Forum Discussion

Bronze II

7 months ago

Solved

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5 hash of the file I am not getting the correct hash. I've removed any trailing white spaces and return characters. Not matter the setup, I just can't seem to find the special sauce on this one. I've tried numerous approaches and still get a no go. Any tips?

RobN
7 months ago
I think you have the artifacts right as you posted the same code I did. If you paste it into cyberchef and then look at the right hand side and click on crlf, try changing it to line feed (see screenshot) and then delete all the red marks that show up. This should give the correct hash (if you select md5 from the cyberchef recipe menu).

28 Replies

No RepliesBe the first to reply

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Custom_Scripts\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"featuredPlacesWidget({\"coreNodeId\":\"board:help\",\"instanceId\":\"featuredWidgets.widget.featuredPlacesWidget-1717580201341\",\"quiltId\":\"ForumMessagePage\"})":{"__typename":"FeaturedPlacesWidget","coreNodes({\"first\":1})":{"__typename":"CoreNodeConnection","totalCount":1,"edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Forum:board:help"}}],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null}},"lastModified":1717580287881,"lastModifiedUser":{"__ref":"User:user:5"}},"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/EscalatedMessageBanner\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/EscalatedMessageBanner-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSolvedBadge\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSolutionList\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSolutionList-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListMenu\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListMenu-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/AcceptedSolutionButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/AcceptedSolutionButton-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/nodes/NodeView/NodeViewCard\"]})":[{"__ref":"CachedAsset:text:en_US-components/nodes/NodeView/NodeViewCard-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1748913817420"}],"messages({\"constraints\":{\"solution\":{\"eq\":true},\"topicId\":{\"eq\":\"message:911\"}},\"first\":10,\"sorts\":{\"postTime\":{\"direction\":\"ASC\"}}})":{"__typename":"MessageConnection","edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8aXwxMHwzOToxfGludCw5NjIsOTYy","node":{"__ref":"AcceptedSolutionMessage:message:962"}}],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null},"totalCount":1},"message({\"id\":\"message:998\"})":{"__ref":"ForumReplyMessage:message:998"},"message({\"id\":\"message:968\"})":{"__ref":"ForumReplyMessage:message:968"},"message({\"id\":\"message:912\"})":{"__ref":"ForumReplyMessage:message:912"},"message({\"id\":\"message:913\"})":{"__ref":"ForumReplyMessage:message:913"},"message({\"id\":\"message:935\"})":{"__ref":"ForumReplyMessage:message:935"},"message({\"id\":\"message:937\"})":{"__ref":"ForumReplyMessage:message:937"},"message({\"id\":\"message:946\"})":{"__ref":"ForumReplyMessage:message:946"},"message({\"id\":\"message:954\"})":{"__ref":"ForumReplyMessage:message:954"},"message({\"id\":\"message:948\"})":{"__ref":"ForumReplyMessage:message:948"},"message({\"id\":\"message:949\"})":{"__ref":"ForumReplyMessage:message:949"},"message({\"id\":\"message:950\"})":{"__ref":"ForumReplyMessage:message:950"},"message({\"id\":\"message:960\"})":{"__ref":"ForumReplyMessage:message:960"},"message({\"id\":\"message:961\"})":{"__ref":"ForumReplyMessage:message:961"},"message({\"id\":\"message:966\"})":{"__ref":"ForumReplyMessage:message:966"},"message({\"id\":\"message:2166\"})":{"__ref":"ForumReplyMessage:message:2166"},"coreNode({\"id\":\"community:dnvaw96485\"})":{"__ref":"Community:community:dnvaw96485"},"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/common/ExternalLinkWarningModal\"]})":[{"__ref":"CachedAsset:text:en_US-components/common/ExternalLinkWarningModal-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"components/tags/TagView/TagViewChip\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1748913817420"}],"cachedText({\"lastModified\":\"1748913817420\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeTitle\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1748913817420"}],"message({\"id\":\"message:962\"})":{"__ref":"AcceptedSolutionMessage:message:962"}},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","entityType":"USER","eventPath":"community:dnvaw96485/user:-1","uid":-1,"login":"Anonymous","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"true","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MM-dd-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1748914112628":{"__typename":"CachedAsset","id":"pages-1748914112628","value":[{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"WorkstreamsPage","type":"COMMUNITY","urlPath":"/workstreams","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1748914112628,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOS1zNm9LWmk\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOS1zNm9LWmk","height":160,"width":141,"mimeType":"image/png"},"Rank:rank:9":{"__typename":"Rank","id":"rank:9","position":19,"name":"Bronze II","color":"C69A70","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOS1zNm9LWmk\"}"},"rankStyle":"FILLED"},"User:user:512":{"__typename":"User","id":"user:512","uid":512,"login":"-jlo-","deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/dS01MTItc3ZacTBu?image-coordinates=23%2C0%2C226%2C202"},"rank":{"__ref":"Rank:rank:9"},"email":"","messagesCount":8,"biography":null,"topicsCount":1,"kudosReceivedCount":18,"kudosGivenCount":21,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-11-05T05:00:28.400-08:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:dnvaw96485/user:512"},"Category:category:help":{"__typename":"Category","id":"category:help","entityType":"CATEGORY","displayId":"help","nodeType":"category","depth":1,"title":"Help","shortTitle":"Help","parent":{"__ref":"Category:category:top"}},"Category:category:top":{"__typename":"Category","id":"category:top","entityType":"CATEGORY","displayId":"top","nodeType":"category","depth":0,"title":"Top","shortTitle":"Top"},"Forum:board:help":{"__typename":"Forum","id":"board:help","entityType":"FORUM","displayId":"help","nodeType":"board","depth":2,"conversationStyle":"FORUM","repliesProperties":{"__typename":"RepliesProperties","sortOrder":"LIKES","repliesFormat":"threaded"},"tagProperties":{"__typename":"TagNodeProperties","tagsEnabled":{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"PRESET_ONLY","description":"Do you have a question about an Immersive product or feature? This is where the experts hang out, and they are always happy to help!","title":"Help & Support Forum","shortTitle":"Help & Support Forum","parent":{"__ref":"Category:category:help"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:dnvaw96485"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:help"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"theme":{"__ref":"Theme:customTheme1"},"boardPolicies":{"__typename":"BoardPolicies","canViewSpamDashBoard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.access_spam_quarantine.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.access_spam_quarantine.allowed.accessDenied","args":[]}},"canArchiveMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.content_archivals.enable_content_archival_settings.accessDenied","key":"error.lithium.policies.content_archivals.enable_content_archival_settings.accessDenied","args":[]}},"canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canManageFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","args":[]}},"canUpdateFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"linkProperties":{"__typename":"LinkProperties","isExternalLinkWarningEnabled":true},"forumPolicies":{"__typename":"ForumPolicies","canManageFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.admin_featured_widget.allowed.accessDenied","args":[]}},"canUpdateFeaturedWidget":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","key":"error.lithium.policies.feature.featured_widgets.action.update_featured_widget.allowed.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bi00MS1jS0RtS1k\"}"},"eventPath":"category:help/community:dnvaw96485board:help/"},"ForumTopicMessage:message:911":{"__typename":"ForumTopicMessage","uid":911,"subject":"FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","id":"message:911","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:911","revisionNum":1,"repliesCount":28,"author":{"__ref":"User:user:512"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:help"},"conversation":{"__ref":"Conversation:conversation:911"},"readOnly":false,"editFrozen":false,"showMoveIndicator":false,"moderationData":{"__ref":"ModerationData:moderation_data:911"},"body":"

","body@stringLength":"1240","rawBody":"

","kudosSumWeight":1,"postTime":"2024-11-05T05:08:50.771-08:00","images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05MTEtZER1R1dN?revision=1\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05MTEtRUF5SEZl?revision=1\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuNHwyLjF8b3wxMHxfTlZffDE","node":{"__typename":"Tag","id":"tag:defensive cyber","text":"defensive cyber","time":"2024-05-28T08:37:04.520-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:911_1"},"latestVersion":null,"metrics":{"__typename":"MessageMetrics","views":479},"read":false,"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"isEscalated":null,"placeholder":false,"originalMessageForPlaceholder":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}},"archivalData":null,"searchSnippet":"For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5...","replies":{"__typename":"MessageConnection","edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxMHwxNDowLDM5OjF8MQ","node":{"__ref":"ForumReplyMessage:message:937"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxMHwxNDowLDM5OjF8Mg","node":{"__ref":"ForumReplyMessage:message:948"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxMHwxNDowLDM5OjF8Mw","node":{"__ref":"ForumReplyMessage:message:966"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxMHwxNDowLDM5OjF8NA","node":{"__ref":"ForumReplyMessage:message:968"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxMHwxNDowLDM5OjF8NQ","node":{"__ref":"ForumReplyMessage:message:912"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxMHwxNDowLDM5OjF8Ng","node":{"__ref":"ForumReplyMessage:message:2166"}}],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[]},"Conversation:conversation:911":{"__typename":"Conversation","id":"conversation:911","solved":true,"topic":{"__ref":"ForumTopicMessage:message:911"},"lastPostingActivityTime":"2025-05-03T15:44:36.031-07:00","lastPostTime":"2025-05-03T15:44:36.031-07:00","unreadReplyCount":28,"isSubscribed":false},"ModerationData:moderation_data:911":{"__typename":"ModerationData","id":"moderation_data:911","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05MTEtZER1R1dN?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05MTEtZER1R1dN?revision=1","title":"dropa.jpg","associationType":"BODY","width":2512,"height":1118,"altText":""},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05MTEtRUF5SEZl?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05MTEtRUF5SEZl?revision=1","title":"dropb.jpg","associationType":"BODY","width":2508,"height":1113,"altText":""},"Revision:revision:911_1":{"__typename":"Revision","id":"revision:911_1","lastEditTime":"2024-11-05T05:08:50.771-08:00"},"CachedAsset:theme:customTheme1-1748913818188":{"__typename":"CachedAsset","id":"theme:customTheme1-1748913818188","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"67445c86d118f03d29f3e02f_Immersive_Favicon-1739352646053.png","imageLastModified":"1739352647623","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"Community_Logo_-_Light-1739352757482.png","imageLastModified":"1739352759022","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_BROWSER","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-body-bg)","primaryTextHoverColor":"var(--lia-bs-body-bg)","primaryTextActiveColor":"var(--lia-bs-body-bg)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-body-color)","secondaryTextHoverColor":"hsl(var(--lia-bs-body-color-h), var(--lia-bs-body-color-s), calc(var(--lia-bs-body-color-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-body-color-h), var(--lia-bs-body-color-s), calc(var(--lia-bs-body-color-l) * 0.9))","secondaryBgColor":"var(--lia-bs-body-bg)","secondaryBgHoverColor":"hsl(var(--lia-bs-body-bg-h), var(--lia-bs-body-bg-s), calc(var(--lia-bs-body-bg-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-body-bg-h), var(--lia-bs-body-bg-s), calc(var(--lia-bs-body-bg-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-body-bg)","destructiveTextHoverColor":"var(--lia-bs-body-bg)","destructiveTextActiveColor":"var(--lia-bs-body-bg)","destructiveBgColor":"var(--lia-bs-danger)","destructiveBgHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.85))","destructiveBgActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.7))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"LIGHT","sideContent":"LIGHT","radiusSm":"6px","radius":"10px","radiusLg":"18px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#26B5E6","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#3CA7A1","blogColor":"#3CA7A1","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#6E6F7C","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#E45C65","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#9AE8E8","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#4563FF","secondary":"#333333","bodyText":"#10122A","bodyBg":"#F9F9FA","info":"#26B5E6","success":"#3CA7A1","warning":"#FBDC55","danger":"#E45C65","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#26B5E6","#E45C65","#6E6F7C","#D7D5E2","#C69A70","#FBDC55","#9AE8E8","#3CA7A1"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"500","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20px","h6FontSize":"16px","lineHeight":"1.3","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"40px","defaultMessageHeaderMarginBottom":"20px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"30px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"30px","tableBgColor":"transparent","tableBorderColor":"var(--lia-bs-gray-700)","tableBorderStyle":"solid","tableCellPaddingX":"5px","tableCellPaddingY":"5px","tableTextColor":"var(--lia-bs-body-color)","tableVerticalAlign":"middle","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Inter","fontStyleBase":"NORMAL","fontWeightBase":"300","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.5","fontSizeBase":"16px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"14px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"GOOGLE","name":"Geologica","styles":[{"style":"NORMAL","weight":"100","__typename":"FontStyleData"},{"style":"NORMAL","weight":"500","__typename":"FontStyleData"}],"assetNames":["Geologica-normal-100.woff2","Geologica-normal-500.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1748913817420","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:immersivelabs.prod:pages/forums/ForumMessagePage:board:help-1748913816574":{"__typename":"CachedAsset","id":"quilt:immersivelabs.prod:pages/forums/ForumMessagePage:board:help-1748913816574","value":{"id":"ForumMessagePage","container":{"id":"Common","headerProps":{"backgroundImageProps":null,"backgroundColor":null,"addComponents":null,"removeComponents":["community.widget.bannerWidget"],"componentOrder":null,"__typename":"QuiltContainerSectionProps"},"headerComponentProps":{"community.widget.breadcrumbWidget":{"disableLastCrumbForDesktop":false}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"message-list","layout":"MAIN_SIDE","bgColor":null,"showTitle":null,"showDescription":null,"textPosition":null,"textColor":null,"sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"MainSideQuiltSection","columnMap":{"main":[{"id":"messages.widget.topicWithThreadedReplyListWidget","className":"lia-topic-with-replies","props":{"editLevel":"CONFIGURE"},"__typename":"QuiltComponent"}],"side":[{"id":"featuredWidgets.widget.featuredPlacesWidget","className":null,"props":{"instanceId":"featuredWidgets.widget.featuredPlacesWidget-1717580201341","layoutProps":{"layout":"card","cardSize":"xs","layoutOptions":{"useNodeDescription":false,"useUnreadMessagesCount":false,"useChildNodes":false,"useNodeTopicsCount":false,"useNodeAvatar":false,"useNodeLatestActivityTime":false},"textAlignment":"center","descriptionClampLines":1},"titleSrOnly":true,"showPager":false,"pageSize":1,"lazyLoad":false},"__typename":"QuiltComponent"},{"id":"messages.widget.relatedContentWidget","className":null,"props":{"hideIfEmpty":false,"enablePagination":true,"useTitle":true,"listVariant":{"type":"unstyled","props":{"listItemSpacing":"xxl"}},"pageSize":5,"style":"compact","pagerVariant":{"type":"loadMore"},"viewVariant":{"type":"inline","props":{"useRepliesCount":false,"useMedia":false,"useAuthorRank":false,"useNode":false,"boardIconSize":"24","useAuthorLoginLink":true,"useNodeLink":true,"usePreviewMedia":true,"timeStampType":"postTime","useTextBody":true,"useSolvedBadge":false,"subjectAs":"h6","renderPostTimeBeforeAuthor":true,"useAvatar":false,"useVideoPreview":false,"portraitClampBodyLines":3,"useCompactSpacing":true,"useTimeToRead":false,"useSpoilerFreeBody":true,"useKudosCount":false,"useViewCount":false,"useBody":false,"useTags":false,"clampSubjectLines":1,"useBoardIcon":false,"useMessageTimeLink":true,"useAuthorLogin":true}},"lazyLoad":false,"panelType":"standard"},"__typename":"QuiltComponent"},{"id":"messages.widget.messageListForNodeByRecentActivityWidget","className":null,"props":{"hideIfEmpty":true,"useTitle":true,"addTags":false,"titleContextVariant":"other","showTabs":false,"pageSize":5,"pagerVariant":{"type":"loadMore"},"style":"compact","viewVariant":{"type":"inline","props":{"useRepliesCount":false,"useMedia":false,"useAuthorRank":false,"useNode":false,"boardIconSize":"24","truncateBodyLength":-1,"useNodeLink":true,"usePreviewMedia":false,"timeStampType":"conversation.lastPostingActivityTime","avatarSize":"40","useTextBody":true,"useSolvedBadge":true,"subjectAs":"h6","renderPostTimeBeforeAuthor":true,"useAvatar":true,"useTimeToRead":false,"useSpoilerFreeBody":true,"useKudosCount":false,"useViewCount":false,"useBody":false,"useTags":false,"clampSubjectLines":1,"useBoardIcon":false,"useMessageTimeLink":true,"clampBodyLines":3,"useAuthorLogin":true,"useUnreadCount":false,"useNodeHoverCard":true,"useSearchSnippet":false}},"panelType":"divider","sorts":{"conversationLastPostingActivityTime":{"direction":"DESC"}},"lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"MainSideSectionColumns"}}],"__typename":"QuiltContainer"},"__typename":"Quilt","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1748913817420","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/forums/ForumMessagePage-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-pages/forums/ForumMessagePage-1748913817420","value":{"title":"{contextMessageSubject} | {communityTitle}","errorMissing":"This message cannot be found","name":"Forum Message Page","section.message-list.title":"Forum Discussion","archivedMessageTitle":"This Content Has Been Archived"},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1748913817420","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:quiltWrapper:immersivelabs.prod:Common:1748913817028":{"__typename":"CachedAsset","id":"quiltWrapper:immersivelabs.prod:Common:1748913817028","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":false,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"className":"QuiltComponent_lia-component-edit-mode__0nCcm","links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"get-started-link","params":{"boardId":"get-started","categoryId":"welcome"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"community-forum","categoryId":"welcome"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"community-blog","categoryId":"welcome"},"routeName":"BlogBoardPage"},{"linkType":"INTERNAL","id":"Common-community-challenge-link","params":{"boardId":"community-challenge","categoryId":"help"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"welcome"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"help","params":{"boardId":"help","categoryId":"help"},"routeName":"ForumBoardPage"},{"linkType":"EXTERNAL","id":"external-2","url":"https://community.immersivelabs.com/category/help/discussions/help?messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-ochszs-0=noSolutions","target":"SELF"},{"linkType":"INTERNAL","id":"cybertrust-massachusetts-link","params":{"groupHubId":"cybertrust-massachusetts"},"routeName":"GroupHubPage"},{"linkType":"EXTERNAL","id":"external-1","url":"https://immersivelabs.zendesk.com/hc/en-us","target":"BLANK"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"boardId":"help","categoryId":"discuss"},"routeName":"ForumBoardPage"},{"children":[{"linkType":"INTERNAL","id":"customer-blog","params":{"boardId":"customer-blog","categoryId":"blogs"},"routeName":"BlogBoardPage"},{"linkType":"INTERNAL","id":"the-human-connection-blog","params":{"boardId":"the-human-connection-blog","categoryId":"blogs"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"external","url":"https://www.immersivelabs.com/resources/blog","target":"BLANK"}],"linkType":"INTERNAL","id":"migrated-link-4","params":{"categoryId":"blogs"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"boardId":"customer-events","categoryId":"events"},"routeName":"EventBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"boardId":"community-events","categoryId":"events"},"routeName":"EventBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"events"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"cyber-million","categoryId":"cyber-million"},"routeName":"ForumBoardPage"},{"linkType":"EXTERNAL","id":"external-3","url":"https://community.immersivelabs.com/category/cyber-million/discussions/cyber-million?messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-ouwewl-0=noSolutions","target":"SELF"},{"linkType":"INTERNAL","id":"migrated-link-14","params":{"boardId":"cyber-million-blog","categoryId":"cyber-million"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"migrated-link-15","url":"https://www.immersivelabs.com/resources/cybermillion","target":"BLANK"}],"linkType":"INTERNAL","id":"migrated-link-12","params":{"categoryId":"cyber-million"},"routeName":"CategoryPage"}]},"style":{"boxShadow":"0","linkFontWeight":"500","controllerHighlightColor":"#E45C65","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"16px","linkBoxShadowHover":"none","backgroundOpacity":1,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"80px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"0px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"flex-end","linkColor":"var(--lia-bs-body-bg)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-body-color)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"0","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","paddingTop":"0px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-bg)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-bg)"},"showSearchIcon":true,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":true},"backgroundOpacity":50,"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"var(--lia-bs-body-bg)"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-body-color)","linkHighlightColor":"var(--lia-bs-body-bg)","visualEffects":{"showBottomBorder":false},"backgroundOpacity":100,"linkTextColor":"var(--lia-bs-body-bg)"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-gray-200)","items":[{"id":"community.widget.footerWidget","props":null,"__typename":"QuiltComponent"},{"id":"custom.widget.Custom_Scripts","props":{"widgetVisibility":"signedInOrAnonymous","customComponentId":"custom.widget.Custom_Scripts","useBackground":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:component:custom.widget.Custom_Scripts-en-us-1748913834008":{"__typename":"CachedAsset","id":"component:custom.widget.Custom_Scripts-en-us-1748913834008","value":{"component":{"id":"custom.widget.Custom_Scripts","template":{"id":"Custom_Scripts","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Custom_Scripts","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1748913817420","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1748913817420","value":{"messageMarkedAsSpam":"This post has been marked as spam","messageMarkedAsSpam@board:TKB":"This article has been marked as spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as abuse","preModCommentAuthorText":"This comment will be published as soon as it is approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived Content"},"localOverride":false},"CachedAsset:text:en_US-components/featured/places/FeaturedPlacesWidget-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/featured/places/FeaturedPlacesWidget-1748913817420","value":{"title":"Featured Places","description":"Custom list of categories, boards, and groups that you define","title@instance:featuredWidgets.widget.featuredPlacesWidget-1723716011813":"Cybersecurity Awareness Month","title@instance:featuredWidgets.widget.featuredPlacesWidget-1714054236434":"Explore The Community","title@instance:featuredWidgets.widget.featuredPlacesWidget-1717485561171":"Places","title@instance:featuredWidgets.widget.featuredPlacesWidget-1733305579381":"Cyber Countdown","title@instance:featuredWidgets.widget.featuredPlacesWidget-1714132737520":"First Time? Start Here ","title@instance:featuredWidgets.widget.featuredPlacesWidget-1717595852814":"","title@instance:featuredWidgets.widget.featuredPlacesWidget-1725897163378":"Explore Other Forums","title@instance:featuredWidgets.widget.featuredPlacesWidget-1716895063919":"Upcoming Events","title@instance:featuredWidgets.widget.featuredPlacesWidget-1725897102867":"Explore Other Forums","title@instance:featuredWidgets.widget.featuredPlacesWidget-1725896893799":"Explore Other Forums"},"localOverride":false},"CachedAsset:text:en_US-components/messages/RelatedContentWidget-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/RelatedContentWidget-1748913817420","value":{"title":"Related Content","emptyDescription":"No content to show"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1748913817420","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1714564690968":"Recent Blog Posts","title@instance:1715289331950":"Recent Discussions","title@instance:1711748122224":"Feed","title@instance:1714134050806":"What's New?"},"localOverride":false},"CachedAsset:text:en_US-components/community/FooterWidget-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/FooterWidget-1748913817420","value":{"homeLink":"Community Home","topOfPage":"Top of Page","buildHash":"Build Hash:","buildNumber":"Build Number:","buildTime":"Build Time:","privacyPolicy":"Privacy Policy","helpLink":"Help"},"localOverride":false},"Category:category:welcome":{"__typename":"Category","id":"category:welcome","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:community-blog":{"__typename":"Blog","id":"board:community-blog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:events":{"__typename":"Category","id":"category:events","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:cyber-million":{"__typename":"Category","id":"category:cyber-million","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:cyber-million":{"__typename":"Forum","id":"board:cyber-million","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:cyber-million-blog":{"__typename":"Blog","id":"board:cyber-million-blog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:community-events":{"__typename":"Occasion","id":"board:community-events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:community-forum":{"__typename":"Forum","id":"board:community-forum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:blogs":{"__typename":"Category","id":"category:blogs","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:the-human-connection-blog":{"__typename":"Blog","id":"board:the-human-connection-blog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:get-started":{"__typename":"Tkb","id":"board:get-started","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:community-challenge":{"__typename":"Tkb","id":"board:community-challenge","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:2370":{"__typename":"Conversation","id":"conversation:2370","topic":{"__typename":"ForumTopicMessage","uid":2370},"lastPostingActivityTime":"2025-06-05T08:20:37.193-07:00","solved":false},"ForumTopicMessage:message:2370":{"__typename":"ForumTopicMessage","subject":"Web App Hacking (Lab series): CVE-2022-42889 (Text4Shell) – Offensive","conversation":{"__ref":"Conversation:conversation:2370"},"id":"message:2370","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:2370","revisionNum":1,"uid":2370,"depth":0,"board":{"__ref":"Forum:board:help"},"author":{"__typename":"User","uid":1574,"login":"JWhit101","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-5.svg?time=0"}},"metrics":{"__typename":"MessageMetrics","views":30},"postTime":"2025-06-04T13:36:26.167-07:00","lastPublishTime":"2025-06-04T13:36:26.167-07:00","readOnly":false},"Conversation:conversation:2042":{"__typename":"Conversation","id":"conversation:2042","topic":{"__typename":"ForumTopicMessage","uid":2042},"lastPostingActivityTime":"2025-06-05T06:31:23.350-07:00","solved":false},"ForumTopicMessage:message:2042":{"__typename":"ForumTopicMessage","subject":"Windows Sysinternals: ProcDump","conversation":{"__ref":"Conversation:conversation:2042"},"id":"message:2042","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:2042","revisionNum":1,"uid":2042,"depth":0,"board":{"__ref":"Forum:board:help"},"author":{"__typename":"User","uid":635,"login":"posewadone23","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-7.svg?time=0"}},"metrics":{"__typename":"MessageMetrics","views":50},"postTime":"2025-04-22T10:34:39.338-07:00","lastPublishTime":"2025-04-22T10:34:39.338-07:00","readOnly":false},"Conversation:conversation:2259":{"__typename":"Conversation","id":"conversation:2259","topic":{"__typename":"ForumTopicMessage","uid":2259},"lastPostingActivityTime":"2025-06-05T02:35:13.213-07:00","solved":true},"ForumTopicMessage:message:2259":{"__typename":"ForumTopicMessage","subject":"S3: Demonstrate Your Skills","conversation":{"__ref":"Conversation:conversation:2259"},"id":"message:2259","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:2259","revisionNum":1,"uid":2259,"depth":0,"board":{"__ref":"Forum:board:help"},"author":{"__typename":"User","uid":1551,"login":"Madan","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-8.svg?time=0"}},"metrics":{"__typename":"MessageMetrics","views":62},"postTime":"2025-05-18T13:12:58.359-07:00","lastPublishTime":"2025-05-18T13:12:58.359-07:00","readOnly":false},"Conversation:conversation:2337":{"__typename":"Conversation","id":"conversation:2337","topic":{"__typename":"ForumTopicMessage","uid":2337},"lastPostingActivityTime":"2025-06-05T00:10:15.061-07:00","solved":true},"ForumTopicMessage:message:2337":{"__typename":"ForumTopicMessage","subject":"Investigating IAM Incidents in AWS: Preparation","conversation":{"__ref":"Conversation:conversation:2337"},"id":"message:2337","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:2337","revisionNum":1,"uid":2337,"depth":0,"board":{"__ref":"Forum:board:help"},"author":{"__typename":"User","uid":1426,"login":"dpnotnull","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-12.svg?time=0"}},"metrics":{"__typename":"MessageMetrics","views":18},"postTime":"2025-06-01T04:07:24.412-07:00","lastPublishTime":"2025-06-01T04:07:24.412-07:00","readOnly":false},"Conversation:conversation:2312":{"__typename":"Conversation","id":"conversation:2312","topic":{"__typename":"ForumTopicMessage","uid":2312},"lastPostingActivityTime":"2025-06-05T00:08:20.879-07:00","solved":false},"ForumTopicMessage:message:2312":{"__typename":"ForumTopicMessage","subject":"Incident Response and Forensics for EC2: Preparation","conversation":{"__ref":"Conversation:conversation:2312"},"id":"message:2312","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:2312","revisionNum":1,"uid":2312,"depth":0,"board":{"__ref":"Forum:board:help"},"author":{"__typename":"User","uid":1426,"login":"dpnotnull","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-12.svg?time=0"}},"metrics":{"__typename":"MessageMetrics","views":44},"postTime":"2025-05-27T03:13:53.164-07:00","lastPublishTime":"2025-05-27T03:13:53.164-07:00","readOnly":false},"User:user:1447":{"__typename":"User","id":"user:1447","uid":1447,"login":"retornet","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2025-05-01T11:42:26.915-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-10.svg?time=0"},"rank":{"__ref":"Rank:rank:9"},"messagesCount":7,"kudosGivenCount":2,"kudosReceivedCount":7,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":2,"entityType":"USER","eventPath":"community:dnvaw96485/user:1447"},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bi00MS1jS0RtS1k\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bi00MS1jS0RtS1k","mimeType":"image/svg+xml"},"ForumTopicMessage:message:2227":{"__typename":"ForumTopicMessage","uid":2227,"subject":"APT29 Threat Hunting with Splunk: Ep.4 – Clean-up & Reconnaissance","id":"message:2227","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:2227","revisionNum":1,"repliesCount":5,"author":{"__ref":"User:user:1447"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:help"},"conversation":{"__ref":"Conversation:conversation:2227"},"moderationData":{"__ref":"ModerationData:moderation_data:2227"},"postTime":"2025-05-12T20:22:45.357-07:00","lastPublishTime":"2025-05-12T20:22:45.357-07:00","readOnly":false,"metrics":{"__typename":"MessageMetrics","views":98},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null},"Conversation:conversation:2227":{"__typename":"Conversation","id":"conversation:2227","solved":true,"topic":{"__ref":"ForumTopicMessage:message:2227"},"lastPostingActivityTime":"2025-06-04T13:26:27.008-07:00","lastPostTime":"2025-06-04T13:26:27.008-07:00","isSubscribed":false},"ModerationData:moderation_data:2227":{"__typename":"ModerationData","id":"moderation_data:2227","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:2227":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:2227","relatedMessage":{"__ref":"ForumTopicMessage:message:2227"}},"User:user:1361":{"__typename":"User","id":"user:1361","uid":1361,"login":"technowooki","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2025-04-11T06:04:24.709-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-2.svg?time=0"},"rank":{"__ref":"Rank:rank:9"},"messagesCount":3,"kudosGivenCount":0,"kudosReceivedCount":3,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:dnvaw96485/user:1361"},"ForumTopicMessage:message:1977":{"__typename":"ForumTopicMessage","uid":1977,"subject":"APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills - Question to Q9","id":"message:1977","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:1977","revisionNum":1,"repliesCount":3,"author":{"__ref":"User:user:1361"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:help"},"conversation":{"__ref":"Conversation:conversation:1977"},"moderationData":{"__ref":"ModerationData:moderation_data:1977"},"postTime":"2025-04-12T01:39:22.493-07:00","lastPublishTime":"2025-04-12T01:39:22.493-07:00","readOnly":false,"metrics":{"__typename":"MessageMetrics","views":109},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null},"Conversation:conversation:1977":{"__typename":"Conversation","id":"conversation:1977","solved":true,"topic":{"__ref":"ForumTopicMessage:message:1977"},"lastPostingActivityTime":"2025-04-15T00:48:53.094-07:00","lastPostTime":"2025-04-15T00:48:53.094-07:00","isSubscribed":false},"ModerationData:moderation_data:1977":{"__typename":"ModerationData","id":"moderation_data:1977","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:1977":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:1977","relatedMessage":{"__ref":"ForumTopicMessage:message:1977"}},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOC1DNldCZUw\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOC1DNldCZUw","height":160,"width":141,"mimeType":"image/png"},"Rank:rank:8":{"__typename":"Rank","id":"rank:8","position":20,"name":"Bronze I","color":"C69A70","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstOC1DNldCZUw\"}"},"rankStyle":"FILLED"},"User:user:1546":{"__typename":"User","id":"user:1546","uid":1546,"login":"ArthurDent","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2025-05-16T09:27:50.462-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-10.svg?time=0"},"rank":{"__ref":"Rank:rank:8"},"messagesCount":2,"kudosGivenCount":0,"kudosReceivedCount":0,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:dnvaw96485/user:1546"},"ForumTopicMessage:message:2253":{"__typename":"ForumTopicMessage","uid":2253,"subject":"APT29 Threat Hunting with Splunk Ep.11 Q11","id":"message:2253","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:2253","revisionNum":1,"repliesCount":1,"author":{"__ref":"User:user:1546"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:help"},"conversation":{"__ref":"Conversation:conversation:2253"},"moderationData":{"__ref":"ModerationData:moderation_data:2253"},"postTime":"2025-05-16T10:51:37.703-07:00","lastPublishTime":"2025-05-16T10:51:37.703-07:00","readOnly":false,"metrics":{"__typename":"MessageMetrics","views":31},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null},"Conversation:conversation:2253":{"__typename":"Conversation","id":"conversation:2253","solved":false,"topic":{"__ref":"ForumTopicMessage:message:2253"},"lastPostingActivityTime":"2025-05-16T11:07:03.158-07:00","lastPostTime":"2025-05-16T11:07:03.158-07:00","isSubscribed":false},"ModerationData:moderation_data:2253":{"__typename":"ModerationData","id":"moderation_data:2253","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:2253":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:2253","relatedMessage":{"__ref":"ForumTopicMessage:message:2253"}},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMTAtZkFjWTR6\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMTAtZkFjWTR6","height":160,"width":141,"mimeType":"image/png"},"Rank:rank:10":{"__typename":"Rank","id":"rank:10","position":18,"name":"Bronze III","color":"C69A70","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMTAtZkFjWTR6\"}"},"rankStyle":"FILLED"},"User:user:256":{"__typename":"User","id":"user:256","uid":256,"login":"AtakanBal","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-09-30T04:46:25.652-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-2.svg?time=0"},"rank":{"__ref":"Rank:rank:10"},"messagesCount":16,"kudosGivenCount":6,"kudosReceivedCount":12,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":2,"entityType":"USER","eventPath":"community:dnvaw96485/user:256"},"ForumTopicMessage:message:936":{"__typename":"ForumTopicMessage","uid":936,"subject":"dotCMS Remote Code Execution (CVE-2022-26352)","id":"message:936","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:936","revisionNum":1,"repliesCount":3,"author":{"__ref":"User:user:256"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:help"},"conversation":{"__ref":"Conversation:conversation:936"},"moderationData":{"__ref":"ModerationData:moderation_data:936"},"postTime":"2024-11-06T11:52:15.083-08:00","lastPublishTime":"2024-11-06T11:52:15.083-08:00","readOnly":false,"metrics":{"__typename":"MessageMetrics","views":119},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null},"Conversation:conversation:936":{"__typename":"Conversation","id":"conversation:936","solved":true,"topic":{"__ref":"ForumTopicMessage:message:936"},"lastPostingActivityTime":"2024-11-12T04:42:12.610-08:00","lastPostTime":"2024-11-12T04:42:12.610-08:00","isSubscribed":false},"ModerationData:moderation_data:936":{"__typename":"ModerationData","id":"moderation_data:936","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:936":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:936","relatedMessage":{"__ref":"ForumTopicMessage:message:936"}},"User:user:168":{"__typename":"User","id":"user:168","uid":168,"login":"clermagic225","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-09-18T20:06:03.380-07:00","confirmEmailStatus":null,"registrationAccessLevel":null,"ssoRegistrationFields":[]},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-3.svg?time=0"},"rank":{"__ref":"Rank:rank:9"},"messagesCount":3,"kudosGivenCount":0,"kudosReceivedCount":5,"kudosWeight":1,"ssoId":null,"followersCount":null,"solutionsCount":0,"entityType":"USER","eventPath":"community:dnvaw96485/user:168"},"ForumTopicMessage:message:858":{"__typename":"ForumTopicMessage","uid":858,"subject":"Help needed for Threat Hunting: Mining Behaviour","id":"message:858","entityType":"FORUM_TOPIC","eventPath":"category:help/community:dnvaw96485board:help/message:858","revisionNum":2,"repliesCount":5,"author":{"__ref":"User:user:168"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Forum:board:help"},"conversation":{"__ref":"Conversation:conversation:858"},"moderationData":{"__ref":"ModerationData:moderation_data:858"},"postTime":"2024-10-31T00:50:14.480-07:00","lastPublishTime":"2025-01-17T01:09:22.614-08:00","readOnly":false,"metrics":{"__typename":"MessageMetrics","views":316},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null},"Conversation:conversation:858":{"__typename":"Conversation","id":"conversation:858","solved":true,"topic":{"__ref":"ForumTopicMessage:message:858"},"lastPostingActivityTime":"2025-01-17T01:09:22.614-08:00","lastPostTime":"2024-11-03T21:47:02.636-08:00","isSubscribed":false},"ModerationData:moderation_data:858":{"__typename":"ModerationData","id":"moderation_data:858","status":"APPROVED","rejectReason":null},"RelatedContentMessage:RelatedContentMessage:858":{"__typename":"RelatedContentMessage","id":"RelatedContentMessage:858","relatedMessage":{"__ref":"ForumTopicMessage:message:858"}},"QueryVariables:TopicReplyList:message:911:1":{"__typename":"QueryVariables","id":"TopicReplyList:message:911:1","value":{"id":"message:911","first":10,"sorts":{"kudosSumWeight":{"direction":"DESC","order":0},"postTime":{"direction":"ASC","order":1}},"repliesFirst":3,"repliesFirstDepthThree":1,"repliesSorts":{"kudosSumWeight":{"direction":"DESC","order":0},"postTime":{"direction":"ASC","order":1}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":true,"useBody":true,"useKudosCount":true,"useTimeToRead":false,"useMedia":false,"useReadOnlyIcon":false,"useRepliesCount":true,"useSearchSnippet":false,"useAcceptedSolutionButton":true,"useSolvedBadge":false,"useAttachments":false,"attachmentsFirst":5,"useTags":true,"useNodeAncestors":false,"useUserHoverCard":false,"useNodeHoverCard":false,"useModerationStatus":true,"usePreviewSubjectModal":false,"useMessageStatus":true}},"ROOT_MUTATION":{"__typename":"Mutation"},"CachedAsset:text:en_US-components/community/Navbar-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1748913817420","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Events","external-1":"Help Centre","migrated-link-7":"Customer Stories Blog","migrated-link-8":"SME Blog","customer-blog":"Product Updates","migrated-link-1":"Community Blog","the-human-connection-blog":"Human Connection Blog","migrated-link-2":"Community Forum","Common-external-link":"Community Challenge","migrated-link-0":"Community","migrated-link-5":"Customer Blog","migrated-link-6":"Cyber Threat Research Blog","migrated-link-3":"Help","migrated-link-4":"Learn","cyber-countdown-link":"Cyber Countdown","migrated-link-14":"Cyber Million Blog","migrated-link-15":"Cyber Million Website","migrated-link-12":"Cyber Million","migrated-link-13":"Ask a Question","welcome":"Get Started","external-3":"Answer Questions","external-2":"Answer Questions","Common-community-challenge-link":"Community Challenge","migrated-link-10":"Customer Events","migrated-link-11":"Community Events","cybertrust-massachusetts-link":"CyberTrust Massachusetts","get-started-link":"Get Started","help":"Ask a Question","external":"Immersive Blog"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1748913817420","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1748913817420","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1748913817420","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/search/SpotlightSearchIcon-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/search/SpotlightSearchIcon-1748913817420","value":{"search":"Search"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1748913817420","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1748913817420","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1748913817420","value":{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solution","messageStatus":"Status: ","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added: {status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/ThreadedReplyList-1748913817420","value":{"title":"{count, plural, one{# Reply} other{# Replies}}","title@board:BLOG":"{count, plural, one{# Comment} other{# Comments}}","title@board:TKB":"{count, plural, one{# Comment} other{# Comments}}","title@board:IDEA":"{count, plural, one{# Comment} other{# Comments}}","title@board:OCCASION":"{count, plural, one{# Comment} other{# Comments}}","noRepliesTitle":"No Replies","noRepliesTitle@board:BLOG":"No Comments","noRepliesTitle@board:TKB":"No Comments","noRepliesTitle@board:IDEA":"No Comments","noRepliesTitle@board:OCCASION":"No Comments","noRepliesDescription":"Be the first to reply","noRepliesDescription@board:BLOG":"Be the first to comment","noRepliesDescription@board:TKB":"Be the first to comment","noRepliesDescription@board:IDEA":"Be the first to comment","noRepliesDescription@board:OCCASION":"Be the first to comment","messageReadOnlyAlert:BLOG":"Comments have been turned off for this post","messageReadOnlyAlert:TKB":"Comments have been turned off for this article","messageReadOnlyAlert:IDEA":"Comments have been turned off for this idea","messageReadOnlyAlert:FORUM":"Replies have been turned off for this discussion","messageReadOnlyAlert:OCCASION":"Comments have been turned off for this event"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1748913817420","value":{"leaveReply":"Leave a reply...","leaveReply@board:BLOG@message:root":"Leave a comment...","leaveReply@board:TKB@message:root":"Leave a comment...","leaveReply@board:IDEA@message:root":"Leave a comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking me!"},"localOverride":false},"CachedAsset:text:en_US-components/featured/places/FeaturedPlacesList-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/featured/places/FeaturedPlacesList-1748913817420","value":{"edit":"Edit Featured Places","header":"Featured Places"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1748913817420","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/BuildInformation-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/BuildInformation-1748913817420","value":{"buildHash":"Build Hash: {buildHash}","buildNumber":"Build Number: {buildNumber}","buildTime":"Build Time: {buildTime}"},"localOverride":false},"CachedAsset:text:en_US-components/community/KhorosLogo-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/KhorosLogo-1748913817420","value":{"alt":"Powered By Khoros"},"localOverride":false},"User:user:5":{"__typename":"User","id":"user:5","login":"KieranRowley","uid":5,"biography":"As the Director of Community here at Immersive I'm responsible for fostering this community, and leading our Cyber Million program which aims to help 1 Million people into cybersecurity jobs over the next decade. Prior to this I worked with the UK NCSC to design and deliver the inaugural program of CyberFirst events, a pioneering initiative aimed at inspiring and encouraging 14 - 18 year olds to consider careers in cybersecurity. I'm a member of the UK Cyber Security Council's Qualifications Careers Working Group and carried out extensive research into the UK's Cyber Security Skills Gap as part of my MSc in Cyber Security.","registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-05-24T06:50:29.451-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/dS01LWhuekFHMw?image-coordinates=0%2C0%2C656%2C656"},"rank":{"__ref":"Rank:rank:1"},"entityType":"USER","eventPath":"community:dnvaw96485/user:5"},"User:user:218":{"__typename":"User","id":"user:218","uid":218,"login":"CyberSharpe","biography":"Clem is the top IL employee.","registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-09-24T12:21:41.969-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/dS0yMTgtQXhlS2hk?image-coordinates=0%2C0%2C675%2C675"},"rank":{"__ref":"Rank:rank:10"},"entityType":"USER","eventPath":"community:dnvaw96485/user:218"},"ModerationData:moderation_data:937":{"__typename":"ModerationData","id":"moderation_data:937","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:937":{"__typename":"ForumReplyMessage","uid":937,"id":"message:937","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:937","revisionNum":1,"author":{"__ref":"User:user:218"},"readOnly":false,"repliesCount":5,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumTopicMessage:message:911"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:937"},"body":"

I used cyber chef for this. Making sure I didn’t have any additional spaces in between. I then created the file using the output save to function. Then ran an MD5SUM against it.

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"185","kudosSumWeight":3,"postTime":"2024-11-06T13:07:29.375-08:00","lastPublishTime":"2024-11-06T13:07:29.375-08:00","metrics":{"__typename":"MessageMetrics","views":196},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wzfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:946"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:946":{"__typename":"ModerationData","id":"moderation_data:946","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:946":{"__typename":"ForumReplyMessage","uid":946,"id":"message:946","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:946","revisionNum":1,"author":{"__ref":"User:user:512"},"readOnly":false,"repliesCount":4,"depth":2,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:937"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:946"},"body":"

Thanks CyberSharpe for your response. I have been using cyberchef but unfortunately in the environment that I am in I cannot save an actual file from the website, but I am able to copy/paste in the tools provided. Either way, doing the joining natively on my box or using cyberchef (copy/paste) I am getting the same MD5 hash - which isn't working for the question.

A question if you have a moment, please. I'm not looking for the answer here, but in your script is your first AND last line, respectively, these (below)?

$EncodedCompressedFile = @'
$Output | IEX

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"208","kudosSumWeight":3,"postTime":"2024-11-07T05:03:28.708-08:00","lastPublishTime":"2024-11-07T05:03:28.708-08:00","metrics":{"__typename":"MessageMetrics","views":190},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:954"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:954":{"__typename":"ModerationData","id":"moderation_data:954","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:954":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:218"},"id":"message:954","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:954","revisionNum":1,"uid":954,"depth":3,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:946"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:954"},"body":"

I believe you’re doing everything right, but you might be missing a newline after IEX. Give it a shot, and if it starts with ‘d12fd’, you’re on the right track!

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"166","kudosSumWeight":3,"repliesCount":3,"postTime":"2024-11-07T06:58:32.265-08:00","lastPublishTime":"2024-11-07T06:58:32.265-08:00","metrics":{"__typename":"MessageMetrics","views":53},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"User:user:491":{"__typename":"User","id":"user:491","uid":491,"login":"autom8on","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-10-31T05:28:15.431-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/dS00OTEtOTVxRUZ2?image-coordinates=0%2C0%2C400%2C400"},"rank":{"__ref":"Rank:rank:10"},"entityType":"USER","eventPath":"community:dnvaw96485/user:491"},"ModerationData:moderation_data:948":{"__typename":"ModerationData","id":"moderation_data:948","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:948":{"__typename":"ForumReplyMessage","uid":948,"id":"message:948","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:948","revisionNum":1,"author":{"__ref":"User:user:491"},"readOnly":false,"repliesCount":14,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumTopicMessage:message:911"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:948"},"body":"

I suspect the lab hasn't changed a great deal since I last did it in 2021. Sadly, my notes aren't amazing for the final question - but I've just checked, and the answer I've got in my notes is still correct (\"d12... ...dbc\"). The sum total of my notes for that question were \"Search for stager.ps1 AND scriptblock to find the bits. Then cut and paste them into a single file.\"

I'll try and find time to go back and recreate it again, and see if I get the same answer...

Random thought - there couldn't be some weird DOS/Unix formatting weirdness going on if you're mixing OSes, could there?

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":3,"postTime":"2024-11-07T05:39:39.870-08:00","lastPublishTime":"2024-11-07T05:39:39.870-08:00","metrics":{"__typename":"MessageMetrics","views":184},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wzfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:949"}},{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wzfDE0OjAsMzk6MXwy","node":{"__ref":"ForumReplyMessage:message:960"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:949":{"__typename":"ModerationData","id":"moderation_data:949","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:949":{"__typename":"ForumReplyMessage","uid":949,"id":"message:949","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:949","revisionNum":1,"author":{"__ref":"User:user:491"},"readOnly":false,"repliesCount":8,"depth":2,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:948"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:949"},"body":"

Yeah - it still seems fine from my PoV. You just stick the bits of data in separate files - glue them together - and then edit it to remove the whitespace that has been added by gluing the files together...

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":3,"postTime":"2024-11-07T05:55:02.101-08:00","lastPublishTime":"2024-11-07T05:55:02.101-08:00","metrics":{"__typename":"MessageMetrics","views":135},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:950"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:950":{"__typename":"ModerationData","id":"moderation_data:950","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:950":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:491"},"id":"message:950","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:950","revisionNum":1,"uid":950,"depth":3,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:949"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:950"},"body":"

The final size of the file you end up with is 26,471 bytes. You need to make sure you only get the bits that should be in the script - not any leading text, nor the trailing \"Scriptblock\" or \"Path\" trailing bits of text. You need to make sure you remove any trailing newlines left - the three scriptblock bits should NOT have trailing newlines (so the second one is an extension of the same long single line from the first file - not on a new line!).

Thanks autom8on for the response. Appreciate you providing a bit of the MD5, I'll keep plugging away until I find the right hash. ;)

At this point, I'm wondering if I am even looking at the right artifacts in SPLUNK but no matter what I am looking at, I'm left with 3x SPLUNK events that have broken up one of the stager.ps1 files. Clearly in the message block of the SPLUNK events I get 1/3, 2/3, and 3/3. Just combine the script characters, save them as a .txt file (or .ps1) and get the MD5 hash.

*** weird, I attempted to post this about 2 hours ago but m instance in \"community.immersivelabs.com\" disappeared .... refreshing my browser I now see my post.

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"223","kudosSumWeight":2,"postTime":"2024-11-07T07:44:05.248-08:00","lastPublishTime":"2024-11-07T07:44:05.248-08:00","metrics":{"__typename":"MessageMetrics","views":163},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjUuNHwyLjF8b3wxfDE0OjAsMzk6MXwx","hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:961"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:961":{"__typename":"ModerationData","id":"moderation_data:961","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:961":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:491"},"id":"message:961","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:961","revisionNum":1,"uid":961,"depth":3,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:960"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:961"},"body":"

Yeah - there seem to be some slightly weird timings going on with the frequency with which responses have been appearing on this page. Since I first looked, responses are now visible which seem to predate when I was looking here initially (so I'm not sure why I didn't see them before?).

You can't be far away from the right answer - good luck! :-)

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":2,"repliesCount":0,"postTime":"2024-11-07T07:49:00.762-08:00","lastPublishTime":"2024-11-07T07:49:00.762-08:00","metrics":{"__typename":"MessageMetrics","views":145},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:966":{"__typename":"ModerationData","id":"moderation_data:966","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMS15alk5UjU\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMS15alk5UjU","height":32,"width":32,"mimeType":"image/png"},"Rank:rank:1":{"__typename":"Rank","id":"rank:1","position":0,"name":"Community Manager","color":"4563FF","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMS15alk5UjU\"}"},"rankStyle":"FILLED"},"ForumReplyMessage:message:966":{"__typename":"ForumReplyMessage","uid":966,"id":"message:966","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:966","revisionNum":1,"author":{"__ref":"User:user:512"},"readOnly":false,"repliesCount":1,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumTopicMessage:message:911"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:966"},"body":"

Hats off to RobN and autom8on; they both led me to where I needed to go to get the right answer. I wish I could select both their responses as a \"solution\" as they both helped.

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"190","kudosSumWeight":3,"postTime":"2024-11-07T09:02:36.973-08:00","lastPublishTime":"2024-11-07T09:02:36.973-08:00","metrics":{"__typename":"MessageMetrics","views":106},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wzfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:998"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:998":{"__typename":"ModerationData","id":"moderation_data:998","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:998":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:5"},"id":"message:998","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:998","revisionNum":1,"uid":998,"depth":2,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:966"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:998"},"body":"

Interesting... I think it was our intention that you would be able to mark multiple replies as solutions. Let me check our settings 🤔

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"136","kudosSumWeight":2,"repliesCount":0,"postTime":"2024-11-11T01:16:27.146-08:00","lastPublishTime":"2024-11-11T01:16:27.146-08:00","metrics":{"__typename":"MessageMetrics","views":88},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:968":{"__typename":"ModerationData","id":"moderation_data:968","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:968":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:512"},"id":"message:968","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:968","revisionNum":1,"uid":968,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumTopicMessage:message:911"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:968"},"body":"

Oops - I left CyberSharpe out, my sincere apologies. I wish I could give a \"solution\" to CyberSharpe as well. Thank you.

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"146","kudosSumWeight":2,"repliesCount":0,"postTime":"2024-11-07T09:18:20.948-08:00","lastPublishTime":"2024-11-07T09:18:20.948-08:00","metrics":{"__typename":"MessageMetrics","views":95},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"User:user:2":{"__typename":"User","id":"user:2","uid":2,"login":"TillyCorless","biography":"Lead Program Manager for the Immersive Community","registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-05-24T05:46:29.664-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/dS0yLUVFRzh2WA?image-coordinates=867%2C1707%2C2734%2C3574"},"rank":{"__ref":"Rank:rank:1"},"entityType":"USER","eventPath":"community:dnvaw96485/user:2"},"ModerationData:moderation_data:912":{"__typename":"ModerationData","id":"moderation_data:912","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"ForumReplyMessage:message:912":{"__typename":"ForumReplyMessage","uid":912,"id":"message:912","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:912","revisionNum":1,"author":{"__ref":"User:user:2"},"readOnly":false,"repliesCount":2,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumTopicMessage:message:911"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:912"},"body":"

Hi -jlo- welcome to The Human Connection! Thanks for sharing one of the approaches you've taken by removing white spaces and return characters. I will speak with the lab author and come back to you, but in the meantime, can you share some other approaches you've tried and which haven't worked so far?

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":1,"postTime":"2024-11-05T06:42:15.348-08:00","lastPublishTime":"2024-11-05T06:42:15.348-08:00","metrics":{"__typename":"MessageMetrics","views":156},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wzfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:913"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:913":{"__typename":"ModerationData","id":"moderation_data:913","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"User:user:517":{"__typename":"User","id":"user:517","uid":517,"login":"RobN","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2024-11-06T11:45:11.756-08:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-12.svg?time=0"},"rank":{"__ref":"Rank:rank:10"},"entityType":"USER","eventPath":"community:dnvaw96485/user:517"},"ForumReplyMessage:message:913":{"__typename":"ForumReplyMessage","uid":913,"id":"message:913","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:913","revisionNum":1,"author":{"__ref":"User:user:512"},"readOnly":false,"repliesCount":1,"depth":2,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:912"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:913"},"body":"

Thanks Tilly for your response. I wish I could go into EVERY approach to my problem, I've tried hashing a file modified 100s of times by adding, removing spaces in trying to find the correct sequence.

From the lab, there are 3 separate parts/logs that need to be combined and created into a script. From there, one must find the MD5 hash of this file but leaving one character in/out will throw the sum/hash up.

Attached is a screenshot of my SPLUNK pull and the 3 message blocks I need to combine to recreate the script. I'm assuming all I need to combine is the 3x message fields and NOT the other SPLUNK fields. Anyways - not sure if my response was helpful.

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"208","kudosSumWeight":3,"postTime":"2024-11-05T07:11:10.253-08:00","lastPublishTime":"2024-11-05T07:11:10.253-08:00","metrics":{"__typename":"MessageMetrics","views":113},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"MessageEdge","cursor":"MjUuNHwyLjF8b3wxfDE0OjAsMzk6MXwx","node":{"__ref":"ForumReplyMessage:message:935"}}]},"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"ModerationData:moderation_data:935":{"__typename":"ModerationData","id":"moderation_data:935","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"ForumReplyMessage:message:935":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:517"},"id":"message:935","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:935","revisionNum":1,"uid":935,"depth":3,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:913"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:935"},"body":"

I have the same issue with this. I pasted the details into cyberchef and ran md5 from the left hand column. I tried removing spaces manually to clean up the code and and checked the hash afterwards but this didn't work. The lab advises recreating the file by joining the parts to do a md5sum check but windows defender flags it as a virus each time too.

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"203","kudosSumWeight":3,"repliesCount":0,"postTime":"2024-11-06T11:50:36.222-08:00","lastPublishTime":"2024-11-06T11:50:36.222-08:00","metrics":{"__typename":"MessageMetrics","views":123},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"customFields":[],"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"User:user:1457":{"__typename":"User","id":"user:1457","uid":1457,"login":"wayl0n","biography":null,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2025-05-03T15:29:46.948-07:00"},"deleted":false,"email":"","avatar":{"__typename":"UserAvatar","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/m_assets/avatars/default/avatar-2.svg?time=0"},"rank":{"__ref":"Rank:rank:8"},"entityType":"USER","eventPath":"community:dnvaw96485/user:1457"},"ModerationData:moderation_data:2166":{"__typename":"ModerationData","id":"moderation_data:2166","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":"2025-05-03T15:44:38.909-07:00","rejectActorType":"member"},"ForumReplyMessage:message:2166":{"__typename":"ForumReplyMessage","author":{"__ref":"User:user:1457"},"id":"message:2166","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:2166","revisionNum":1,"uid":2166,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumTopicMessage:message:911"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:2166"},"body":"

Hi everyone,

Hope this message finds you well.

The last question on this lab has me pulling my hair out. I have found the relevant 3 script blocks in Splunk. As an aside, I am wondering why we couldn't just provide the md5sum of the one that is already assembled.

Anyhow,

I have tried various methods to \"glue\" these 3 files together: using cat on the command line like:

cat file1.txt file2.txt file3.txt > file4.txt

, in cyberchef, using text editors, etc all to no avail.

Furthermore, I am not getting:

Message=Creating Scriptblock text (1 of 1):

ScriptBlock ID: 329b2213-f10d-4c56-8547-43d8104b0acc

lines, just the relevant text in between.

I paste \"file 2\" right where \"file 1\" left off and not on a new line.

But I can not get the file right.

The end of my file looks like:

+JyTgNj+xzHot87t+V3LZYs5FzmbNPPGvj/YFCbt8TPp4FP5k/2IBNXZfx++z7P4/txuVY/vfGL0mfwHtpjoXOwbh401hPQUac9yPrJqYDv1xN4lLQp8T+JH3oUbya3B3+Hf1CZtM/xxwQ2y29JJ49wFjjmvuY6vId+hTERZVkjID3rY8hnkn93GycfyO/iT3ychgrqXhWWAN1B8YGSb/6HLOh3Sz7rxv9+dxf+JgB+1IyLrrPT2SUz92p2RiD8/kwa5sh+HshjyE/+T+cu3rgE9+I/KPY62u+qTQuvp0Xqu3KPkEovj/867/++Z/+9A9/+oe/jFZbY7757V9/w1+96fpvf3NW78fTJCJRtPP/UfjrvxmT4/Lf//Y3Y3L+x79ML8f54V+6821wXP5VOFcEQfgn+FuDv/CnLnCY/za4HI7zzb9Yp+1xtZn/i7Y9zt93+8H8/WPlQ3Vj8n5YTiKAKe72lxToX4W/prj89aaVHEuOm/g+nxznwyX8mQFuRR38ja3//w==

$Decoded = [System.Convert]::FromBase64String($EncodedCompressedFile)
$MemStream = New-Object System.IO.MemoryStream
$MemStream.Write($Decoded, 0, $Decoded.Length)
$MemStream.Seek(0,0) | Out-Null
$CompressedStream = New-Object System.IO.Compression.DeflateStream($MemStream, [System.IO.Compression.CompressionMode]::Decompress)
$StreamReader = New-Object System.IO.StreamReader($CompressedStream)
$Output = $StreamReader.readtoend()
$Output | IEX

Which I noticed didn't have the same ending lines in base64 others.

Not sure how people are getting the right hash from this.

Thank you

","body@stripHtml({\"removeProcessingText\":false,\"removeSpoilerMarkup\":false,\"removeTocMarkup\":false,\"truncateLength\":200})@stringLength":"218","kudosSumWeight":0,"repliesCount":0,"postTime":"2025-05-03T15:44:36.031-07:00","lastPublishTime":"2025-05-03T15:44:36.031-07:00","metrics":{"__typename":"MessageMetrics","views":1},"visibilityScope":"PUBLIC","placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"isEscalated":null,"solution":false,"replies":{"__typename":"MessageConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"attachments":{"__typename":"AttachmentConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[]},"QueryVariables:MessageSolutions":{"__typename":"QueryVariables","id":"MessageSolutions","value":{"first":10,"constraints":{"topicId":{"eq":"message:911"},"solution":{"eq":true}},"sorts":{"postTime":{"direction":"ASC"}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":false,"useBody":true,"useKudosCount":false,"useTimeToRead":false,"useMedia":true,"useRepliesCount":false,"useSearchSnippet":false,"useAcceptedSolutionButton":true,"useSolvedBadge":false,"useAttachments":true,"useTags":false,"useUserHoverCard":false,"useNodeHoverCard":false,"usePreviewSubjectModal":false,"useMessageStatus":false}},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1748913817420","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/EscalatedMessageBanner-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/EscalatedMessageBanner-1748913817420","value":{"escalationMessage":"Escalated to Salesforce by {username} on {date}","viewDetails":"View Details","modalTitle":"Case Details","escalatedBy":"Escalated by: ","escalatedOn":"Escalated on: ","caseNumber":"Case Number: ","status":"Status: ","lastUpdateDate":"Last Update: ","automaticEscalation":"automatic escalation","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1748913817420","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1748913817420","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1748913817420","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSolvedBadge-1748913817420","value":{"solved":"Solved"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1748913817420","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1748913817420","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1748913817420","value":{"CustomField.default.label":"Value of {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1748913817420","value":{"repliesCount":"{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:root":"Comment","title@board:OCCASION@message:root":"Comment"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSolutionList-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSolutionList-1748913817420","value":{"emptyDescription":"No has been message solutions yet"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListMenu-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListMenu-1748913817420","value":{"postTimeAsc":"Oldest","postTimeDesc":"Newest","kudosSumWeightAsc":"Least Liked","kudosSumWeightDesc":"Most Liked","sortTitle":"Sort By","sortedBy.item":" { itemName, select, postTimeAsc {Oldest} postTimeDesc {Newest} kudosSumWeightAsc {Least Liked} kudosSumWeightDesc {Most Liked} other {}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/AcceptedSolutionButton-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/AcceptedSolutionButton-1748913817420","value":{"accept":"Mark as Solution","accepted":"Marked as Solution","errorHeader":"Error!","errorAdd":"There was an error marking as solution.","errorRemove":"There was an error unmarking as solution.","solved":"Solved","topicAlreadySolvedErrorTitle":"Solution Already Exists","topicAlreadySolvedErrorDesc":"Refresh the browser to view the existing solution"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1748913817420","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeView/NodeViewCard-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeView/NodeViewCard-1748913817420","value":{"title":"{nodeTitle} ","creationDate":"Created: {creationDate}","ownedBy":"Owned by: {owners}{text}","showOwnerListText":", and {ownersCount} more","unreadCount":"{count} unread","nodeViewDrawerBtn":"Node view drawer for {place}","drawerActionTooltip":"Show category children"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1748913817420","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"ModerationData:moderation_data:962":{"__typename":"ModerationData","id":"moderation_data:962","status":"APPROVED","rejectReason":null},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05NjItOG93aEEz?revision=1\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05NjItOG93aEEz?revision=1","title":"image.png","associationType":"BODY","width":229,"height":187,"altText":""},"AcceptedSolutionMessage:message:962":{"__typename":"AcceptedSolutionMessage","author":{"__ref":"User:user:517"},"id":"message:962","entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:911/message:962","revisionNum":1,"uid":962,"depth":3,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"parent":{"__ref":"ForumReplyMessage:message:960"},"conversation":{"__ref":"Conversation:conversation:911"},"subject":"Re: FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs","moderationData":{"__ref":"ModerationData:moderation_data:962"},"body":"

I think you have the artifacts right as you posted the same code I did. If you paste it into cyberchef and then look at the right hand side and click on crlf, try changing it to line feed (see screenshot) and then delete all the red marks that show up. This should give the correct hash (if you select md5 from the cyberchef recipe menu).

","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":200})@stringLength":"203","postTime":"2024-11-07T07:50:54.945-08:00","lastPublishTime":"2024-11-07T07:50:54.945-08:00","images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuNHwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/bS05NjItOG93aEEz?revision=1\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"solution":true,"metrics":{"__typename":"MessageMetrics","views":297},"placeholder":false,"showMoveIndicator":false,"originalMessageForPlaceholder":null,"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"isEscalated":null,"customFields":[]},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1748913817420","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1748913817420","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-components/common/ExternalLinkWarningModal-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/common/ExternalLinkWarningModal-1748913817420","value":{"title":"Leaving the Community","description":"You're about to leave this site and navigate to an external domain. Are you sure you want to continue?","action.submit":"Continue","action.cancel":"Go Back"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1748913817420","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1748913817420":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeTitle-1748913817420","value":{"nodeTitle":"{nodeTitle, select, community {Community} other {{nodeTitle}}} "},"localOverride":false}}}},"page":"/forums/ForumMessagePage/ForumMessagePage","query":{"boardId":"help","messageSubject":"fin7-threat-hunting-with-splunk-ep-3-–-execution-logs","messageId":"911"},"buildId":"L6311oNj_FtHpWug1zHiY","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","surveysEnabled":true,"openTelemetry":{"clientEnabled":false,"configName":"immersivelabs","serviceVersion":"25.4.0","universe":"prod","collector":"http://localhost:4318","logLevel":"error","routeChangeAllowedTime":"5000","headers":"","enableDiagnostic":"false","maxAttributeValueLength":"4095"},"apolloDevToolsEnabled":false,"quiltLazyLoadThreshold":"3"},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["components_seo_QAPageSchema","components_community_Navbar_NavbarWidget","components_community_Breadcrumb_BreadcrumbWidget","components_messages_TopicWithThreadedReplyListWidget","components_featured_places_FeaturedPlacesWidget","components_messages_RelatedContentWidget","components_messages_MessageListForNodeByRecentActivityWidget","components_community_FooterWidget","components_customComponent_CustomComponent","components_messages_MessageView_MessageViewStandard","components_messages_ThreadedReplyList","components_community_FooterWidgetHelpLink","components_community_KhorosLogo","components_messages_EscalatedMessageBanner","shared_client_components_common_List_UnstyledList","components_messages_MessageView","shared_client_components_common_Pager_PagerLoadMore","shared_client_components_common_List_GridList","components_nodes_NodeView","components_nodes_NodeView_NodeViewCard","components_messages_MessageView_MessageViewInline","shared_client_components_common_List_ListGroup","components_customComponent_CustomComponentContent_TemplateContent","shared_client_components_common_List_UnwrappedList","components_tags_TagView","components_tags_TagView_TagViewChip"],"appGip":true,"scriptLoader":[]}