User Tools


Xmas Cheer Laser (Laboratory)

I must admit that this one had me banging my head on the table, but it was not going to defeat me. After going back and forth I finally figured it out and a below is a sanitized run through.

WARNGING: ctrl + c restricted in this terminal - Do not use endless loops 
Type exit to exit PowerShell. 

PowerShell 6.2.3 
Copyright (c) Microsoft Corporation. All rights reserved. 

https://aka.ms/pscore6-docs 
Type 'help' to get help. 

๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ 
๐Ÿ—ฒ                                                                                ๐Ÿ—ฒ 
๐Ÿ—ฒ Elf University Student Research Terminal - Christmas Cheer Laser Project       ๐Ÿ—ฒ 
๐Ÿ—ฒ ------------------------------------------------------------------------------ ๐Ÿ—ฒ 
๐Ÿ—ฒ The research department at Elf University is currently working on a top-secret ๐Ÿ—ฒ 
๐Ÿ—ฒ Laser which shoots laser beams of Christmas cheer at a range of hundreds of    ๐Ÿ—ฒ 
๐Ÿ—ฒ miles. The student research team was successfully able to tweak the laser to   ๐Ÿ—ฒ 
๐Ÿ—ฒ JUST the right settings to achieve 5 Mega-Jollies per liter of laser output.   ๐Ÿ—ฒ 
๐Ÿ—ฒ Unfortunately, someone broke into the research terminal, changed the laser     ๐Ÿ—ฒ 
๐Ÿ—ฒ Read the calling card and follow the clues to find the correct laser Settings. ๐Ÿ—ฒ 
๐Ÿ—ฒ Apply these correct settings to the laser using it's Web API to achieve laser  ๐Ÿ—ฒ 
๐Ÿ—ฒ output of 5 Mega-Jollies per liter.                                            ๐Ÿ—ฒ 
๐Ÿ—ฒ                                                                                ๐Ÿ—ฒ 
๐Ÿ—ฒ Use (Invoke-WebRequest -Uri http://localhost:1225/).RawContent for more info.  ๐Ÿ—ฒ 
๐Ÿ—ฒ                                                                                ๐Ÿ—ฒ 
๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ๐Ÿ—ฒ  

Run the command above to get more information

PS /home/elf> (Invoke-WebRequest -Uri http://localhost:1225/).RawContent
HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 17:21:42 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 860 

<html> 
<body> 
<pre> 
---------------------------------------------------- 
Christmas Cheer Laser Project Web API 
---------------------------------------------------- 
Turn the laser on/off: 
GET http://localhost:1225/api/on 

Check the current Mega-Jollies of laser output 
GET http://localhost:1225/api/output 

Change the lense refraction value (1.0 - 2.0): 
GET http://localhost:1225/api/refraction?val=1.0 

Change laser temperature in degrees Celsius: 
GET http://localhost:1225/api/temperature?val=-10 

GET http://localhost:1225/api/angle?val=45.1 

Change gaseous elements mixture: 
POST http://localhost:1225/api/gas 
POST BODY EXAMPLE (gas mixture percentages): 
O=5&H=5&He=5&N=5&Ne=20&Ar=10&Xe=10&F=20&Kr=10&Rn=10 
---------------------------------------------------- 
</pre> 
</body> 
</html> 

Now we know how to interact with the laser. Get the contents of the callingcard.txt (I wish I could run 'cat')

PS /home/elf> Get-Content("/home/callingcard.txt") 
What's become of your dear laser? 
Fa la la la la, la la la la 
Seems you can't now seem to raise her! 
Fa la la la la, la la la la 
Could commands hold riddles in hist'ry? 
Fa la la la la, la la la la 
Nay! You'll ever suffer myst'ry! 
Fa la la la la, la la la la 

This information suggests that there is something in the command history

PS /home/elf> Get-History  

Id CommandLine 
  -- ----------- 
   1 Get-Help -Name Get-Process  
   2 Get-Help -Name Get-*  
   3 Set-ExecutionPolicy Unrestricted  
   4 Get-Service | ConvertTo-HTML -Property Name, Status > C:\services.htm  
   5 Get-Service | Export-CSV c:\service.csv  
   6 Get-Service | Select-Object Name, Status | Export-CSV c:\service.csv  
   7 (Invoke-WebRequest http://127.0.0.1:1225/api/angle?val=65.5).RawContent 
   8 Get-EventLog -Log "Application"  
   9 I have many name=value variables that I share to applications system wide. At a command I wโ€ฆ 
  10 (Invoke-WebRequest -Uri http://localhost:1225/).RawContent 
  11 Get-Content("/home/callingcard.txt") 

This provides the value of the parameter angle: /api/angle?val=65.5

And a partial clue.

PS /home/elf> Get-History -Id 9 | Format-List 

Id                 : 9 
CommandLine        : I have many name=value variables that I share to applications system wide.  
                     At a command I will reveal my secrets once you Get my Child Items. 
ExecutionStatus    : Completed 
StartExecutionTime : 11/29/19 4:57:16 PM 
EndExecutionTime   : 11/29/19 4:57:16 PM 
Duration           : 00:00:00.6090308 

Now we have the full clue;

I have many name=value variables that I share to applications system wide.
At a command I will reveal my secrets once you Get my Child Items.

This suggets looking at environment variables, but doing it the Powershell way.

PS /home/elf> Get-ChildItem Env: | Format-List 

Name  : _ 
Value : /bin/su 

Name  : DOTNET_SYSTEM_GLOBALIZATION_INVARIANT 
Value : false 

Name  : HOME 
Value : /home/elf 

Name  : HOSTNAME 
Value : 8397dea8f906 

Name  : LANG 
Value : en_US.UTF-8 

Name  : LC_ALL 
Value : en_US.UTF-8 

Name  : LOGNAME 
Value : elf 

Name  : MAIL 
Value : /var/mail/elf 

Name  : PATH 
        /usr/games:/usr/local/games 

Name  : PSModuleAnalysisCachePath 
Value : /var/cache/microsoft/powershell/PSModuleAnalysisCache/ModuleAnalysisCache 

Name  : PSModulePath 
Value : /home/elf/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/opt/micros 
        oft/powershell/6/Modules 

Name  : PWD 
Value : /home/elf 

Name  : RESOURCE_ID 
Value : b5979c0a-af06-46bb-9e36-ead47308aa3f 

Name  : riddle 
Value : Squeezed and compressed I am hidden away. Expand me from my prison and I will show 
        you the way. Recurse through all /etc and Sort on my LastWriteTime to reveal im the 
        newest of all.

Name  : SHELL 
Value : /home/elf/elf 

Name  : SHLVL 
Value : 1 

Name  : TERM 
Value : xterm 

Name  : USERDOMAIN 
Value : laserterminal 

Name  : userdomain 
Value : laserterminal 

Name  : USERNAME 
Value : elf 
Name  : username 
Value : elf 
PS /home/elf> Get-ChildItem -Path "/etc" -Force -Recurse | Sort-Object -Property LastWriteTime | Select-Object -Last 1 
Get-ChildItem : Access to the path '/etc/ssl/private' is denied. 
At line:1 char:1 
+ Get-ChildItem -Path "/etc" -Force -Recurse | Sort-Object -Property La ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
+ CategoryInfo          : PermissionDenied: (/etc/ssl/private:String) [Get-ChildItem], UnauthorizedAccessException 
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand 

Directory: /etc/apt 

Mode                LastWriteTime         Length Name 
----                -------------         ------ ---- 
--r---          12/25/19  5:21 PM        5662902 archive 
PS /home/elf> Expand-Archive "/etc/apt/archive"

Directory: /home/elf

Mode                LastWriteTime         Length Name 
----                -------------         ------ ---- 
d-----          12/25/19  5:26 PM                archive 
d-r---          12/13/19  5:15 PM                depths 
--r---          12/13/19  4:29 PM           2029 motd 

PS /home/elf> cd ./archive/refraction/ 
PS /home/elf/archive/refraction> dir 

Directory: /home/elf/archive/refraction 

Mode                LastWriteTime         Length Name 
----                -------------         ------ ---- 
------           11/7/19 11:57 AM            134 riddle 
------           11/5/19  2:26 PM        5724384 runme.elf 

PS /home/elf/archive/refraction> Get-Content("./riddle") 
Very shallow am I in the depths of your elf home. You can find my entity by using my md5 identity: 

25520151A320B5B0D21561F92C8F6224 
PS /home/elf/archive/refraction> Invoke-Expression("./runme.elf") 
Program 'runme.elf' failed to run: No such file or directoryAt line:1 char:1 
+ ./runme.elf 
+ ~~~~~~~~~~~. 
At line:1 char:1 
+ ./runme.elf 
+ ~~~~~~~~~~~ 
+ CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException 
+ FullyQualifiedErrorId : NativeCommandFailed 
 
PS /home/elf/archive/refraction> chmod +x ./runme.elf 
PS /home/elf/archive/refraction> Invoke-Expression("./runme.elf") 
refraction?val=1.867 
PS /home/elf/archive/refraction> Get-ChildItem "/home/elf/depths" -Recurse -File |                 
>> Foreach-Object {                                                                                
>>     $hashFromFile = (Get-FileHash -Path $_.FullName -Algorithm MD5).hash                        
>>     if ( $hashFromFile -eq "25520151A320B5B0D21561F92C8F6224" ) {                               
>>        Write-Output $_.FullName 
>>        Get-Content $_.FullName 
>>     } 
>> } 
/home/elf/depths/produce/thhy5hll.txt 
temperature?val=-33.5 

I am one of many thousand similar txt's contained within the deepest of /home/elf/depths. Finding me will give you the most strength but doing so will require Piping all the FullName's to Sort Length. 
PS /home/elf/archive/refraction> Get-ChildItem -Path "/home/elf/depths" -Filter *.txt -Recurse | Sort-Object Length -Descending | Select-Object -First 5 | 
>> Foreach-Object { 
>>     Write-Output $_.FullName 
>>     Write-Output $_.length 
>>     Get-Content $_.FullName 
>> } 
/home/elf/depths/produce/thhy5hll.txt 
224 
temperature?val=-33.5 

I am one of many thousand similar txt's contained within the deepest of /home/elf/depths. Finding me will give you the most strength but doing so will require Piping all the FullName's to Sort Length. 
/home/elf/depths/larger/cloud/behavior/beauty/enemy/produce/age/chair/unknown/escape/vote/long/writer/behind/ahead/thin/occasionally/explore/tape/wherever/practical/therefore/cool/plate/ice/play/truth/potatoes/beauty/fourth/careful/dawn/adult/either/burn/end/accurate/rubbed/cake/main/she/threw/eager/trip/to/soon/think/fall/is/greatest/become/accident/labor/sail/dropped/fox/0jhj5xz6.txt 
209 
Get process information to include Username identification. Stop Process to show me you're skilled and in this order they must be killed: 

bushy 
alabaster 
minty 
holly 

Do this for me and then you /shall/see . 
/home/elf/depths/larger/saddle/grown/correctly/allow/free/spoken/coffee/sight/increase/steady/division/gas/available/pressure/wooden/r9j67n1j.txt 
162 
master subject accurate straight seven bush concerned discover naturally comfortable production average concerned kill sail western loss machine remarkable making 
/home/elf/depths/larger/cloud/halfway/substance/or/numeral/title/except/book/tail/bow/prize/branch/saved/shade/desert/triangle/unless/environment/supply/largest/dkaascp8.txt 
159 
movie bill stronger island research summer tropical inch respect movement sunlight example therefore pain individual division lungs especially sang electricity 
/home/elf/depths/larger/cloud/halfway/substance/or/numeral/title/except/book/tail/bow/prize/branch/saved/shade/desert/triangle/major/jkfunyau.txt 
158 
taught manufacturing fire do discussion ancient information treated throughout handle act within cut powerful question inside understanding magnet headed shop 
PS /home/elf/archive/refraction>  
PS /home/elf/archive/refraction> Get-Process -IncludeUserName 

WS(M)   CPU(s)      Id UserName                       ProcessName 
     -----   ------      -- --------                       ----------- 
     28.98     1.32       6 root                           CheerLaserServi 
    174.71    15.85      31 elf                            elf 
      3.37     0.04       1 root                           init 
      0.72     0.00      24 bushy                          sleep 
      0.73     0.00      26 alabaster                      sleep 
      0.76     0.00      27 minty                          sleep 
      0.80     0.00      29 holly                          sleep 
      3.49     0.00      30 root                           su 

PS /home/elf/archive/refraction> Stop-Process 24 
PS /home/elf/archive/refraction> Stop-Process 26 
PS /home/elf/archive/refraction> Stop-Process 27 
PS /home/elf/archive/refraction> Stop-Process 29 
PS /home/elf/archive/refraction> Get-Content("/shall/see") 
Get the .xml children of /etc - an event log to be found. Group all .Id's and the last thing will be in the Properties of the lonely unique event Id. 

PS /home/elf/archive/refraction> Get-ChildItem -Path "/etc" -Filter *.xml -Force -Recurse 

Directory: /etc/systemd/system/timers.target.wants 

Mode                LastWriteTime         Length Name 
----                -------------         ------ ---- 
--r---          11/18/19  7:53 PM       10006962 EventLog.xml 
Get-ChildItem : Access to the path '/etc/ssl/private' is denied. 
At line:1 char:1 
+ Get-ChildItem -Path "/etc" -Filter *.xml -Force -Recurse 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
+ CategoryInfo          : PermissionDenied: (/etc/ssl/private:String) [Get-ChildItem], UnauthorizedAccessException 
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand 
  
PS /home/elf> $PATH="/etc/systemd/system/timers.target.wants/EventLog.xml"
PS /home/elf> Select-String -Pattern 'N="Id"' -CaseSensitive -Path $PATH | Sort-Object -Property Line    

/etc/systemd/system/timers.target.wants/EventLog.xml:68753:      <I32 N="Id">1</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:98019:      <I32 N="Id">2</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:114525:      <I32 N="Id">2</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:114413:      <I32 N="Id">2</I32> 
[SNIP] 
/etc/systemd/system/timers.target.wants/EventLog.xml:79833:      <I32 N="Id">2</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:14072:      <I32 N="Id">3</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:57374:      <I32 N="Id">3</I32> 
[SNIP] 
/etc/systemd/system/timers.target.wants/EventLog.xml:24173:      <I32 N="Id">3</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:118389:      <I32 N="Id">4</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:129939:      <I32 N="Id">4</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:23991:      <I32 N="Id">5</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:86077:      <I32 N="Id">5</I32> 
[SNIP] 
/etc/systemd/system/timers.target.wants/EventLog.xml:61742:      <I32 N="Id">5</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:97165:      <I32 N="Id">6</I32> 
/etc/systemd/system/timers.target.wants/EventLog.xml:118088:      <I32 N="Id">6</I32> 
[SNIP] 
/etc/systemd/system/timers.target.wants/EventLog.xml:100441:      <I32 N="Id">6</I32> 

PS /home/elf> Select-String -Pattern 'N="Id">1<' -CaseSensitive -Path $PATH -Context 10,250 

/etc/systemd/system/timers.target.wants/EventLog.xml:68743:    </MS> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68744:  </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68745:  <Obj RefId="1800"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68746:    <TN RefId="1800"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68747:       
<T>System.Diagnostics.Eventing.Reader.EventLogRecord</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68748:       
<T>System.Diagnostics.Eventing.Reader.EventRecord</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68749:      <T>System.Object</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68750:    </TN> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68751:     
<ToString>System.Diagnostics.Eventing.Reader.EventLogRecord</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68752:    <Props> 
> /etc/systemd/system/timers.target.wants/EventLog.xml:68753:      <I32 N="Id">1</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68754:      <By N="Version">5</By> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68755:      <Nil N="Qualifiers" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68756:      <By N="Level">4</By> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68757:      <I32 N="Task">1</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68758:      <I16 N="Opcode">0</I16> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68759:      <I64  
N="Keywords">-9223372036854775808</I64> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68760:      <I64 N="RecordId">2422</I64> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68761:      <S  
N="ProviderName">Microsoft-Windows-Sysmon</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68762:      <G  
N="ProviderId">5770385f-c22a-43e0-bf4c-06f5698ffbd9</G> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68763:      <S  
N="LogName">Microsoft-Windows-Sysmon/Operational</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68764:      <I32 N="ProcessId">1960</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68765:      <I32 N="ThreadId">6640</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68766:      <S  
N="MachineName">elfuresearch</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68767:      <Obj N="UserId" RefId="1801"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68768:        <TN RefId="1801"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68769:           
<T>System.Security.Principal.SecurityIdentifier</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68770:           
<T>System.Security.Principal.IdentityReference</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68771:          <T>System.Object</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68772:        </TN> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68773:         
<ToString>S-1-5-18</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68774:        <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68775:          <I32  
N="BinaryLength">12</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68776:          <Nil N="AccountDomainSid"  
/> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68777:          <S N="Value">S-1-5-18</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68778:        </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68779:      </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68780:      <DT  
N="TimeCreated">2019-11-07T09:59:56.5265735-08:00</DT> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68781:      <Nil N="ActivityId" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68782:      <Nil N="RelatedActivityId" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68783:      <S  
N="ContainerLog">microsoft-windows-sysmon/operational</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68784:      <Obj N="MatchedQueryIds"  
RefId="1802"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68785:        <TN RefId="1802"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68786:          <T>System.UInt32[]</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68787:          <T>System.Array</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68788:          <T>System.Object</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68789:        </TN> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68790:        <LST /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68791:      </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68792:      <Obj N="Bookmark"  
RefId="1803"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68793:        <TN RefId="1803"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68794:           
<T>System.Diagnostics.Eventing.Reader.EventBookmark</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68795:          <T>System.Object</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68796:        </TN> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68797:         
<ToString>System.Diagnostics.Eventing.Reader.EventBookmark</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68798:      </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68799:      <S  
N="LevelDisplayName">Information</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68800:      <S  
N="OpcodeDisplayName">Info</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68801:      <S  
N="TaskDisplayName">Process Create (rule: ProcessCreate)</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68802:      <Obj N="KeywordsDisplayNames"  
RefId="1804"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68803:        <TN RefId="1804"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68804:           
<T>System.Collections.ObjectModel.ReadOnlyCollection`1[[System.String, mscorlib,  
Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68805:          <T>System.Object</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68806:        </TN> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68807:        <LST /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68808:      </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68809:      <Obj N="Properties"  
RefId="1805"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68810:        <TN RefId="1805"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68811:           
<T>System.Collections.Generic.List`1[[System.Diagnostics.Eventing.Reader.EventProperty,  
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68812:          <T>System.Object</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68813:        </TN> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68814:        <LST> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68815:          <Obj RefId="1806"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68816:            <TN RefId="1806"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68817:               
<T>System.Diagnostics.Eventing.Reader.EventProperty</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68818:              <T>System.Object</T> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68819:            </TN> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68820:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68821:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68822:              <S N="Value"></S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68823:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68824:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68825:          <Obj RefId="1807"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68826:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68827:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68828:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68829:              <S  
N="Value">2019-11-07 17:59:56.525</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68830:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68831:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68832:          <Obj RefId="1808"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68833:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68834:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68835:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68836:              <G  
N="Value">ba5c6bbb-5b9c-5dc4-0000-00107660a900</G> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68837:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68838:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68839:          <Obj RefId="1809"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68840:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68841:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68842:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68843:              <U32  
N="Value">3664</U32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68844:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68845:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68846:          <Obj RefId="18010"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68847:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68848:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68849:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68850:              <S  
N="Value">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68851:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68852:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68853:          <Obj RefId="18011"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68854:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68855:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68856:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68857:              <S  
N="Value">10.0.14393.206 (rs1_release.160915-0644)</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68858:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68859:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68860:          <Obj RefId="18012"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68861:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68862:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68863:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68864:              <S N="Value">Windows  
PowerShell</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68865:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68866:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68867:          <Obj RefId="18013"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68868:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68869:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68870:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68871:              <S  
N="Value">Microsoftยฎ Windowsยฎ Operating System</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68872:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68873:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68874:          <Obj RefId="18014"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68875:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68876:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68877:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68878:              <S  
N="Value">Microsoft Corporation</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68879:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68880:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68881:          <Obj RefId="18015"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68882:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68883:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68884:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68885:              <S  
N="Value">PowerShell.EXE</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68886:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68887:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68888:          <Obj RefId="18016"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68889:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68890:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68891:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68892:              <S  
N="Value">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -c "`$correct_gases_postbody  
= @{`n    O=6`n    H=7`n    He=3`n    N=4`n    Ne=22`n    Ar=11`n    Xe=10`n    F=20`n    Kr=8`n  
   Rn=9`n}`n"</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68893:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68894:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68895:          <Obj RefId="18017"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68896:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68897:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68898:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68899:              <S N="Value">C:\</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68900:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68901:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68902:          <Obj RefId="18018"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68903:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68904:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68905:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68906:              <S  
N="Value">ELFURESEARCH\allservices</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68907:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68908:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68909:          <Obj RefId="18019"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68910:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68911:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68912:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68913:              <G  
N="Value">ba5c6bbb-5b9c-5dc4-0000-0020f55ca900</G> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68914:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68915:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68916:          <Obj RefId="18020"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68917:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68918:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68919:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68920:              <U64  
N="Value">11099381</U64> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68921:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68922:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68923:          <Obj RefId="18021"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68924:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68925:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68926:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68927:              <U32 N="Value">0</U32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68928:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68929:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68930:          <Obj RefId="18022"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68931:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68932:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68933:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68934:              <S N="Value">High</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68935:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68936:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68937:          <Obj RefId="18023"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68938:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68939:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68940:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68941:              <S  
N="Value">MD5=097CE5761C89434367598B34FE32893B</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68942:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68943:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68944:          <Obj RefId="18024"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68945:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68946:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68947:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68948:              <G  
N="Value">ba5c6bbb-4c79-5dc4-0000-001029350100</G> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68949:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68950:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68951:          <Obj RefId="18025"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68952:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68953:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68954:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68955:              <U32  
N="Value">1008</U32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68956:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68957:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68958:          <Obj RefId="18026"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68959:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68960:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68961:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68962:              <S  
N="Value">C:\Windows\System32\svchost.exe</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68963:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68964:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68965:          <Obj RefId="18027"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68966:            <TNRef RefId="1806" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68967:             
<ToString>System.Diagnostics.Eventing.Reader.EventProperty</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68968:            <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68969:              <S  
N="Value">C:\Windows\system32\svchost.exe -k netsvcs</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68970:            </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68971:          </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68972:        </LST> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68973:      </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68974:    </Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68975:    <MS> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68976:      <S N="Message">Process  
Create:_x000D__x000A_RuleName: _x000D__x000A_UtcTime: 2019-11-07  
17:59:56.525_x000D__x000A_ProcessGuid:  
{BA5C6BBB-5B9C-5DC4-0000-00107660A900}_x000D__x000A_ProcessId: 3664_x000D__x000A_Image:  
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe_x000D__x000A_FileVersion:  
10.0.14393.206 (rs1_release.160915-0644)_x000D__x000A_Description: Windows  
PowerShell_x000D__x000A_Product: Microsoftยฎ Windowsยฎ Operating System_x000D__x000A_Company:  
Microsoft Corporation_x000D__x000A_OriginalFileName: PowerShell.EXE_x000D__x000A_CommandLine:  
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -c "`$correct_gases_postbody = @{`n     
O=6`n    H=7`n    He=3`n    N=4`n    Ne=22`n    Ar=11`n    Xe=10`n    F=20`n    Kr=8`n     
Rn=9`n}`n"_x000D__x000A_CurrentDirectory: C:\_x000D__x000A_User:  
ELFURESEARCH\allservices_x000D__x000A_LogonGuid:  
{BA5C6BBB-5B9C-5DC4-0000-0020F55CA900}_x000D__x000A_LogonId:  
0xA95CF5_x000D__x000A_TerminalSessionId: 0_x000D__x000A_IntegrityLevel:  
High_x000D__x000A_Hashes: MD5=097CE5761C89434367598B34FE32893B_x000D__x000A_ParentProcessGuid:  
{BA5C6BBB-4C79-5DC4-0000-001029350100}_x000D__x000A_ParentProcessId:  
1008_x000D__x000A_ParentImage: C:\Windows\System32\svchost.exe_x000D__x000A_ParentCommandLine:  
C:\Windows\system32\svchost.exe -k netsvcs</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68977:    </MS> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68978:  </Obj> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68979:  <Obj RefId="8525"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68980:    <TNRef RefId="0" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68981:     
<ToString>System.Diagnostics.Eventing.Reader.EventLogRecord</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68982:    <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68983:      <I32 N="Id">5</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68984:      <By N="Version">3</By> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68985:      <Nil N="Qualifiers" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68986:      <By N="Level">4</By> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68987:      <I32 N="Task">5</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68988:      <I16 N="Opcode">0</I16> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68989:      <I64  
N="Keywords">-9223372036854775808</I64> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68990:      <I64 N="RecordId">1018</I64> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68991:      <S  
N="ProviderName">Microsoft-Windows-Sysmon</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68992:      <G  
N="ProviderId">5770385f-c22a-43e0-bf4c-06f5698ffbd9</G> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68993:      <S  
N="LogName">Microsoft-Windows-Sysmon/Operational</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68994:      <I32 N="ProcessId">1960</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68995:      <I32 N="ThreadId">6640</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68996:      <S  
N="MachineName">elfuresearch</S> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68997:      <Obj N="UserId" RefId="8526"> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68998:        <TNRef RefId="1" /> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:68999:         
<ToString>S-1-5-18</ToString> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:69000:        <Props> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:69001:          <I32  
N="BinaryLength">12</I32> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:69002:          <Nil N="AccountDomainSid"  
/> 
  /etc/systemd/system/timers.target.wants/EventLog.xml:69003:          <S N="Value">S-1-5-18</S> 

PS /home/elf>  
 
PS /home/elf> (Invoke-WebRequest http://localhost:1225/api/off).RawContent 
HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 18:26:36 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 33 

Christmas Cheer Laser Powered Off 
 
PS /home/elf> (Invoke-WebRequest http://localhost:1225/api/on).RawContent 

HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 18:26:37 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 32 
 

Christmas Cheer Laser Powered On 
PS /home/elf> (Invoke-WebRequest http://localhost:1225/api/refraction?val=1.867).RawContent 
HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 18:26:39 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 87 
 

Updated Lense Refraction Level - Check /api/output if 5 Mega-Jollies per liter reached. 
PS /home/elf> (Invoke-WebRequest http://localhost:1225/api/temperature?val=-33.5).RawContent 
HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 18:26:41 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 82 
 

Updated Laser Temperature - Check /api/output if 5 Mega-Jollies per liter reached. 
PS /home/elf> (Invoke-WebRequest http://localhost:1225/api/angle?val=65.5).RawContent 
HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 18:26:42 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 77 
 

Updated Mirror Angle - Check /api/output if 5 Mega-Jollies per liter reached. 
PS /home/elf> $correct_gases_postbody = @{O=6;H=7;He=3;N=4;Ne=22;Ar=11;Xe=10;F=20;Kr=8;Rn=9} 
PS /home/elf> (Invoke-WebRequest -Uri http://localhost:1225/api/gas -Method POST -Body $correct_gases_postbody).RawContent 
HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 18:26:44 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 81 
 

Updated Gas Measurements - Check /api/output if 5 Mega-Jollies per liter reached. 
PS /home/elf> (Invoke-WebRequest http://localhost:1225/api/output).RawContent
HTTP/1.0 200 OK
Server: Werkzeug/0.16.0
Server: Python/3.6.9
Date: Wed, 25 Dec 2019 18:26:46 GMT
Content-Type: text/html; charset=utf-8 
Content-Length: 200 
 

Success! - 5.27 Mega-Jollies of Laser Output Reached!