From 42a213108fa19cb1b7443ca23ecbef4da7ec4485 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Sat, 23 Nov 2024 08:39:56 +0900
Subject: [PATCH] add rdp log

---
 .../ID21-25 RDP Logon Logoff Reconnect.evtx     | Bin 0 -> 69632 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 YamatoSecurity/IntialAccess/ValidAccounts/ID21-25 RDP Logon Logoff Reconnect.evtx

diff --git a/YamatoSecurity/IntialAccess/ValidAccounts/ID21-25 RDP Logon Logoff Reconnect.evtx b/YamatoSecurity/IntialAccess/ValidAccounts/ID21-25 RDP Logon Logoff Reconnect.evtx
new file mode 100644
index 0000000000000000000000000000000000000000..9f6d777aef56f97522f9638dd976da084bd2583f
GIT binary patch
literal 69632
zcmeHQ33yc16}~f>43ljp0a>CD60`_>9}qzUA}Jsc6cQH0TEQ3ykzf{N4dTM$(t?7B
zA|hHBTv3{~qQTl$itR@~>e4EUq@qQk2(kxIK&I#1xo2`8yf-A6_rR~`@eS|In>+8E
z`Tzf(d+xpO-SjOk%ql7#FV5V)_l3^PhMikP36bbJv&fHnk5@ZV**^J4U4*~P2rvSS
z03*N%FanGKBftnS0*nA7zz8q`wL+k8abfQXrMC;}-Dj(BZC3sNw3yI|*|4izDa65-
zgm@%w>poTNymx5t!=Bao`UP5eg;)x9k3<Wx+oOL1W#L>V3`3Z0@8_O<wrEV~+=nLL
zY2T!#{35W4TMM{8ZjY+({Z5_7b5FrF3c;V}G&?=u{daEsRESIA^GWKO3q}fY<0YZ<
z`2VZwx;aob3$FRj8NaKhr1?>@@&`X1?l+ccoe_GU(y8WrGT6s0qhV-I|CcE~z1nZb
z&)T&U;yv(-_zsNfepjE2Dp$be67jAVceZ=GwfdEKJmQ;0!!|zjbi$0EWh`C_zXVJ5
zN)q$o5Pu+U@5D!ozGAu<FG|H!c>f^0yc5-j?*^hpxhN6E@Zl8rAlh|}m;lA5ib<lI
z=m`I&h;eXcJe0|Y;|{Pdf-{pv8N4eKg;25syf1_E9mNdztQ7X0L^}Mt8jjLMSNMN?
z*!&d3JGUzs+y-0`Z)HQhB3I0WD^HacVWg{9FgObQLPl{rG|MLjOY76YRsocn3}+Gc
zEE3~@$30>oI9mcA3gPz)mv^N4cH71t(N9d1--M3>A`sOpO5{MXJ5`CJ`3*F%ZWMjs
zvn%1{Maki1+HQ*#L*Nqm09g_I{37WBLg)7guiGCbydGDaXay%o>CIvqh~cVO5g=6x
zpSk^U!sCHDmjZ8&E8_)Fr?R0Sa#bt~2`uCm&EZXRrPIE%JYuNi;&xfYjRsvJ72aSK
zz-@JkR}2CIkrspq&AISO(c%htgEa@Yi68mI0Qh(&@Ky#m769&8G+H$F0PKU|&0<yb
zx`lCIv`Avw8;Xtx2auuyC?ny)T7;VFJ}cJ1Abkno@rtA<S1hQdCYEGHC1_~h1Q$e?
z(UTDJZhx$ZMPKfRFHt~v{&1Y=EsLQa#nKakbu^UA%2G8v_E4<o1y`I3j-y(p!Y>V7
z*WW+{yd_W!X}{*LNdirWu7tnI;!6oAmte32Y)}xXToVI7pj<jWO&SW(djtA`5fXig
z-4dfTI}Qp?fq%*ipYVAxv?8_lU+V*eCn#(Q0Dp||MY$5CoG=*UHV-7)8%pMbkV>WB
zNLr$Bd0fHZ^-ut#8WMM1sZRn`0#ZQdLUqL*?FxX;y`hr!0_pb>zYy(3e>gJ~s_J0S
zcD6vo@j?`epY7lSQjwf#;9m$xAzDHSFGc0TY_AvwzYJ}tUl%VLMS1*5BF!T(^nn27
z3-k)(*Z2~`CmO>mNhHFt2afRN6S1-!d>zgTpv48B2gH4_A12bEi~u;WwUS#R#m9oY
z`@Fp~T;gOI?yFpn0kxIzqBts`lHeAN&g8(aFb1*qVg#Hk1@_CJI!pmfhRPp<;jR?0
zE|v&PmO={A*dCB7gR9VINNh-lIg*=vahtqC!=hh}Y43im=L@e4dU43;>06w%-BHE?
zBn9hh$UF2m-sN2vmmO|`;CSG;IYU={lKO`O8~rV?ief_odTIrSm;vC{XD*7J8j?Qp
zlKF7njg-g@+bwLrJ_e|_sBe8e&aC~aFGU1Q6hRiP6hWS`A}kewRTE+p@<@DcReUCw
zIL#+nwBnOIV?HDBDZ`Y`=Vyw~)t@!|<=OdVeb>(nEn<_!;1>;^z8B)gL2L?O!-(An
zf<Af1d`99ETQcJFOF(X$;&bK`85*CSi9e5{UJ4#BNM4&e>w#7CZ%^8{;TY6z4D--m
z*aL^yU%&)V_6?lx2aE+5upfXK|7G9?X8fo^nb(K2c*@zE!Y7!#VP{z8=7#J$7S3Y!
z9nP}x1ZLT8=&;F*8c$%_<@T%m8BbvT9L|*S1ZK+Nd>Ea<v`U)9e3vp>EQ!72aJGu>
zW40>Y#|$u>Z~9dZi6t<HlqE1v^iwWK86RF0Grn+U*9J~tW+(Hv5s+jJgdAlM<ZE5v
zxHDvMSHr#^B=iGh{)Sh^{7rg`S(@L5e9Wx%CH-{=2XL$0U-ViW@Jjg@>6B}Cgxak#
zQLNY4{#Jszs#N{n{P3xrZ8B**;7GyJjx@4>$MJ9fapdNr2U{*Xys3Q)KwZ}FU@!>|
zxqkm2)Nfak?Be5q7xr(j>EjD`%d~`D_R8w7TeeOm;i+09Pcp^61a3XIH(!Ne;7yS9
z`|u(;a~Lp$fq%swub>e@Jic||&`~*a2abJm>-|-C0*tCYm%<?pnvU`Mv~Jl*=-c9u
zG2X|eT5|p4JZLs@1&+HxSP74j9^M%zhjy?F8|t>!44}CapzrR%zB{y-@c&IPCYB4s
z29x05NEk3EhCzYb;5VR4uwlP?JjN^PH~d@0tv8P8af|X2Y^LgCWWcN?B8z4c{1_xi
zp0NZC64XZqAb<G#M_;8<o{9U<6`!A6^@G+9Il(7cwBnOIV?HDBDMz<-KDR4A2W2|V
zCt0-OlRRTSBk(Cl6m>qoP<%c%#%Vsuq7|Ry8S_~eKEG6auDHW#KFOjLpX3?ySr<P4
zqxifldBN_Qew-8SCs}MQ6EzrjJJ~Rtl4CwZo-v<w;d6)Lb4i-he3C^gKFKrYGXkG-
zJWy{xzfyeu`Htld*H5x&#V2{jd`93CC;G?fe15I?yz~{P`6P>0e3EC(X9PawJvus{
zI~AWRd$;|@+4hqxTJcGqF`p6ml(~n_=Pt$Pl(7{-XZa+HSEzib;+fkF`4D-=d`93i
zxysc+-tR%<eg9Q_rc4aD+lJ>UoXBs<q7|Ry8S_~eK6fiVrx#3!a+XiBXvHUa#(dU=
z&u<i;OAeJd%qLm2;*&gMKI_8g9>wP^-ZBUH)bHaVi)MV5!%P8r#(dV6PoGDKy^7C0
ze_PnFCf;Vm6|SSF3h;PN)snmeQF*JceJ9%&RWr|j9AM{p{-4e~|C#q;cZTWNEciDZ
z_BTelj|b-Y@eU!J=XclhY<@?R*?baX_@<smCq0`9vU>=I4OhU6M9Wp(P}ONRzqWJd
zSpPAP#`}K0RdHZZr$t&EICbyIP4tuz9+%GRHtJw->-x%)X}{t7`LHtlB=6@t?>JDu
z&sUh;MM3&AtNJT7opRMTRDI)J6za(jx}OinKlZ8m-DR9v{kHSI7_w-^D0#+=Mqu=;
zdH4N_&%_d^`6P>0e3EC(XI=O_p!ocBuG4&yMJqnZGv>1{d>&MM?p^3KpJdUBPx6fU
ztP7uq6rb)*uEsU}WXg~2Y(L2&%>$)heoweFgc%We#(dU=&%=t(<)1svCt0-OlRRTS
z>%!*|#pmg`c!%pJS+wGlJYzm1@OjpKG1ZFCpO2r^#MyXD7U@33sjVsu@s>PeJ|ppo
zix}wh?nf1$bMBdu<}9CNk>(B3TaGsHNuDvE5%>(^^Rhah#}uF2ez@CVKFOjLpX3?y
z8G%n1_6~GDk1IaM&AZ28KFOjLpX3?y8G%o@FQ&VJ&+inUV)Nad?T@$mJS|z=b=d=n
zZ8L?4PsM$e3ny<XV8$Wr8LS0>8?TUa)(ScJkRm+zNcHm|07dKZpXk=PO^5J(PBc$j
zU;R(B$vCn|;|UwC`0UsU@Mt#h*#;)%$TO~=hWc5@$vCJ8F60^K<0=5v6RQ61-xhQ9
zeE1I3YK5!)YVx(MeBM@8$3(K2c{;WFw{zDGT=UF^0SCSf@x2u|C(oE~1K%%q-~Zi^
zTp@6|L_A*IW!8`$P4~~ti2AS!mz@bfxP!GuaLE&Vl=_?xOgD#u&%yO@Tb1VtKUWWv
zj`9&{c%~YAoV51kKi9{|CBtf#1ygI<CAfqSo~H({M0fe@Gd`bfT#n6n8^CCI+PVOq
z&&Fr0i{J_EscJbdTqzHX!wWXKsu=1N_1X;fCzW24N5|Qy*AYsu?KHiTMJv6MXRKFK
zz1FWV<O+4D2h_y|*q>6mNGy8JMqR|YLM!z()^tG@&2;f`pvE)Sg+Uja9`fCdi^yUu
z!{hEZcNwu{ec=<M)3fqTmV`KG9E*i$fpIJxweSQ+Ew_wJ5XM@;30yW8x2ani$naAD
z!6vkLB^GqcB_W{g35T#0Ao|CKu}<PDaV;zmdX-#0wgaqc)CJykg8kLf7pY&=aaYjs
z4@$>*-#0pDUwb@L#kVG!j>)2xj>$9Dv8j%oRt*e%p<Ylo<*+}kbTcV?S6s*Q$lGg|
z$GxR=(?-(`Sv1qlNX;|WjX^iZe(l~#i*Dob+K0>YdJKKK=i0$fEj*t*t`)=*T8w<@
ziUwySX`#62!?ko%p&+h4jtj@F{D)UA5{zqLs}-EJJdW0`1rpU3THzM;M)4}BbXT?}
zCt#oMC|)(wbVnAgbVr`C?hLx4cGu~6C0_JVy!sLcWYl{9H<WK`ZJ%yhn#3!zxNKi)
z_06v@>$AN4gVvwGs^B=z;Pcmb#=0@+hT;_l13fUna%`b3x*_sPalxhd&Ahz-mG<#V
zaUofY3uMuXU-FFkHSl|(;sUHmPH~|bXv?j1lQl7|pMAQa{(VzTH)PRFH_Kosggj&2
z7<5D9Q5YBMZ{SD%2@cc)#uJPyQA!u{(<a%d3$yluESl+JBzQ=ku`Ud{uxc;jWoset
zGuGP+kK*^p=l9ykFSQqX9!VCh_$AMnUjx4vs=a`}KB2c4(MmVfr*_<8e|w?NUy#MM
zX{puk?Z36(@)L^>f3P5wM`Bzc&saAG-PCt`f&Cb@QG0=VuhPYR!*)8L3w@q|EL!P;
zJY!urql?`;NEcl}7Y&py_P&{rXJ5Rac1E8kAd6<Yz<wur#=0=*!j5(ZW5&5g<>4<S
zp<bvz>r=XEaU$CR-RR@;WYJ7FI8RQVv2HF3-N2s?B;8=#iBY<FHfKivblb+|&HA%s
z(M&fuFG-%UZVbAyCqKczGdCIaK>gWRrHkLUTx+8)%=)ur(MlKO8SBEJ3$y+#wj-hb
zto*BadVe-f@mrX($wq!D&(Qm`WYLOW@{IX4@Oz>143H4D7e0s&@k%$ZmQR>tUwbh?
z&5P*$S+Y2BP-=DC;*I?u?C?=xOBj8_d69US<s;8nHwNA4?L|5aC*$16x$YRjKSxp`
z|LSNyTnpz@<c9oX`+)ldrGwO>A_sJ!_g~4Pl@7==)`8tRNCzFjA5N27Zt&fC_Qit|
z6%X|ODp@qs!TXJBJYyXgbfC8*6c1{17nxa1I9DGvBn^Q&!MK6@fYM7v!6^syqW4qD
zqLp6AGuF$+q8H3p6O~@3eR}=l_Qe;oeh67K(+iGkkY}tHgI>(~Au4}R;XuxpQangf
z{N6EXqmBGh`=R$k$f6a$<Qem8;P(Qy9~ciBD!uGUsd~xTct93!cs#ZGm|OIEJ*U&a
z;Pz1e1IMe#GuDeiFIMp&d|y`R{t1c)jTFBtyN!O?K7J`4==WujMJs;EGv?R8?*)tp
z*blu#>1Fq#CKdMSg~lWF`?1KPnO-nIAkSDY2EEuY9)aybW2J*Y*9kW2z${NBi&i=y
z&sYZr9ayysq48>&Dk87cE;Ld6UVeJIjr>x(py!EX(TZR4jQKV2dx6`9rb;hs#@|wD
zf4iWMQ<KGDgVgG`a|3-A7j56M<&jXHh~rY^8SBNMm-=WIR8FanQ#VsO=<F|WKnMCb
zHCeRM0eQwcuv-T>?wG7}P=50w8+AbKhdxeC7R_{k^H$^;>%gFc`f5KgCY;AO^`%NL
zZ>+C$Kri|@HCZ&%3yw38XRMctMK9RiT&DDLw4(Gc_U9XVKa?z*=>_8pdB%D%=*5P7
z1N$q@l@5mQns1{H%=)2Z(Mkv88SB8H1G9c8wiy=v&=!i{W$!&@BfpeK=>1T#XvHsi
z#{3%iy?}WH-cOmL^pY?;bFY2v0^MJ$_e06z)>f(2z8A9lR`wYC?US&Y7Tzy~{ZR6Z
z^<vPA-Y(R~^P*mw^$e{KhT~bNi<U|ke|oE@1G>=rrDV}c7vvf1!f9RLeU_<87d^_y
z*{BP;FIVrUl0`FJ+y!2dXRHf@F7)<=;ze!lr;4<=AjXVZ^jYb?T->KA-4s3lf&;qI
z`>SNpOgGqHCC^wl7n5#kS|vVW1Q-EEfDvE>7y(9r5nu!u0Y-okU<4QeMt~7u1Q-EE
zfDvE>7y(9r5nu!u0Y-okU<4QeMt~7u1Q-EEfDvE>7y(9r5nu!u0Y-okU<4QeMt~7u
z1Q-EEfDvE>7y(9r5nu!u0Y-okU<4QeMt~7u1Q-EEfDvE>7y(9r5nu!u0Y-okU<4Qe
XMt~7u1Q-EEfDvE>7y(AW9t8degfO(p

literal 0
HcmV?d00001