFjtHHjRr388suSpAIFCujHH3/UlClTVKlSJU2aNEmhoaEaNmyYtY+ZM2fKx8dHR48e1eXLl5WSkqIGDRrIz89PklS8eHFJ0rlz53Tx4kUVLlz4vmq73e3rOuXPn19DhgxRu3btNHHiRElSfHy8GjZsaL1WgQIFrO3j4+NVqlQplS5dWtKt0T+ZSR+VZTKZ5ObmdtdpaCNHjlTTpk2tNQUGBmrChAnW5+Po6ChJeu2119S9e/d73ldERIQGDRr0j/cPAAAAAEBWu+/AaMKECffdaefOnR+qmH+jKlWqaNKkSYZ9OXPmlCTZ29tr7ty5KlGihPz8/B7oTWDpgUe65ORkDRo0SKtWrdKZM2eUkpKiq1evPtAIo9v7PHTokK5du2YIpaRb6++UKlVKkrRnzx5t2rQp06ljsbGxqlGjhqpWrarixYsrLCxMNWrU0FtvvaUcOXJYF7Q2mUz3XV+6TZs2adiwYTp06JCSkpKUkpKia9euKTk5Wc7OzurcubPatWundevWqVq1amrYsKFKlCghSWrXrp0aNmyoX375RTVq1FD9+vVVvnz5B64h3Z49e3T8+HHNmzfPui99BNXJkydVpEgRSRm/r8z07t1bXbt2tX5OSkoyjCoDAAAAAOBZcd+B0dixY++rnclkeq4CI2dnZwUEBNz1+Pbt2yVJFy5c0IULF+Ts7Hzf/d7uk08+0ffff69Ro0YpICBATk5Oeuutt3Tjxo0HqjVdWlqaJGn16tV64YUXDO3SF+1OS0tT3bp1NXz48Ax9eXt7y9bWVj/88IO2b9+udevW6YsvvtCnn36qnTt3ys/PTzly5FBMTMx91yfdWp+odu3aatu2rYYMGaKcOXPqxx9/VKtWrXTz5k1J0gcffKCwsDCtXr1a69atU0REhEaPHq1OnTqpVq1aOnXqlFavXq3169eratWq6tChg0aNGvVAdaRLS0vThx9+mOlv2tfX1/rv+/leHRwcHuuC6AAAAAAAPCn3HRidPHnySdbxnxQbG6uPP/5Y06ZN06JFi9S8eXNt2LBBNja3lo6yt7dXamrqffW1detWhYeHW6e0Xb58WXFxcQ9dW3BwsBwcHBQfH69KlSpl2iY0NFRLliyRv7//XdcbMplMqlChgipUqKD+/fvLz89Py5YtU9euXdW4cWPNmTNHAwYMyLCOUXJyshwcHDL0u3v3bqWkpGj06NHW57Ro0aIM1/Xx8VHbtm3Vtm1b9e7dW9OmTVOnTp0kSbly5VJ4eLjCw8P16quv6pNPPnnowCg0NFQHDx68ZygIAAAAAMB/zSMten3jxg0dOXJEKSkpj6uef53r16/r7Nmzhu2vv/5Samqq3nvvPdWoUUPvv/++Zs2apV9//VWjR4+2nuvv76+dO3cqLi5Of/31l3XUT2YCAgK0dOlSRUdHa9++fWratOk92/8TFxcXde/eXR9//LFmz56t2NhY7d27V1999ZVmz54t6dbi0hcuXFCTJk30888/68SJE1q3bp1atmyp1NRU7dy5U8OGDdPu3bsVHx+vpUuX6s8//7RO0xo2bJh8fHxUrlw5ff311zp06JCOHTummTNnKiQkxPDms3QFCxZUSkqKvvjiC504cUJz5szR5MmTDW26dOmi77//XidPntQvv/yijRs3Wq/Zv39/ffvttzp+/LgOHjyoVatWWY89jJ49e2rHjh3q0KGDoqOjdezYMa1YscIaTgEAAAAA8F/0UIHRlStX1KpVK2XPnl1Fixa1rqPTuXNnff7554+1wGfd2rVr5e3tbdheeeUVffbZZ4qLi9PUqVMlSV5eXpo+fbr69u2r6OhoSVL37t1la2ur4OBg5cqV657rEY0dO1Y5cuRQ+fLlVbduXYWFhSk0NPSRah8yZIj69++viIgIFSlSRGFhYVq5cqXy588vScqbN6+2bdum1NRUhYWFqVixYvroo4/k5uYmGxsbubq6asuWLapdu7aCgoLUt29fjR49WrVq1ZIk5ciRQz/99JPeffddDR06VKVKldKrr76q+fPna+TIkXJzc8tQU0hIiMaMGaPhw4erWLFimjdvniIiIgxtUlNT1aFDBxUpUkQ1a9ZUoUKFrAti29vbq3fv3ipRooQqVqwoW1tbLViw4KGfUYkSJbR582YdO3ZMr776qkqVKqV+/frJ29v7ofsEAAAAAOBZZ7Kkr078AD766CNt27ZN48aNU82aNbV//34VKFBAK1as0IABA7R3794nUSvwn5KUlCQ3NzcN2HJCjmaXrC4HkCT1KuWZ1SUAAAAAeELS/w5NTEyUq6vrPdve9xpGt1u+fLkWLlyol156yfAWrODgYMXGxj5MlwAAAAAAAHhGPNSUtD///FO5c+fOsD85OfmhXqMOAAAAAACAZ8dDBUZlypTR6tWrrZ/TQ6Jp06bp5ZdffjyVAQAAAAAAIEs81JS0iIgI1axZU4cOHVJKSorGjx+vgwcPaseOHdq8efPjrhEAAAAAAABP0UONMCpfvry2bdumK1euqGDBglq3bp3y5MmjHTt26MUXX3zcNQIAAAAAAOApeqgRRpJUvHhxzZ49+3HWAgAAAAAAgGfAfQdGSUlJ993pP72aDQAAAAAAAM+u+w6M3N3d7/sNaKmpqQ9dEPC86VrSg5AVAAAAAPBMue/AaNOmTdZ/x8XFqVevXgoPD7e+FW3Hjh2aPXu2IiIiHn+VAAAAAAAAeGpMFovF8qAnVa1aVR988IGaNGli2P+///1PU6dOVVRU1OOqD/jPSkpKkpubmxITExlhBAAAAAB44h7k79CHekvajh07VLp06Qz7S5curZ9//vlhugQAAAAAAMAz4qECIx8fH02ePDnD/ilTpsjHx+eRiwIAAAAAAEDWue81jG43duxYNWzYUN9//71eeuklSdJPP/2k2NhYLVmy5LEWCAAAAAAAgKfroUYY1a5dW8eOHdMbb7yhCxcu6Pz586pXr56OHj2q2rVrP+4aAQAAAAAA8BQ91KLXAB5d+mJjA7ackKPZJavLASRJvUp5ZnUJAAAAAJ6QB1n0+qGmpEnSpUuXNGPGDMXExMhkMik4OFgtW7aUm5vbw3YJAAAAAACAZ8BDTUnbvXu3ChYsqLFjx+rChQv666+/NGbMGBUsWFC//PLL464RAAAAAAAAT9FDjTD6+OOP9cYbb2jatGmys7vVRUpKij744AN16dJFW7ZseaxFAgAAAAAA4Ol5qMBo9+7dhrBIkuzs7NSjRw+VLl36sRUHAAAAAACAp++hpqS5uroqPj4+w/7Tp0/LxYXFewEAAAAAAP7NHiowaty4sVq1aqWFCxfq9OnT+u2337RgwQJ98MEHatKkyeOuEQAAAAAAAE/RQ01JGzVqlEwmk5o3b66UlBRZLBbZ29urXbt2+vzzzx93jQAAAAAAAHiKHiowsre31/jx4xUREaHY2FhZLBYFBAQoe/bsj7s+AAAAAAAAPGUPFBi1bNnyvtrNnDnzoYoBAAAAAABA1nugNYwiIyO1adMmXbp0SRcvXrzrBjyIypUrq0uXLk/lWiaTScuXL7d+Pnz4sF566SU5OjoqJCREcXFxMplMio6Ofir1AAAAAADwLHqgwKht27ZKTEzUiRMnVKVKFc2YMUPLli3LsOHZFR4eLpPJpLZt22Y41r59e5lMJoWHh1vb1q9f/659+fv7y2QyyWQyKXv27CpWrJimTJliaHPjxg2NGDFCJUuWVPbs2eXp6akKFSpo1qxZunnz5uO8tfuSkJCgWrVqWT8PGDBAzs7OOnLkiDZs2CAfHx8lJCSoWLFiT702AAAAAACeFQ8UGE2cOFEJCQnq2bOnVq5cKR8fHzVq1Ejff/+9LBbLk6oRj5mPj48WLFigq1evWvddu3ZN8+fPl6+v7wP1NXjwYCUkJGj//v2qX7++2rZtq4ULF0q6FRaFhYXp888/V5s2bbR9+3b9/PPP6tChg7744gsdPHjwsd7X/fDy8pKDg4P1c2xsrF555RX5+fnJw8NDtra28vLykp3dQy3vJenWfQMAAAAA8G/2QIGRJDk4OKhJkyb64YcfdOjQIRUtWlTt27eXn5+fLl++/CRqxGMWGhoqX19fLV261Lpv6dKl8vHxUalSpR6oLxcXF3l5eSkgIEBDhw5VYGCgdcrXuHHjtGXLFm3YsEEdOnRQSEiIChQooKZNm2rnzp0KDAzMtM+5c+eqdOnS1r6bNm2qc+fOWY9fvHhRzZo1U65cueTk5KTAwEDNmjVL0q2wpmPHjvL29pajo6P8/f0VERFhPff2KWkmk0l79uzR4MGDZTKZNHDgwEynpB06dEi1a9eW2WxWnjx59N577+mvv/6yHq9cubI6duyorl27ytPTU9WrV3+gZwgAAAAAwLPmgQOj26VPR7JYLEpLS3tcNeEpeP/9960hi3RrofL7XdT8XhwdHa1TzebNm6dq1aplGkJly5ZNzs7OmfZx48YNDRkyRPv27dPy5ct18uRJ6zQ5SerXr58OHTqkNWvWKCYmRpMmTZKnp6ckacKECVqxYoUWLVqkI0eOaO7cufL398/0OgkJCSpatKi6deumhIQEde/ePdM2lSpVUkhIiHbv3q21a9fqjz/+UKNGjQztZs+eLTs7O23bti3DtLx0169fV1JSkmEDAAAAAOBZ9MDzbq5fv66lS5dq5syZ+vHHH1WnTh19+eWXqlmzpmxsHil/wlP03nvvqXfv3tYRNdu2bdOCBQsUFRX1UP2lpKRo7ty5OnDggNq1aydJOnbsmCpXrvzAfd0eXBUoUEATJkxQ2bJldfnyZZnNZsXHx6tUqVIqXbq0JBkCofj4eAUGBuqVV16RyWSSn5/fXa+TPvXMbDbLy8tLkgwjhyRp0qRJCg0N1bBhw6z7Zs6cKR8fHx09elRBQUGSpICAAI0YMeKe9xUREaFBgwbd30MAAAAAACALPVDC0759e3l7e2v48OGqU6eOfvvtN33zzTeqXbs2YdG/jKenp15//XXNnj1bs2bN0uuvv24dpfMgevbsKbPZLCcnJ3Xo0EGffPKJPvzwQ0mSxWKRyWR64D737t2revXqyc/PTy4uLtbQKT4+XpLUrl07LViwQCEhIerRo4e2b99uPTc8PFzR0dEqVKiQOnfurHXr1j3w9W+3Z88ebdq0SWaz2boVLlxY0q31j9Klh1f30rt3byUmJlq306dPP1JtAAAAAAA8KQ80wmjy5Mny9fVV/vz5tXnzZm3evDnTdrevjYNnV8uWLdWxY0dJ0ldfffVQfXzyyScKDw9X9uzZ5e3tbQiIgoKCFBMT80D9JScnq0aNGqpRo4bmzp2rXLlyKT4+XmFhYdbFpGvVqqVTp05p9erVWr9+vapWraoOHTpo1KhRCg0N1cmTJ7VmzRqtX79ejRo1UrVq1bR48eKHur+0tDTVrVtXw4cPz3DM29vb+u+7Ta+7nYODg2HBbQAAAAAAnlUPFBg1b978oUaM4NlUs2ZNawgTFhb2UH14enoqICAg02NNmzZVnz59tHfv3gzrGKWkpOj69esZgpbDhw/rr7/+0ueffy4fHx9J0u7duzP0nStXLoWHhys8PFyvvvqqPvnkE40aNUqS5OrqqsaNG6tx48Z66623VLNmTV24cEE5c+Z84PsLDQ3VkiVL5O/v/0hvTgMAAAAA4N/kgf4CjoyMfEJlICvY2tpaRwDZ2tpm2iYxMdHwxjBJypkzp3x9ff+x/y5dumj16tWqWrWqhgwZoldeeUUuLi7avXu3hg8frhkzZigkJMRwjq+vr+zt7fXFF1+obdu2+vXXXzVkyBBDm/79++vFF19U0aJFdf36da1atUpFihSRJI0dO1be3t4KCQmRjY2NvvnmG3l5ecnd3f3+HsodOnTooGnTpqlJkyb65JNP5OnpqePHj2vBggWaNm3aXZ8bAAAAAAD/ZgyZeM65urre83hUVFSG0UEtWrS4r/DQwcFBP/zwg8aOHaspU6aoe/fuyp49u4oUKaLOnTurWLFiGc7JlSuXIiMj1adPH02YMEGhoaEaNWqU3njjDWsbe3t764LdTk5OevXVV7VgwQJJktls1vDhw3Xs2DHZ2tqqTJky+u677x56ja28efNq27Zt6tmzp8LCwnT9+nX5+fmxyDsAAAAA4D/NZLFYLFldBPA8SkpKkpubmwZsOSFHs0tWlwNIknqVevDF7wEAAAD8O6T/HZqYmPiPA0gYIgEAAAAAAAADAiMAAAAAAAAYEBgBAAAAAADAgMAIAAAAAAAABgRGAAAAAAAAMCAwAgAAAAAAgAGBEQAAAAAAAAzssroA4HnXtaSHXF1ds7oMAAAAAACsGGEEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAICBXVYXADzvxuw7L0fzjawu41+vVynPrC4BAAAAAP4zGGEEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGD0L+bv769x48Y99PmRkZFyd3d/bPX8W8XFxclkMik6OjqrSwEAAAAA4JlAYPQEhYeHq379+k+s/127dqlNmzb31TazcKlx48Y6evTofV+vcuXKMplMMplMsre3V8GCBdW7d29dv379Qcp+5vj4+CghIUHFihXL6lIAAAAAAHgm2GV1AXh4uXLleqTznZyc5OTk9EDntG7dWoMHD9aNGze0a9cuvf/++5KkiIiIR6rlXlJTU2UymWRj82TyTVtbW3l5eT2RvgEAAAAA+DdihFEW2bx5s8qWLSsHBwd5e3urV69eSklJsR7/+++/1axZMzk7O8vb21tjx45V5cqV1aVLF2ubO0cNDRw4UL6+vnJwcFDevHnVuXNnSbdGBp06dUoff/yxdYSQlPmUtBUrVqh06dJydHSUp6enGjRoYDiePXt2eXl5ydfXVw0bNlT16tW1bt0663GLxaIRI0aoQIECcnJyUsmSJbV48eIM1wgMDJSTk5OqVKmi2bNny2Qy6dKlS4a6Vq1apeDgYDk4OOjUqVO6ceOGevTooRdeeEHOzs4qV66coqKirP2eOnVKdevWVY4cOeTs7KyiRYvqu+++kyRdvHhRzZo1U65cueTk5KTAwEDNmjVLUuZT0v7p+6lcubI6d+6sHj16KGfOnPLy8tLAgQPv/oUDAAAAAPAvwgijLPD777+rdu3aCg8P19dff63Dhw+rdevWcnR0tIYOXbt21bZt27RixQrlyZNH/fv31y+//KKQkJBM+1y8eLHGjh2rBQsWqGjRojp79qz27dsnSVq6dKlKliypNm3aqHXr1neta/Xq1WrQoIE+/fRTzZkzRzdu3NDq1avv2n7fvn3atm2b/P39rfv69u2rpUuXatKkSQoMDNSWLVv07rvvKleuXKpUqZLi4uL01ltv6aOPPtIHH3ygvXv3qnv37hn6vnLliiIiIjR9+nR5eHgod+7cev/99xUXF6cFCxYob968WrZsmWrWrKkDBw4oMDBQHTp00I0bN7RlyxY5Ozvr0KFDMpvNkqR+/frp0KFDWrNmjTw9PXX8+HFdvXr1ob8fSZo9e7a6du2qnTt3aseOHQoPD1eFChVUvXr1TPu9fv26YfpeUlLSXZ8tAAAAAABZicAoC0ycOFE+Pj768ssvZTKZVLhwYZ05c0Y9e/ZU//79lZycrNmzZ+t///ufqlatKkmaNWuW8ubNe9c+4+Pj5eXlpWrVqilbtmzy9fVV2bJlJUk5c+aUra2tXFxc7jn16rPPPtM777yjQYMGWfeVLFkyQ+3Tp0/XzZs3dePGDdnY2Oirr76SJCUnJ2vMmDHauHGjXn75ZUlSgQIF9OOPP2rKlCmqVKmSJk+erEKFCmnkyJGSpEKFCunXX3/VZ599ZrjOzZs3NXHiROv1Y2NjNX/+fP3222/W59C9e3etXbtWs2bN0rBhwxQfH6+GDRuqePHi1mvf/nxKlSql0qVLS5Ih5LrTP30/6VPjSpQooQEDBkiSAgMD9eWXX2rDhg13DYwiIiIMzxYAAAAAgGcVU9KyQExMjF5++WXr1DBJqlChgi5fvqzffvtNJ06c0M2bN62BjyS5ubmpUKFCd+3z7bff1tWrV1WgQAG1bt1ay5YtM0yhuh/R0dHWgOpumjVrpujoaO3YsUONGjVSy5Yt1bBhQ0nSoUOHdO3aNVWvXl1ms9m6ff3114qNjZUkHTlyRGXKlDH0eft9prO3t1eJEiWsn3/55RdZLBYFBQUZ+t68ebO1786dO2vo0KGqUKGCBgwYoP3791vPb9eunRYsWKCQkBD16NFD27dvv+s9/tP3k+72+iTJ29tb586du2u/vXv3VmJionU7ffr0XdsCAAAAAJCVGGGUBSwWiyGMSN8nSSaTyfDvzNpkxsfHR0eOHNEPP/yg9evXq3379ho5cqQ2b96sbNmy3Vdd97MAtpubmwICAiRJc+fOVdGiRTVjxgy1atVKaWlpkm5NbXvhhRcM5zk4OFjv4X7uy8nJydAuLS1Ntra22rNnj2xtbQ1t06edffDBBwoLC9Pq1au1bt06RUREaPTo0erUqZNq1aqlU6dOafXq1Vq/fr2qVq2qDh06aNSoURmu/U/fT7o7n6vJZLI+g8w4ODhYnwMAAAAAAM8yRhhlgeDgYG3fvt0QlGzfvl0uLi564YUXVLBgQWXLlk0///yz9XhSUpKOHTt2z36dnJz0xhtvaMKECYqKitKOHTt04MABSbdG7KSmpt7z/BIlSmjDhg33fR/ZsmVTnz591LdvX125csW6QHV8fLwCAgIMm4+PjySpcOHC2rVrl6Gf3bt3/+O1SpUqpdTUVJ07dy5D37dPs/Px8VHbtm21dOlSdevWTdOmTbMey5Url8LDwzV37lyNGzdOU6dOzfRa//T9AAAAAADwX0dg9IQlJiYqOjrasLVp00anT59Wp06ddPjwYX377bcaMGCAunbtKhsbG7m4uKhFixb65JNPtGnTJh08eFAtW7aUjY1NhpEv6SIjIzVjxgz9+uuvOnHihObMmSMnJyf5+flJurVmz5YtW/T777/rr7/+yrSPAQMGaP78+RowYIBiYmJ04MABjRgx4p7317RpU5lMJk2cOFEuLi7q3r27Pv74Y82ePVuxsbHau3evvvrqK82ePVuS9OGHH+rw4cPq2bOnjh49qkWLFikyMlJSxhFVtwsKClKzZs3UvHlzLV26VCdPntSuXbs0fPhw65vQunTpou+//14nT57UL7/8oo0bN6pIkSKSpP79++vbb7/V8ePHdfDgQa1atcp67E7t27e/5/cDAAAAAMB/HX/9PmFRUVEqVaqUYRswYIC+++47/fzzzypZsqTatm2rVq1aqW/fvtbzxowZo5dffll16tRRtWrVVKFCBRUpUkSOjo6ZXsfd3V3Tpk1ThQoVrCOFVq5cKQ8PD0nS4MGDFRcXp4IFCypXrlyZ9lG5cmV98803WrFihUJCQvTaa69p586d97w/e3t7dezYUSNGjNDly5c1ZMgQ9e/fXxERESpSpIjCwsK0cuVK5c+fX5KUP39+LV68WEuXLlWJEiU0adIkffrpp5L0j9O1Zs2apebNm6tbt24qVKiQ3njjDe3cudM6eik1NVUdOnRQkSJFVLNmTRUqVEgTJ0601tm7d2+VKFFCFStWlK2trRYsWJDpdV544YV//H4AAAAAAPgvM1nutTAOnhnJycl64YUXNHr0aLVq1Sqry3msPvvsM02ePPm5WwQ6KSlJbm5uGrDlhBzNLlldzr9er1KeWV0CAAAAADzT0v8OTUxMlKur6z3bsuj1M2rv3r06fPiwypYtq8TERA0ePFiSVK9evSyu7NFNnDhRZcqUkYeHh7Zt26aRI0eqY8eOWV0WAAAAAAD4/wiMnmGjRo3SkSNHZG9vrxdffFFbt26Vp+e/fxTFsWPHNHToUF24cEG+vr7q1q2bevfundVlAQAAAACA/48paUAWYUra48WUNAAAAAC4tweZksai1wAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgwFvSgCzWtaTHPy42BgAAAADA08QIIwAAAAAAABgQGAEAAAAAAMCAwAgAAAAAAAAGBEYAAAAAAAAwIDACAAAAAACAAYERAAAAAAAADOyyugDgeTdm33k5mm9kdRnAc61XKc+sLgEAAAB4pjDCCAAAAAAAAAYERgAAAAAAADAgMAIAAAAAAIABgREAAAAAAAAMCIwAAAAAAABgQGAEAAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAwIDACAAAAAAAAAYERvjPiouLk8lkUnR0tCQpKipKJpNJly5dkiRFRkbK3d09y+oDAAAAAOBZRWCEuwoPD5fJZLJuHh4eqlmzpvbv35/VpT0WjRs31tGjR62fIyMjZTKZVLNmTUO7S5cuyWQyKSoqyrrv9udiZ2cnX19fde3aVdevX39a5QMAAAAA8MQQGOGeatasqYSEBCUkJGjDhg2ys7NTnTp1Hrq/GzduPMbqHo2Tk5Ny585t2GdnZ6cNGzZo06ZN/3j+rFmzlJCQoJMnT2rixImaM2eOhg4d+qTKBQAAAADgqSEwwj05ODjIy8tLXl5eCgkJUc+ePXX69Gn9+eefkqTff/9djRs3Vo4cOeTh4aF69eopLi7Oen54eLjq16+viIgI5c2bV0FBQdapYkuXLlWVKlWUPXt2lSxZUjt27DBce8mSJSpatKgcHBzk7++v0aNHG46bTCYtX77csM/d3V2RkZH3dW+ZTUlzdnbW+++/r169ev3j+e7u7vLy8pKPj4/q1KmjN954Q7/88st9XRsAAAAAgGcZgRHu2+XLlzVv3jwFBATIw8NDV65cUZUqVWQ2m7Vlyxb9+OOPMpvNqlmzpmEk0YYNGxQTE6MffvhBq1atsu7/9NNP1b17d0VHRysoKEhNmjRRSkqKJGnPnj1q1KiR3nnnHR04cEADBw5Uv3797jsMehQDBw7UgQMHtHjx4vs+5+jRo9q0aZPKlSt31zbXr19XUlKSYQMAAAAA4Flkl9UF4Nm2atUqmc1mSVJycrK8vb21atUq2djYaMGCBbKxsdH06dNlMpkk3Zqm5e7urqioKNWoUUPSrVE706dPl729vSRZRyB1795dr7/+uiRp0KBBKlq0qI4fP67ChQtrzJgxqlq1qvr16ydJCgoK0qFDhzRy5EiFh4c/0XvOmzevPvroI3366aeqX7/+Xds1adJEtra2SklJ0fXr11WnTh317t37ru0jIiI0aNCgJ1AxAAAAAACPFyOMcE9VqlRRdHS0oqOjtXPnTtWoUUO1atXSqVOntGfPHh0/flwuLi4ym80ym83KmTOnrl27ptjYWGsfxYsXt4ZFtytRooT1397e3pKkc+fOSZJiYmJUoUIFQ/sKFSro2LFjSk1NfRK3atCzZ0/9+eefmjlz5l3bjB07VtHR0dq3b59WrVqlo0eP6r333rtr+969eysxMdG6nT59+kmUDgAAAADAI2OEEe7J2dlZAQEB1s8vvvii3NzcNG3aNKWlpenFF1/UvHnzMpyXK1cuQx+ZyZYtm/Xf6SOU0tLSJEkWi8W6L53FYjF8NplMGfbdvHnzfm7rH7m7u6t3794aNGjQXRf59vLysj6bQoUK6e+//1aTJk00dOhQwzNL5+DgIAcHh8dSHwAAAAAATxIjjPBATCaTbGxsdPXqVYWGhurYsWPKnTu3AgICDJubm9sjXSc4OFg//vijYd/27dsVFBQkW1tbSbdCqYSEBOvxY8eO6cqVK4903dt16tRJNjY2Gj9+/H21T6/r6tWrj60GAAAAAACyAoER7un69es6e/aszp49q5iYGHXq1EmXL19W3bp11axZM3l6eqpevXraunWrTp48qc2bN+ujjz7Sb7/99kjX7datmzZs2KAhQ4bo6NGjmj17tr788kt1797d2ua1117Tl19+qV9++UW7d+9W27ZtDaOWHpWjo6MGDRqkCRMmZHr80qVLOnv2rM6cOaPNmzdr8ODBCgoKUpEiRR5bDQAAAAAAZAUCI9zT2rVr5e3tLW9vb5UrV067du3SN998o8qVKyt79uzasmWLfH191aBBAxUpUkQtW7bU1atX5erq+kjXDQ0N1aJFi7RgwQIVK1ZM/fv31+DBgw0LXo8ePVo+Pj6qWLGimjZtqu7duyt79uyPeMdGLVq0UIECBTI99v7778vb21v58uVTkyZNVLRoUa1Zs0Z2dsz0BAAAAAD8u5ksdy4CA+CpSEpKkpubmwZsOSFHs0tWlwM813qV8szqEgAAAIAnLv3v0MTExH8c6MEIIwAAAAAAABgQGAEAAAAAAMCAwAgAAAAAAAAGBEYAAAAAAAAwIDACAAAAAACAAYERAAAAAAAADAiMAAAAAAAAYGCX1QUAz7uuJT3k6uqa1WUAAAAAAGDFCCMAAAAAAAAYEBgBAAAAAADAgMAIAAAAAAAABgRGAAAAAAAAMCAwAgAAAAAAgAGBEQAAAAAAAAzssroA4Hk3Zt95OZpvZHUZwL9Gr1KeWV0CAAAA8J/HCCMAAAAAAAAYEBgBAAAAAADAgMAIAAAAAAAABgRGAAAAAAAAMCAwAgAAAAAAgAGBEQAAAAAAAAwIjAAAAAAAAGBAYAQAAAAAAAADAqOnxN/fX+PGjXvsbf8Lntb9xsXFyWQyKTo62rpv27ZtKl68uLJly6b69esrKipKJpNJly5deuL1AAAAAADwrHruA6Pw8HCZTCaZTCZly5ZNefLkUfXq1TVz5kylpaU9tuvs2rVLbdq0eext70f6/d1tCw8Pf2zXulNSUpI+/fRTFS5cWI6OjvLy8lK1atW0dOlSWSyWJ3bdzPj4+CghIUHFihWz7uvatatCQkJ08uRJRUZGqnz58kpISJCbm9tTrQ0AAAAAgGeJXVYX8CyoWbOmZs2apdTUVP3xxx9au3atPvroIy1evFgrVqyQnd2jP6ZcuXI9kbb3IyEhwfrvhQsXqn///jpy5Ih1n5OTk6H9zZs3lS1btke+7qVLl/TKK68oMTFRQ4cOVZkyZWRnZ6fNmzerR48eeu211+Tu7v7I17lftra28vLyMuyLjY1V27ZtlS9fPuu+O9s8qBs3bsje3v6R+gAAAAAAICs99yOMJMnBwUFeXl564YUXFBoaqj59+ujbb7/VmjVrFBkZKUlKTExUmzZtlDt3brm6uuq1117Tvn37DP2sWLFCpUuXlqOjozw9PdWgQQPrsTunXQ0cOFC+vr5ycHBQ3rx51blz57u2jY+PV7169WQ2m+Xq6qpGjRrpjz/+MPQVEhKiOXPmyN/fX25ubnrnnXf0999/S7oVgKRvbm5uMplM1s/Xrl2Tu7u7Fi1apMqVK8vR0VFz586VJM2aNUtFihSRo6OjChcurIkTJxru9/fff1fjxo2VI0cOeXh4qF69eoqLi7Me79Onj+Li4rRz5061aNFCwcHBCgoKUuvWrRUdHS2z2Zzp9zFmzBgVL15czs7O8vHxUfv27XX58mXr8VOnTqlu3brKkSOHnJ2dVbRoUX333XeSpIsXL6pZs2bKlSuXnJycFBgYqFmzZkkyTklL//f58+fVsmVLmUwmRUZGZjolbfv27apYsaKcnJzk4+Ojzp07Kzk52fB9DR06VOHh4XJzc1Pr1q0zvS8AAAAAAP4tCIzu4rXXXlPJkiWtU6def/11nT17Vt9995327Nmj0NBQVa1aVRcuXJAkrV69Wg0aNNDrr7+uvXv3asOGDSpdunSmfS9evFhjx47VlClTdOzYMS1fvlzFixfPtK3FYlH9+vV14cIFbd68WT/88INiY2PVuHFjQ7vY2FgtX75cq1at0qpVq7R582Z9/vnn932/PXv2VOfOnRUTE6OwsDBNmzZNn376qT777DPFxMRo2LBh6tevn2bPni1JunLliqpUqSKz2awtW7boxx9/lNlsVs2aNXXjxg2lpaVpwYIFatasmfLmzZvhemaz+a4jt2xsbDRhwgT9+uuvmj17tjZu3KgePXpYj3fo0EHXr1/Xli1bdODAAQ0fPtwaPvXr10+HDh3SmjVrFBMTo0mTJsnT0zPDNdKnp7m6umrcuHFKSEjI8Ewl6cCBAwoLC1ODBg20f/9+LVy4UD/++KM6duxoaDdy5EgVK1ZMe/bsUb9+/TK9r+vXryspKcmwAQAAAADwLGJK2j0ULlxY+/fv16ZNm3TgwAGdO3dODg4OkqRRo0Zp+fLlWrx4sdq0aaPPPvtM77zzjgYNGmQ9v2TJkpn2Gx8fb13LJ1u2bPL19VXZsmUzbbt+/Xrt379fJ0+elI+PjyRpzpw5Klq0qHbt2qUyZcpIktLS0hQZGSkXFxdJ0nvvvacNGzbos88+u6977dKli2FE1JAhQzR69Gjrvvz58+vQoUOaMmWKWrRooQULFsjGxkbTp0+XyWSSdGtEkru7u6KiohQSEqKLFy+qcOHC93X9O2tJlz9/fg0ZMkTt2rWzjnCKj49Xw4YNrSFbgQIFrO3j4+NVqlQpa1jn7++f6TXSp6eZTCa5ubnddRrayJEj1bRpU2tNgYGBmjBhgipVqqRJkybJ0dFR0q2AsXv37ve8r4iICMPvAwAAAACAZxUjjO7BYrHIZDJpz549unz5sjw8PGQ2m63byZMnFRsbK0mKjo5W1apV76vft99+W1evXlWBAgXUunVrLVu2TCkpKZm2jYmJkY+PjzUskqTg4GC5u7srJibGus/f398aFkmSt7e3zp07d9/3evtoqD///FOnT59Wq1atDPc7dOhQ6/3u2bNHx48fl4uLi/V4zpw5de3aNcXGxloXtE4Pkx7Epk2bVL16db3wwgtycXFR8+bNdf78ees0sM6dO2vo0KGqUKGCBgwYoP3791vPbdeunRYsWKCQkBD16NFD27dvf+Dr327Pnj2KjIw0PIewsDClpaXp5MmT1nZ3G012u969eysxMdG6nT59+pFqAwAAAADgSWGE0T3ExMQof/78SktLk7e3t6KiojK0SV+0+c6Fo+/Fx8dHR44c0Q8//KD169erffv2GjlypDZv3pxhsen00OpOd+6/8zyTyfRAb3lzdna2/jv9vGnTpqlcuXKGdra2ttY2L774oubNm5ehr1y5csnFxUU5cuQwhFr349SpU6pdu7batm2rIUOGKGfOnPrxxx/VqlUr3bx5U5L0wQcfKCwsTKtXr9a6desUERGh0aNHq1OnTqpVq5ZOnTql1atXa/369apatao6dOigUaNGPVAd6dLS0vThhx8a1phK5+vra/337c/vbhwcHKwj1AAAAAAAeJYxwuguNm7cqAMHDqhhw4YKDQ3V2bNnZWdnp4CAAMOWvj5OiRIltGHDhvvu38nJSW+88YYmTJigqKgo7dixQwcOHMjQLjg4WPHx8YbRKIcOHVJiYqKKFCny6DeaiTx58uiFF17QiRMnMtxv/vz5JUmhoaE6duyYcufOnaGNm5ubbGxs1LhxY82bN09nzpzJcI3k5ORMR1Xt3r1bKSkpGj16tF566SUFBQVler6Pj4/atm2rpUuXqlu3bpo2bZr1WK5cuRQeHq65c+dq3Lhxmjp16kM/i9DQUB08eDDDPQYEBPAmNAAAAADAfxaBkW4tRnz27Fn9/vvv+uWXXzRs2DDVq1dPderUUfPmzVWtWjW9/PLLql+/vr7//nvFxcVp+/bt6tu3r3bv3i1JGjBggObPn68BAwYoJiZGBw4c0IgRIzK9XmRkpGb8v/buPKqrav//+OsjJiCjYoEkihNIKk54vWqJA06VYnbDlKsiN82l3jSnq5WJQ+I8l5oWmtdCyzHnKXFKBZQcEVQUK8yr5pA5BJzfH/44X49gDg0fq+djrc9anL332ed9zsed8m7vfT74QAcPHtSJEyc0f/58OTs7q0yZMvnahoWFKTg4WJGRkdq7d6/27NmjTp06KTQ09L6WQT2smJgYxcbGasqUKUpLS9OBAwcUFxeniRMnSpIiIyNVokQJhYeHa9u2bcrIyFBCQoJ69+6tr7/+WpI0atQo+fn5qU6dOvroo490+PBhpaen68MPP1T16tUtbz7LU758eWVnZ2vatGnms5k5c6alTZ8+fbRu3TplZGRo79692rx5s5k8e/vtt7V8+XIdO3ZMhw4d0sqVK39RYu0///mPvvzyS/Xs2VMpKSlKT0/XihUr9O9///uh+wQAAAAA4FFHwkjS2rVrVbJkSfn7+6tFixb64osvNHXqVC1fvlwODg6y2WxavXq1GjRooOjoaAUEBOjll1/WyZMn5e3tLUlq2LChPv30U61YsULVq1dX48aNtXv37gKv5+npqdmzZ6t+/frmzKTPP/9cXl5e+drabDYtW7ZMxYoVU4MGDRQWFqZy5cpp4cKFv+kzeeWVVzRnzhzNnTtXVatWVWhoqObOnWvOMCpatKi2bt2q0qVLq23btgoKClJ0dLSuXbsmd3d3SVKxYsW0a9cu/fOf/9TIkSNVo0YNPfPMM/rkk080btw4eXh45Ltu9erVNXHiRI0ZM0ZVqlTRggULFBsba2mTk5Ojnj17KigoSC1atFBgYKC5IXaRIkU0ePBgBQcHq0GDBnJwcFB8fPxDP4fg4GAlJCQoPT1dzzzzjGrUqKEhQ4aoZMmSD90nAAAAAACPOpuRtzsxgN/V5cuX5eHhoaFbT8jJ1e3eJwCQJA2qUcLeIQAAAAB/SHm/h166dMmc7HE3zDACAAAAAACABQkjAAAAAAAAWJAwAgAAAAAAgAUJIwAAAAAAAFiQMAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACABQkjAAAAAAAAWBS2dwDAX13fal5yd3e3dxgAAAAAAJiYYQQAAAAAAAALEkYAAAAAAACwIGEEAAAAAAAACxJGAAAAAAAAsCBhBAAAAAAAAAsSRgAAAAAAALAobO8AgL+6iV+dl5PrTXuHAfxhDKpRwt4hAAAAAH96zDACAAAAAACABQkjAAAAAAAAWJAwAgAAAAAAgAUJIwAAAAAAAFiQMAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACABQkjAAAAAAAAWJAwesQ0bNhQffr0eaBzbDabli1bdtf6LVu2yGaz6eLFi78ott/K7xlfTEyMqlevnq/M29vbfI5RUVFq06bNbx4LAAAAAACPKhJG96GgBMJnn30mJycnjR07VjExMbLZbOrevbulTUpKimw2m06ePHnf11qyZIlGjBjxK0T96Ni3b59eeukleXt7y8nJSQEBAeratavS0tJ+91j69++vTZs2mcdHjhzRsGHDNGvWLGVlZally5aaMmWK5s6d+7vHBgAAAADAo4KE0UOYM2eOIiMjNX36dA0cOFCS5OTkpA8++OAXJ0GKFy8uNze3XyPM39zNmzfv2WblypX6+9//rhs3bmjBggU6cuSI5s+fLw8PDw0ZMuR3iNLK1dVVXl5e5vHx48clSeHh4fLx8ZGjo6M8PDzk6en50NcwDEPZ2dm/NFQAAAAAAOyGhNEDGjt2rHr16qWPP/5Yr7zyilkeGBioRo0a6a233vrZ8w8fPqxnn31Wrq6u8vb2VseOHXXu3Dmz/s4laVlZWXruuefk7OyssmXL6uOPP5a/v78mT55s6ffcuXN64YUXVLRoUVWsWFErVqzId+0dO3aoWrVqcnJyUp06dXTgwAFL/eLFi1W5cmU5OjrK399fEyZMsNT7+/tr5MiRioqKkoeHh7p27aqbN2+qV69eKlmypJycnOTv76/Y2FhJ0o8//qguXbro2Wef1YoVKxQWFqayZcuqTp06Gj9+vGbNmlXgMzp//rzat2+vUqVKqWjRoqpatao++eQTS5vPPvtMVatWlbOzs7y8vBQWFqarV69KurXE7W9/+5tcXFzk6emp+vXr69SpU5KsS9JiYmLUqlUrSVKhQoVks9kk5Z9RZhiGxo4dq3LlysnZ2VnVqlXTZ599ZtbnLalbt26dQkJC5OjoqG3bthV4bwAAAAAA/BGQMHoAgwYN0ogRI7Ry5Uq9+OKL+epHjx6txYsXKzExscDzs7KyFBoaqurVqyspKUlr167Vd999p4iIiLtes1OnTvr222+1ZcsWLV68WO+//77Onj2br92wYcMUERGh/fv369lnn1VkZKQuXLhgaTNgwACNHz9eiYmJeuKJJ9S6dWv99NNPkqTk5GRFRETo5Zdf1oEDBxQTE6MhQ4bkW5o1btw4ValSRcnJyRoyZIimTp2qFStWaNGiRTp69Kj++9//yt/fX5K0bt06nTt3zpyFdae7zeK5fv26atWqpZUrV+rgwYPq1q2bOnbsqN27d5vPsX379oqOjtaRI0e0ZcsWtW3b1pzZ06ZNG4WGhmr//v368ssv1a1bNzMZdLv+/fsrLi7O7DMrK6vAeN566y3FxcVpxowZOnTokF5//XX985//VEJCgqXdwIEDFRsbqyNHjig4ODhfPzdu3NDly5ctHwAAAAAAHkWF7R3AH8WaNWu0fPlybdq0SY0bNy6wTc2aNRUREaFBgwZZ9snJM2PGDNWsWVOjRo0yyz788EP5+fkpLS1NAQEBlvapqanauHGjEhMTFRISIunWcriKFSvm6zsqKkrt27eXJI0aNUrTpk3Tnj171KJFC7PN0KFD1bRpU0nSvHnzVKpUKS1dulQRERGaOHGimjRpYi4TCwgI0OHDhzVu3DhFRUWZfTRu3Fj9+/c3jzMzM1WxYkU9/fTTstlsKlOmjFmXnp4uSapUqVKBz+tunnzyScs1/v3vf2vt2rX69NNPVadOHWVlZSk7O1tt27Y1r1e1alVJ0oULF3Tp0iU9//zzKl++vCQpKCiowOu4urqaSSsfH58C21y9elUTJ07U5s2bVbduXUlSuXLltH37ds2aNUuhoaFm2+HDh5vPtyCxsbEaNmzYfT4FAAAAAADshxlG9yk4OFj+/v56++23deXKlbu2GzlypLZt26b169fnq0tOTtYXX3whV1dX85OXTMnbS+d2R48eVeHChVWzZk2zrEKFCipWrFiB8eVxcXGRm5tbvplIeQkP6dZeSYGBgTpy5IikW5s/169f39K+fv36Sk9PV05OjlmWl7jKExUVpZSUFAUGBuq1116z3LdhGPnivB85OTl65513FBwcLC8vL7m6umr9+vXKzMyUJFWrVk1NmjRR1apV9dJLL2n27Nn6/vvvzfuKiopS8+bN1apVK02ZMuWuM4fux+HDh3X9+nU1bdrU8r199NFH+b6zO5/NnQYPHqxLly6Zn9OnTz90XAAAAAAA/JZIGN2nJ598UgkJCcrKylKLFi3umjQqX768unbtqkGDBuVLmOTm5qpVq1ZKSUmxfNLT09WgQYN8fd0t4VJQ+WOPPWY5ttlsys3Nved95S3VMgwj37Ktgq7j4uJiOa5Zs6YyMjI0YsQIXbt2TREREfrHP/4hSeaMqdTU1HvGcbsJEyZo0qRJGjhwoDZv3qyUlBQ1b97c3GTbwcFBGzZs0Jo1a/TUU09p2rRpCgwMVEZGhiQpLi5OX375perVq6eFCxcqICBAu3bteqAY8uQ9w1WrVlm+s8OHD1v2MZLyP5s7OTo6yt3d3fIBAAAAAOBRRMLoAZQuXVoJCQk6e/asmjVrdtc9aN5++22lpaUpPj7eUl6zZk0dOnRI/v7+qlChguVTULKhUqVKys7O1r59+8yyY8eO6eLFiw8V/+1Jk++//15paWnmDKennnpK27dvt7TfuXOnAgIC5ODg8LP9uru7q127dpo9e7YWLlyoxYsX68KFC2rWrJlKlCihsWPHFnje3e5j27ZtCg8P1z//+U9Vq1ZN5cqVM5e35bHZbKpfv76GDRumffv2qUiRIlq6dKlZX6NGDQ0ePFg7d+5UlSpV9PHHH//sPdzNU089JUdHR2VmZub7zvz8/B6qTwAAAAAAHnUkjB5QqVKltGXLFp0/f17NmjXTpUuX8rXx9vZW3759NXXqVEt5z549deHCBbVv31579uzRiRMntH79ekVHR1uWfeWpVKmSwsLC1K1bN+3Zs0f79u1Tt27d5OzsXOAmzvcyfPhwbdq0SQcPHlRUVJRKlChhvg2sX79+2rRpk0aMGKG0tDTNmzdP06dPt+wlVJBJkyYpPj5eqampSktL06effiofHx95enrKxcVFc+bM0apVq9S6dWtt3LhRJ0+eVFJSkgYOHKju3bsX2GeFChW0YcMG7dy5U0eOHNGrr76qM2fOmPW7d+/WqFGjlJSUpMzMTC1ZskT/+9//FBQUpIyMDA0ePFhffvmlTp06pfXr1ystLe2u+xjdi5ubm/r376/XX39d8+bN0/Hjx7Vv3z69++67mjdv3kP1CQAAAADAo46E0UPIW5528eJFNW3atMCZMgMGDJCrq6ulzNfXVzt27FBOTo6aN2+uKlWqqHfv3vLw8FChQgV/FR999JG8vb3VoEEDvfDCC+ratavc3Nzk5OT0wHGPHj1avXv3Vq1atZSVlaUVK1aoSJEikm7Nflq0aJHi4+NVpUoVvf322xo+fLhlw+uCuLq6asyYMQoJCVHt2rV18uRJrV692ryf8PBw7dy5U4899pg6dOigSpUqqX379rp06ZJGjhxZYJ9DhgxRzZo11bx5czVs2FA+Pj6W19y7u7tr69atevbZZxUQEKC33npLEyZMUMuWLVW0aFGlpqbqxRdfVEBAgLp166ZevXrp1VdffeDnlWfEiBF6++23FRsbq6CgIDVv3lyff/65ypYt+9B9AgAAAADwKLMZD7szMezi66+/lp+fnzZu3KgmTZrYOxz8ApcvX5aHh4eGbj0hJ1c3e4cD/GEMqlHC3iEAAAAAf0h5v4deunTpnvvqFv6dYsJD2rx5s3744QdVrVpVWVlZGjhwoPz9/QvcJBsAAAAAAODXQMLoEffTTz/pjTfe0IkTJ+Tm5qZ69eppwYIF+d6KBgAAAAAA8GshYfSIa968uZo3b27vMAAAAAAAwF8Im14DAAAAAADAgoQRAAAAAAAALEgYAQAAAAAAwIKEEQAAAAAAACzY9Bqws77VvOTu7m7vMAAAAAAAMDHDCAAAAAAAABYkjAAAAAAAAGBBwggAAAAAAAAWJIwAAAAAAABgQcIIAAAAAAAAFiSMAAAAAAAAYFHY3gEAf3UTvzovJ9eb9g4DAAAAAPAQBtUoYe8QfhPMMAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACABQkjAAAAAAAAWJAwAgAAAAAAgAUJIwAAAAAAAFiQMAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACAxV8uYRQVFaU2bdqYxw0bNlSfPn3sFs+jwt/fX5MnT7bLte/8Tn5Ld97nmTNn1LRpU7m4uMjT01OSZLPZtGzZst8lHgAAAAAAHkV2TxidOXNGvXv3VoUKFeTk5CRvb289/fTTmjlzpn788cff/PpLlizRiBEjftU+75YAsdls5qdw4cIqXbq0+vbtqxs3bvyq1/85c+fONRMjt0tMTFS3bt1+9esZhqH3339fderUkaurqzw9PRUSEqLJkyf/Lt/vne68z0mTJikrK0spKSlKS0uTJGVlZally5a/e2wAAAAAADwqCtvz4idOnFD9+vXl6empUaNGqWrVqsrOzlZaWpo+/PBD+fr6qnXr1vnO++mnn/TYY4/9KjEUL178V+nnfsXFxalFixb66aef9NVXX6lLly5ycXH51ZNWD+rxxx//Tfrt2LGjlixZorfeekvTp0/X448/rq+++kqTJ0+Wv7//7zazKM+d93n8+HHVqlVLFStWNMt8fHx+0TVu3rypIkWK/KI+AAAAAACwJ7vOMOrRo4cKFy6spKQkRUREKCgoSFWrVtWLL76oVatWqVWrVpJuzcyZOXOmwsPD5eLiopEjRyonJ0f/+te/VLZsWTk7OyswMFBTpkyx9J+Tk6O+ffvK09NTXl5eGjhwoAzDsLS5c0nazZs3NXDgQD355JNycXFRnTp1tGXLFrM+b4bOunXrFBQUJFdXV7Vo0UJZWVmSpJiYGM2bN0/Lly83ZxPdfr6np6d8fHzk5+en559/Xq1bt9bevXstMc2YMUPly5dXkSJFFBgYqPnz51vqMzMzFR4eLldXV7m7uysiIkLfffedWf/VV1+pUaNGcnNzk7u7u2rVqqWkpCRt2bJFXbp00aVLl8zYYmJiJOVfqmWz2TRnzhy98MILKlq0qCpWrKgVK1ZY4lixYoUqVqwoZ2dnNWrUSPPmzZPNZtPFixclSYsWLdKCBQv0ySef6I033lDt2rXl7++v8PBwbd68WY0aNSrwz8XatWv19NNPm9/b888/r+PHj1u+o169eqlkyZJycnKSv7+/YmNjzfqYmBiVLl1ajo6O8vX11WuvvWbW3X6f/v7+Wrx4sT766CPZbDZFRUWZ9377krRvvvlG7dq1U7FixeTl5aXw8HCdPHnSrM+bURYbGytfX18FBAQUeF83btzQ5cuXLR8AAAAAAB5FdksYnT9/XuvXr1fPnj3l4uJSYBubzWb+PHToUIWHh+vAgQOKjo5Wbm6uSpUqpUWLFunw4cN6++239cYbb2jRokXmORMmTNCHH36oDz74QNu3b9eFCxe0dOnSn42rS5cu2rFjh+Lj47V//3699NJLatGihdLT0802P/74o8aPH6/58+dr69atyszMVP/+/SVJ/fv3V0REhJlEysrKUr169Qq8Vlpamr744gvVqVPHLFu6dKl69+6tfv366eDBg3r11VfVpUsXffHFF5JuLfFq06aNLly4oISEBG3YsEHHjx9Xu3btzD4iIyNVqlQpJSYmKjk5WYMGDdJjjz2mevXqafLkyXJ3dzdjy4u7IMOGDVNERIT279+vZ599VpGRkbpw4YIk6eTJk/rHP/6hNm3aKCUlRa+++qrefPNNy/kLFixQYGCgwsPD8/Vts9nk4eFR4HWvXr2qvn37KjExUZs2bVKhQoX0wgsvKDc3V5I0depUrVixQosWLdLRo0f13//+V/7+/pKkzz77TJMmTdKsWbOUnp6uZcuWqWrVqgVeJzExUS1atFBERISysrLyJRylW991o0aN5Orqqq1bt2r79u1mkvDmzZtmu02bNunIkSPasGGDVq5cWeD1YmNj5eHhYX78/PwKbAcAAAAAgL3ZbUnasWPHZBiGAgMDLeUlSpTQ9evXJUk9e/bUmDFjJEkdOnRQdHS0pe2wYcPMn8uWLaudO3dq0aJFioiIkCRNnjxZgwcP1osvvihJmjlzptatW3fXmI4fP65PPvlEX3/9tXx9fSXdSgCtXbtWcXFxGjVqlKRbS+Jmzpyp8uXLS5J69eql4cOHS5JcXV3l7OysGzduFLi0qX379nJwcFB2drZu3Lih559/XoMHDzbrx48fr6ioKPXo0UOS1LdvX+3atUvjx49Xo0aNtHHjRu3fv18ZGRlmwmH+/PmqXLmyEhMTVbt2bWVmZmrAgAGqVKmSJFmWW3l4eMhms93XsquoqCi1b99ekjRq1ChNmzZNe/bsUYsWLTRz5kwFBgZq3LhxkqTAwEAdPHhQ77zzjnl+enp6vu/3fuR9X3k++OADPfHEEzp8+LCqVKmizMxMVaxYUU8//bRsNpvKlCljts3MzJSPj4/CwsL02GOPqXTp0vrb3/5W4HUef/xxOTo6ytnZ+a7PIz4+XoUKFdKcOXPMBGZcXJw8PT21ZcsWNWvWTJLk4uKiOXPm/OxStMGDB6tv377m8eXLl0kaAQAAAAAeSXbf9Pr2WUSStGfPHqWkpKhy5cqWzaBDQkLynTtz5kyFhITo8ccfl6urq2bPnq3MzExJ0qVLl5SVlaW6deua7QsXLlxgP3n27t0rwzAUEBAgV1dX85OQkGBZElW0aFEzWSRJJUuW1NmzZ+/rfidNmqSUlBR99dVXWrlypdLS0tSxY0ez/siRI6pfv77lnPr16+vIkSNmvZ+fnyXR8NRTT8nT09Ns07dvX73yyisKCwvT6NGjLbE/iODgYPNnFxcXubm5mfd59OhR1a5d29L+zsSMYRj5vt/7cfz4cXXo0EHlypWTu7u7ypYtK0nmdxsVFaWUlBQFBgbqtdde0/r1681zX3rpJV27dk3lypVT165dtXTpUmVnZz9wDHmSk5N17Ngxubm5mX8eihcvruvXr1uea9WqVe+5b5Gjo6Pc3d0tHwAAAAAAHkV2m2FUoUIF2Ww2paamWsrLlSsnSXJ2draU37lsbdGiRXr99dc1YcIE1a1bV25ubho3bpx279790DHl5ubKwcFBycnJcnBwsNS5urqaP9+54bbNZsu3N9Ld+Pj4qEKFCpJuzcq5cuWK2rdvr5EjR5rldyZZbk+83C0Jc3t5TEyMOnTooFWrVmnNmjUaOnSo4uPj9cILL9xXjD93n3nLwgqK485nEBAQYCaxHkSrVq3k5+en2bNny9fXV7m5uapSpYq5BKxmzZrKyMjQmjVrtHHjRkVERCgsLEyfffaZ/Pz8dPToUW3YsEEbN25Ujx49NG7cOCUkJDzURum5ubmqVauWFixYkK/u9g2077asEgAAAACAPyK7zTDy8vJS06ZNNX36dF29evWBz9+2bZvq1aunHj16qEaNGqpQoYJlxoeHh4dKliypXbt2mWXZ2dlKTk6+a581atRQTk6Ozp49qwoVKlg+D/LmrCJFiignJ+e+2uYlpq5duyZJCgoK0vbt2y1tdu7cqaCgIEm3ZhNlZmbq9OnTZv3hw4d16dIls410K1nz+uuva/369Wrbtq3i4uIeOLafU6lSJSUmJlrKkpKSLMcdOnRQWlqali9fnu98wzB06dKlfOXnz5/XkSNH9NZbb6lJkyYKCgrS999/n6+du7u72rVrp9mzZ2vhwoVavHixub+Ss7OzWrduralTp2rLli368ssvdeDAgYe6z5o1ayo9PV1PPPFEvj8Td9uDCQAAAACAPzq7Lkl77733lJ2drZCQEC1cuFBHjhwxNzFOTU3NN8vndhUqVFBSUpLWrVuntLQ0DRkyJF8Co3fv3ho9erSWLl2q1NRU9ejRw3yDV0ECAgIUGRmpTp06acmSJcrIyFBiYqLGjBmj1atX3/d9+fv7a//+/Tp69KjOnTunn376yay7ePGizpw5o2+//VYJCQkaPny4AgICzGTPgAEDNHfuXM2cOVPp6emaOHGilixZYm5OHRYWpuDgYEVGRmrv3r3as2ePOnXqpNDQUIWEhOjatWvq1auXtmzZolOnTmnHjh1KTEw0+/f399cPP/ygTZs26dy5c/rxxx/v+75u9+qrryo1NVX/+c9/lJaWpkWLFmnu3LmS/m+GVEREhNq1a6f27dsrNjZWSUlJOnXqlFauXKmwsDBzI+/b5b2J7P3339exY8e0efNmy74/0q1lffHx8UpNTVVaWpo+/fRT+fj4yNPTU3PnztUHH3yggwcP6sSJE5o/f76cnZ0t+xw9iMjISJUoUULh4eHatm2bMjIylJCQoN69e+vrr79+qD4BAAAAAHjU2TVhVL58ee3bt09hYWEaPHiwqlWrppCQEE2bNk39+/fXiBEj7npu9+7d1bZtW7Vr10516tTR+fPnzY2i8/Tr10+dOnVSVFSUuWztXsuy4uLi1KlTJ/Xr10+BgYFq3bq1du/e/UCbE3ft2lWBgYHm/ko7duww67p06aKSJUuqVKlSat++vSpXrqw1a9aocOFbqwPbtGmjKVOmaNy4capcubJmzZqluLg4NWzYUNL/vfK9WLFiatCggcLCwlSuXDktXLhQ0q0ZS+fPn1enTp0UEBCgiIgItWzZ0twgvF69eurevbvatWunxx9/XGPHjr3v+7pd2bJl9dlnn2nJkiUKDg7WjBkzzLekOTo6mrF+/PHHmjhxopYuXarQ0FAFBwcrJiZG4eHhat68eb5+CxUqpPj4eCUnJ6tKlSp6/fXXzY2187i6umrMmDEKCQlR7dq1dfLkSa1evVqFChWSp6enZs+erfr16ys4OFibNm3S559/Li8vr4e6z6JFi2rr1q0qXbq02rZtq6CgIEVHR+vatWvsQQQAAAAA+NOyGfe7+Q5wD++8845mzpxpWS6Hu7t8+bI8PDw0dOsJObm62TscAAAAAMBDGFSjhL1DuG95v4deunTpnpMg7LbpNf743nvvPdWuXVteXl7asWOHxo0bp169etk7LAAAAAAA8AuRMMJDS09P18iRI3XhwgWVLl1a/fr10+DBg+0dFgAAAAAA+IVIGOGhTZo0SZMmTbJ3GAAAAAAA4Fdm102vAQAAAAAA8OghYQQAAAAAAAALEkYAAAAAAACwIGEEAAAAAAAACza9BuysbzUvubu72zsMAAAAAABMzDACAAAAAACABQkjAAAAAAAAWJAwAgAAAAAAgAUJIwAAAAAAAFiQMAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACABQkjAAAAAAAAWJAwAgAAAAAAgAUJIwAAAAAAAFiQMAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACABQkjAAAAAAAAWJAwAgAAAAAAgAUJIwAAAAAAAFiQMAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACARWF7BwD8VRmGIUm6fPmynSMBAAAAAPwV5P3+mff76M8hYQTYyfnz5yVJfn5+do4EAAAAAPBXcuXKFXl4ePxsGxJGgJ0UL15ckpSZmXnPgQrglsuXL8vPz0+nT5+Wu7u7vcMB/hAYN8CDY9wAD45x88dgGIauXLkiX1/fe7YlYQTYSaFCt7YQ8/Dw4D+owANyd3dn3AAPiHEDPDjGDfDgGDePvvudsMCm1wAAAAAAALAgYQQAAAAAAAALEkaAnTg6Omro0KFydHS0dyjAHwbjBnhwjBvgwTFugAfHuPnzsRn38y41AAAAAAAA/GUwwwgAAAAAAAAWJIwAAAAAAABgQcIIAAAAAAAAFiSMAAAAAAAAYEHCCLCT9957T2XLlpWTk5Nq1aqlbdu22Tsk4JGxdetWtWrVSr6+vrLZbFq2bJml3jAMxcTEyNfXV87OzmrYsKEOHTpkn2CBR0BsbKxq164tNzc3PfHEE2rTpo2OHj1qacO4AaxmzJih4OBgubu7y93dXXXr1tWaNWvMesYMcG+xsbGy2Wzq06ePWcbY+fMgYQTYwcKFC9WnTx+9+eab2rdvn5555hm1bNlSmZmZ9g4NeCRcvXpV1apV0/Tp0wusHzt2rCZOnKjp06crMTFRPj4+atq0qa5cufI7Rwo8GhISEtSzZ0/t2rVLGzZsUHZ2tpo1a6arV6+abRg3gFWpUqU0evRoJSUlKSkpSY0bN1Z4eLj5iy1jBvh5iYmJev/99xUcHGwpZ+z8iRgAfnd/+9vfjO7du1vKKlWqZAwaNMhOEQGPLknG0qVLzePc3FzDx8fHGD16tFl2/fp1w8PDw5g5c6YdIgQePWfPnjUkGQkJCYZhMG6A+1WsWDFjzpw5jBngHq5cuWJUrFjR2LBhgxEaGmr07t3bMAz+vvmzYYYR8Du7efOmkpOT1axZM0t5s2bNtHPnTjtFBfxxZGRk6MyZM5Yx5OjoqNDQUMYQ8P9dunRJklS8eHFJjBvgXnJychQfH6+rV6+qbt26jBngHnr27KnnnntOYWFhlnLGzp9LYXsHAPzVnDt3Tjk5OfL29raUe3t768yZM3aKCvjjyBsnBY2hU6dO2SMk4JFiGIb69u2rp59+WlWqVJHEuAHu5sCBA6pbt66uX78uV1dXLV26VE899ZT5iy1jBsgvPj5ee/fuVWJiYr46/r75cyFhBNiJzWazHBuGka8MwN0xhoCC9erVS/v379f27dvz1TFuAKvAwEClpKTo4sWLWrx4sTp37qyEhASznjEDWJ0+fVq9e/fW+vXr5eTkdNd2jJ0/B5akAb+zEiVKyMHBId9sorNnz+bLxAPIz8fHR5IYQ0AB/v3vf2vFihX64osvVKpUKbOccQMUrEiRIqpQoYJCQkIUGxuratWqacqUKYwZ4C6Sk5N19uxZ1apVS4ULF1bhwoWVkJCgqVOnqnDhwub4YOz8OZAwAn5nRYoUUa1atbRhwwZL+YYNG1SvXj07RQX8cZQtW1Y+Pj6WMXTz5k0lJCQwhvCXZRiGevXqpSVLlmjz5s0qW7aspZ5xA9wfwzB048YNxgxwF02aNNGBAweUkpJifkJCQhQZGamUlBSVK1eOsfMnwpI0wA769u2rjh07KiQkRHXr1tX777+vzMxMde/e3d6hAY+EH374QceOHTOPMzIylJKSouLFi6t06dLq06ePRo0apYoVK6pixYoaNWqUihYtqg4dOtgxasB+evbsqY8//ljLly+Xm5ub+X92PTw85OzsLJvNxrgB7vDGG2+oZcuW8vPz05UrVxQfH68tW7Zo7dq1jBngLtzc3Mz98fK4uLjIy8vLLGfs/HmQMALsoF27djp//ryGDx+urKwsValSRatXr1aZMmXsHRrwSEhKSlKjRo3M4759+0qSOnfurLlz52rgwIG6du2aevTooe+//1516tTR+vXr5ebmZq+QAbuaMWOGJKlhw4aW8ri4OEVFRUkS4wa4w3fffaeOHTsqKytLHh4eCg4O1tq1a9W0aVNJjBngYTF2/jxshmEY9g4CAAAAAAAAjw72MAIAAAAAAIAFCSMAAAAAAABYkDACAAAAAACABQkjAAAAAAAAWJAwAgAAAAAAgAUJIwAAAAAAAFiQMAIAAAAAAIAFCSMAAAAAAABYkDACAAD4izl58qRsNptSUlLsHYopNTVVf//73+Xk5KTq1avbOxwAAP7ySBgBAAD8zqKiomSz2TR69GhL+bJly2Sz2ewUlX0NHTpULi4uOnr0qDZt2nTXdqdPn9a//vUv+fr6qkiRIipTpox69+6t8+fP/47RAgDw50fCCAAAwA6cnJw0ZswYff/99/YO5Vdz8+bNhz73+PHjevrpp1WmTBl5eXkV2ObEiRMKCQlRWlqaPvnkEx07dkwzZ87Upk2bVLduXV24cOGhr/9LFXTvOTk5ys3NtUM0AAD8ciSMAAAA7CAsLEw+Pj6KjY29a5uYmJh8y7MmT54sf39/8zgqKkpt2rTRqFGj5O3tLU9PTw0bNkzZ2dkaMGCAihcvrlKlSunDDz/M139qaqrq1asnJycnVa5cWVu2bLHUHz58WM8++6xcXV3l7e2tjh076ty5c2Z9w4YN1atXL/Xt21clSpRQ06ZNC7yP3NxcDR8+XKVKlZKjo6OqV6+utWvXmvU2m03JyckaPny4bDabYmJiCuynZ8+eKlKkiNavX6/Q0FCVLl1aLVu21MaNG/XNN9/ozTffNNveuHFDAwcOlJ+fnxwdHVWxYkV98MEHZv2hQ4f03HPPyd3dXW5ubnrmmWd0/Phx87769OljuXabNm0UFRVlHvv7+2vkyJGKioqSh4eHunbtqrlz58rT01MrV67UU089JUdHR506dUo3b97UwIED9eSTT8rFxUV16tSxPOu889atW6egoCC5urqqRYsWysrKssTw4YcfqnLlynJ0dFTJkiXVq1cvs+7SpUvq1q2bnnjiCbm7u6tx48b66quvzPqvvvpKjRo1kpubm9zd3VWrVi0lJSUV+JwBAJBIGAEAANiFg4ODRo0apWnTpunrr7/+RX1t3rxZ3377rbZu3aqJEycqJiZGzz//vIoVK6bdu3ere/fu6t69u06fPm05b8CAAerXr5/27dunevXqqXXr1ubSrqysLIWGhqp69epKSkrS2rVr9d133ykiIsLSx7x581S4cGHt2LFDs2bNKjC+KVOmaMKECRo/frz279+v5s2bq3Xr1kpPTzevVblyZfXr109ZWVnq379/vj4uXLigdevWqUePHnJ2drbU+fj4KDIyUgsXLpRhGJKkTp06KT4+XlOnTtWRI0c0c+ZMubq6SpK++eYbNWjQQE5OTtq8ebOSk5MVHR2t7OzsB3ru48aNU5UqVZScnKwhQ4ZIkn788UfFxsZqzpw5OnTokJ544gl16dJFO3bsUHx8vPbv36+XXnpJLVq0MO8/77zx48dr/vz52rp1qzIzMy3PYcaMGerZs6e6deumAwcOaMWKFapQoYIkyTAMPffcczpz5oxWr16t5ORk1axZU02aNDFnXUVGRqpUqVJKTExUcnKyBg0apMcee+yB7hcA8BdjAAAA4HfVuXNnIzw83DAMw/j73/9uREdHG4ZhGEuXLjVu/+fZ0KFDjWrVqlnOnTRpklGmTBlLX2XKlDFycnLMssDAQOOZZ54xj7Ozsw0XFxfjk08+MQzDMDIyMgxJxujRo802P/30k1GqVCljzJgxhmEYxpAhQ4xmzZpZrn369GlDknH06FHDMAwjNDTUqF69+j3v19fX13jnnXcsZbVr1zZ69OhhHlerVs0YOnToXfvYtWuXIclYunRpgfUTJ040JBnfffedcfToUUOSsWHDhgLbDh482Chbtqxx8+bNAutDQ0ON3r17W8rCw8ONzp07m8dlypQx2rRpY2kTFxdnSDJSUlLMsmPHjhk2m8345ptvLG2bNGliDB482HLesWPHzPp3333X8Pb2No99fX2NN998s8B4N23aZLi7uxvXr1+3lJcvX96YNWuWYRiG4ebmZsydO7fA8wEAKEhh+6WqAAAAMGbMGDVu3Fj9+vV76D4qV66sQoX+b+K4t7e3qlSpYh47ODjIy8tLZ8+etZxXt25d8+fChQsrJCRER44ckSQlJyfriy++MGfl3O748eMKCAiQJIWEhPxsbJcvX9a3336r+vXrW8rr169vWTL1Sxn/f2ZR3tvfHBwcFBoaWmDblJQUPfPMM794hk1B916kSBEFBwebx3v37pVhGObzynPjxg3LXk1FixZV+fLlzeOSJUua39fZs2f17bffqkmTJgXGkZycrB9++CHf3k/Xrl0zl9n17dtXr7zyiubPn6+wsDC99NJLlusBAHAnEkYAAAB21KBBAzVv3lxvvPGGZY8cSSpUqJCZCMnz008/5evjzsSHzWYrsOx+NmDOe0tbbm6uWrVqpTFjxuRrU7JkSfNnFxeXe/Z5e795DMN4oDfCVahQQTabTYcPH1abNm3y1aempqpYsWIqUaJEviVrd7pX/f0+94Lu3dnZ2XJfubm5cnBwUHJyshwcHCxtb0/GFfR95cVwr3hzc3NVsmTJfHtQSZKnp6ekW/thdejQQatWrdKaNWs0dOhQxcfH64UXXvjZvgEAf13sYQQAAGBno0eP1ueff66dO3dayh9//HGdOXPGkrxISUn51a67a9cu8+fs7GwlJyerUqVKkqSaNWvq0KFD8vf3V4UKFSyf+00SSZK7u7t8fX21fft2S/nOnTsVFBR03/14eXmpadOmeu+993Tt2jVL3ZkzZ7RgwQK1a9dONptNVatWVW5urhISEgrsKzg4WNu2bSswCSTdeu63bzidk5OjgwcP3nest6tRo4ZycnJ09uzZfM/Rx8fnvvpwc3OTv7+/Nm3aVGB9zZo1debMGRUuXDjfNUqUKGG2CwgI0Ouvv67169erbdu2iouLe6h7AgD8NZAwAgAAsLOqVasqMjJS06ZNs5Q3bNhQ//vf/zR27FgdP35c7777rtasWfOrXffdd9/V0qVLlZqaqp49e+r7779XdHS0pFtvJLtw4YLat2+vPXv26MSJE1q/fr2io6OVk5PzQNcZMGCAxowZo4ULF+ro0aMaNGiQUlJS1Lt37wfqZ/r06bpx44aaN2+urVu36vTp01q7dq2aNm2qJ598Uu+8846kW28w69y5s6Kjo7Vs2TJlZGRoy5YtWrRokSSpV69eunz5sl5++WUlJSUpPT1d8+fP19GjRyVJjRs31qpVq7Rq1SqlpqaqR48eunjx4gPFmicgIECRkZHq1KmTlixZooyMDCUmJmrMmDFavXr1ffcTExOjCRMmaOrUqUpPT9fevXvNPy9hYWGqW7eu2rRpo3Xr1unkyZPauXOn3nrrLSUlJenatWvq1auXtmzZolOnTmnHjh1KTEx8oIQdAOCvh4QRAADAI2DEiBH5lkEFBQXpvffe07vvvqtq1appz549Bb5B7GGNHj1aY8aMUbVq1bRt2zYtX77cnJHi6+urHTt2KCcnR82bN1eVKlXUu3dveXh4WPZLuh+vvfaa+vXrp379+qlq1apau3atVqxYoYoVKz5QPxUrVlRSUpLKly+vdu3aqXz58urWrZsaNWqkL7/8UsWLFzfbzpgxQ//4xz/Uo0cPVapUSV27dtXVq1cl3ZqttHnzZv3www8KDQ1VrVq1NHv2bHNZWHR0tDp37qxOnTopNDRUZcuWVaNGjR4o1tvFxcWpU6dO6tevnwIDA9W6dWvt3r1bfn5+991H586dNXnyZL333nuqXLmynn/+efMtazabTatXr1aDBg0UHR2tgIAAvfzyyzp58qS8vb3l4OCg8+fPq1OnTgoICFBERIRatmypYcOGPfQ9AQD+/GzGnf8yAQAAAAAAwF8aM4wAAAAAAABgQcIIAAAAAAAAFiSMAAAAAAAAYEHCCAAAAAAAABYkjAAAAAAAAGBBwggAAAAAAAAWJIwAAAAAAABgQcIIAAAAAAAAFiSMAAAAAAAAYEHCCAAAAAAAABYkjAAAAAAAAGDx/wBU9QTreV33uQAAAABJRU5ErkJggg=="
},
"metadata": {},
"output_type": "display_data"
}
],
"execution_count": 32
},
{
"metadata": {},
"cell_type": "code",
"outputs": [],
"execution_count": null,
"source": "",
"id": "f6faa6d6265c094e"
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 2
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython2",
"version": "2.7.6"
}
},
"nbformat": 4,
"nbformat_minor": 5
}
Reference in New Issue View Git Blame Copy Permalink