diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
index 5061b68..30f18ef 100644
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -55,7 +55,7 @@ jobs:
           ./hayabusa-${LATEST_VER#v}-lin-x64-gnu json-timeline -d ../../hayabusa-sample-evtx -L -w -p super-verbose -o ../../takajo/timeline.jsonl
 
       - name: run extract-credentials
-        run: cd takajo && ./takajo eextract-credentials -t timeline.jsonl -o credentials.csv
+        run: cd takajo && ./takajo extract-credentials -t timeline.jsonl -o credentials.csv
 
       - name: run extract-scriptblocks
         run: cd takajo && ./takajo extract-scriptblocks -t timeline.jsonl
diff --git a/src/takajopkg/timelineLogon.nim b/src/takajopkg/timelineLogon.nim
index 1275c11..fdf77d1 100644
--- a/src/takajopkg/timelineLogon.nim
+++ b/src/takajopkg/timelineLogon.nim
@@ -47,11 +47,11 @@ method analyze*(self: TimelineLogonCmd, x: HayabusaJson) =
         singleResultTable["TargetUser"] = details.extractStr("TgtUser")
         let impersonationLevel = extraFieldInfo.extractStr("ImpersonationLevel")
         singleResultTable["Impersonation"] = impersonationLevelIdToName(impersonationLevel)
-        singleResultTable["SourceIP"] = details.extractStr("SrcComp")
+        singleResultTable["SourceIP"] = details.extractStr("SrcIP")
         singleResultTable["Process"] = details.extractStr("LogonProcessName")
         singleResultTable["LID"] = details.extractStr("LID")
         singleResultTable["LGUID"] = extraFieldInfo.extractStr("LogonGuid")
-        singleResultTable["SourceComputer"] = details.extractStr("SrcIP")
+        singleResultTable["SourceComputer"] = details.extractStr("SrcComp")
         let elevatedToken = extraFieldInfo.extractStr("ElevatedToken")
         singleResultTable["ElevatedToken"] = elevatedTokenIdToName(elevatedToken)
         singleResultTable["TargetUserSID"] = extraFieldInfo.extractStr("TargetUserSid")