Exce
Depends on what Windows is doing behind the scenes :)
When you connect to \\server in windows it's doing a variety of things while actually connecting to \\server\ipc$.
Excellent point. I've tried midclt call smb.status AUTH_LOG |jq
and it returns....this:
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 3666
}
},
{
"timestamp": "2021-11-23T13:26:44.900492-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52325",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 2492
}
},
{
"timestamp": "2021-11-23T13:27:58.051421-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52444",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1590
}
},
{
"timestamp": "2021-11-23T13:28:20.512268-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52487",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1177
}
},
{
"timestamp": "2021-11-23T13:28:42.337757-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52530",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1097
}
},
{
"timestamp": "2021-11-23T13:29:59.484456-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52661",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 2223
}
},
{
"timestamp": "2021-11-23T13:30:50.213841-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52748",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1164
}
},
{
"timestamp": "2021-11-23T13:30:54.031566-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52760",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1210
}
},
{
"timestamp": "2021-11-23T13:31:26.205781-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:52808",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1297
}
},
{
"timestamp": "2021-11-23T13:34:52.722622-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:53159",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 2085
}
},
{
"timestamp": "2021-11-23T13:35:30.297020-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.183:445",
"remoteAddress": "ipv4:192.168.0.104:49802",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "Andrew",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "Andrew",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1064
}
},
{
"timestamp": "2021-11-23T13:35:30.324326-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.183:445",
"remoteAddress": "ipv4:192.168.0.104:49803",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "Andrew",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "Andrew",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1112
}
},
{
"timestamp": "2021-11-23T13:35:30.336443-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.183:445",
"remoteAddress": "ipv4:192.168.0.104:49804",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "Andrew",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "Andrew",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1136
}
},
{
"timestamp": "2021-11-23T13:35:30.349431-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:192.168.0.183:445",
"remoteAddress": "ipv4:192.168.0.104:49805",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "Andrew",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "Andrew",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1090
}
},
{
"timestamp": "2021-11-23T13:36:00.438310-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.183:445",
"remoteAddress": "ipv4:192.168.0.104:49862",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1518
}
},
{
"timestamp": "2021-11-23T13:36:42.638060-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.183:445",
"remoteAddress": "ipv4:192.168.0.104:49954",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1496
}
},
{
"timestamp": "2021-11-23T14:15:18.597867-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55880",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 3547
}
},
{
"timestamp": "2021-11-23T14:15:18.610536-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55881",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1721
}
},
{
"timestamp": "2021-11-23T14:15:18.624876-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55882",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1620
}
},
{
"timestamp": "2021-11-23T14:15:18.704478-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55884",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1726
}
},
{
"timestamp": "2021-11-23T14:15:18.716524-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55885",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1735
}
},
{
"timestamp": "2021-11-23T14:15:18.728933-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55886",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1482
}
},
{
"timestamp": "2021-11-23T14:15:18.740824-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55887",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1541
}
},
{
"timestamp": "2021-11-23T14:15:18.762227-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55888",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1517
}
},
{
"timestamp": "2021-11-23T14:15:18.774457-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55889",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1440
}
},
{
"timestamp": "2021-11-23T14:15:35.076482-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:55947",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1479
}
},
{
"timestamp": "2021-11-23T14:57:40.809734-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:58733",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 3410
}
},
{
"timestamp": "2021-11-23T14:57:40.835711-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:58734",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1513
}
},
{
"timestamp": "2021-11-23T14:57:40.847707-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:58735",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1524
}
},
{
"timestamp": "2021-11-23T14:57:40.860895-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:58736",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 1538
}
},
{
"timestamp": "2021-11-23T14:58:01.278975-0500",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:192.168.0.134:445",
"remoteAddress": "ipv4:192.168.0.104:58772",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "BLACKOUT",
"clientAccount": "homeuser",
"workstation": "BLACKOUT",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "homeuser",
"mappedDomain": "BLACKOUT",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannel