534500x8000000000000000331869Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.560{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeATTACKER 26542600x8000000000000000331868Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.544{568bc38a-5030-65d2-de12-000000003000}19932ATTACKERC:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\version.dllMD5=FBE588B15EB1BD86DEFADE69F796B56F,SHA256=31144E8B156FE87317073C48A09ABCB033FDA8DBDD96986C4ABEA8C00C00355F,IMPHASH=00000000000000000000000000000000true 26542600x8000000000000000331867Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.544{568bc38a-5030-65d2-de12-000000003000}19932ATTACKERC:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\UAC.dllMD5=431E5B960AA15AF5D153BAE6BA6B7E87,SHA256=A6D956F28C32E8AA2AB2DF13EF52637E23113FAB41225031E7A3D47390A6CF13,IMPHASH=55A6A096DF3564193C302728985D6BDAtrue 26542600x8000000000000000331866Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.544{568bc38a-5030-65d2-de12-000000003000}19932ATTACKERC:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\System.dllMD5=C17103AE9072A06DA581DEC998343FC1,SHA256=DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F,IMPHASH=2017F2ACBDAA42AB3E4ADEB8B4C37E7Btrue 26542600x8000000000000000331865Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.544{568bc38a-5030-65d2-de12-000000003000}19932ATTACKERC:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\nsDialogs.dllMD5=C10E04DD4AD4277D5ADC951BB331C777,SHA256=E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A,IMPHASH=1E2884056E655F2B7BC5A904E352FC80true 26542600x8000000000000000331864Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.544{568bc38a-5030-65d2-de12-000000003000}19932ATTACKERC:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dllMD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685true 734700x8000000000000000331863Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.513{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\UAC.dll-----MD5=431E5B960AA15AF5D153BAE6BA6B7E87,SHA256=A6D956F28C32E8AA2AB2DF13EF52637E23113FAB41225031E7A3D47390A6CF13,IMPHASH=55A6A096DF3564193C302728985D6BDAfalse-UnavailableATTACKER 734700x8000000000000000331862Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.513{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\UAC.dll-----MD5=431E5B960AA15AF5D153BAE6BA6B7E87,SHA256=A6D956F28C32E8AA2AB2DF13EF52637E23113FAB41225031E7A3D47390A6CF13,IMPHASH=55A6A096DF3564193C302728985D6BDAfalse-UnavailableATTACKER 11241100x8000000000000000331861Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.475{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\UAC.dll2024-02-18 18:45:07.475ATTACKER 254200x8000000000000000331860Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT10992024-02-18 18:45:07.475{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\Install\screenie.bmp2023-10-18 19:42:42.0002024-02-18 18:45:07.475ATTACKER 734700x8000000000000000331859Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.475{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331858Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.475{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 254200x8000000000000000331857Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT10992024-02-18 18:45:07.460{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\Validator.exe2024-01-18 20:46:50.0002024-01-18 20:46:50.000ATTACKER 11241100x8000000000000000331856Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.444{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\Validator.exe2024-01-18 20:46:50.000ATTACKER 26542600x8000000000000000331855Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:07.444{568bc38a-5030-65d2-de12-000000003000}19932ATTACKERC:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\Validator.exeMD5=086A92C00DE73EAB05F25AF084ABFEC9,SHA256=07501FBAEFC1536029418ED74F5B6E96EE4284FCE16762D0FF0D385137B4337D,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744false 734700x8000000000000000331854Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.044{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331853Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.044{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331852Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.028{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331851Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.028{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331850Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.013{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331849Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:07.013{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331848Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:06.992{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331847Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:06.992{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331846Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:04.487{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\nsDialogs.dll-----MD5=C10E04DD4AD4277D5ADC951BB331C777,SHA256=E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A,IMPHASH=1E2884056E655F2B7BC5A904E352FC80false-UnavailableATTACKER 734700x8000000000000000331845Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:04.487{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\nsDialogs.dll-----MD5=C10E04DD4AD4277D5ADC951BB331C777,SHA256=E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A,IMPHASH=1E2884056E655F2B7BC5A904E352FC80false-UnavailableATTACKER 11241100x8000000000000000331844Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:04.471{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\nsDialogs.dll2024-02-18 18:45:04.471ATTACKER 254200x8000000000000000331843Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT10992024-02-18 18:45:04.455{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\modern-wizard.bmp2023-10-18 19:42:42.0002023-10-18 19:42:42.000ATTACKER 254200x8000000000000000331842Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT10992024-02-18 18:45:04.455{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\modern-wizard.bmp2023-10-18 19:42:42.0002024-02-18 18:45:04.440ATTACKER 734700x8000000000000000331841Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:04.440{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\version.dll-----MD5=FBE588B15EB1BD86DEFADE69F796B56F,SHA256=31144E8B156FE87317073C48A09ABCB033FDA8DBDD96986C4ABEA8C00C00355F,IMPHASH=00000000000000000000000000000000false-UnavailableATTACKER 734700x8000000000000000331840Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:04.440{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\version.dll-----MD5=FBE588B15EB1BD86DEFADE69F796B56F,SHA256=31144E8B156FE87317073C48A09ABCB033FDA8DBDD96986C4ABEA8C00C00355F,IMPHASH=00000000000000000000000000000000false-UnavailableATTACKER 11241100x8000000000000000331839Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:04.387{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\version.dll2024-02-18 18:45:04.387ATTACKER 734700x8000000000000000331838Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:04.371{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 734700x8000000000000000331837Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:04.371{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll-----MD5=9E7D36EDCC188E166DEE9552017AC94F,SHA256=D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D,IMPHASH=B79DE4E8687B3FCE7173EC8DC917F685false-UnavailableATTACKER 11241100x8000000000000000331836Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:04.356{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\AccessControl.dll2024-02-18 18:45:04.356ATTACKER 734700x8000000000000000331835Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lanT1574.0022024-02-18 18:45:04.356{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\System.dll-----MD5=C17103AE9072A06DA581DEC998343FC1,SHA256=DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F,IMPHASH=2017F2ACBDAA42AB3E4ADEB8B4C37E7Bfalse-UnavailableATTACKER 11241100x8000000000000000331834Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:04.356{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exeC:\Users\attacker\AppData\Local\Temp\nsp43C0.tmp\System.dll2024-02-18 18:45:04.356ATTACKER 154100x8000000000000000331833Microsoft-Windows-Sysmon/Operationalvictim_pc.attack_range.lan-2024-02-18 18:45:04.210{568bc38a-5030-65d2-de12-000000003000}19932C:\Users\attacker\Downloads\pollev (1).exe-----"C:\Users\attacker\Downloads\pollev (1).exe" /UAC:A066C /NCRC C:\Users\attacker\AppData\Local\Temp\2\nsgFC85.tmp\Install\ATTACKER{568bc38a-5030-65d2-3b15-700d00000000}0xd70153b2MediumMD5=D815553646FCCD1FC57604F34FB73764,SHA256=7D4A1BBA99E8BEC6350AEF1ED20238055EC267FFB67378D1088ADECCF70AC066,IMPHASH=7FA974366048F9C551EF45714595665E{568bc38a-501d-65d2-da12-000000003000}2660C:\Users\attacker\Downloads\pollev (1).exe"C:\Users\attacker\Downloads\pollev (1).exe" ATTACKER