354300x800000000000000058383937Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 20:13:24.142{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse127.0.0.1-55846-false127.0.0.1-9000-
354300x800000000000000058383934Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 20:13:21.020{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse127.0.0.1-55834-false127.0.0.1-9000-
354300x800000000000000058382374Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:44:20.285{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse127.0.0.1-47476-false127.0.0.1-9000-
354300x800000000000000058382291Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:39:42.597{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse127.0.0.1-36628-false127.0.0.1-9000-
354300x800000000000000058382289Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:39:42.316{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse127.0.0.1-36626-false127.0.0.1-9000-
354300x800000000000000058382287Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:39:36.933{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse10.0.1.20-39204-false18.205.222.128-443-
354300x800000000000000058382284Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:39:36.857{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse10.0.1.20-59892-false54.192.76.63-80-
354300x800000000000000058382272Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:39:36.786{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrokroottcptruefalse10.0.1.20-41056-false3.12.62.205-443-
154100x800000000000000058382263Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:39:36.719{ec265aa6-53e8-63c0-ed3a-bf0000000000}2949/opt/ngrok-----./ngrok http 9000/optroot{ec265aa6-5371-63c0-0000-000003000000}01no level-{ec265aa6-5371-63c0-4814-6d16bf550000}2936/bin/bash/bin/bashroot
354300x800000000000000058381874Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:33:26.578{ec265aa6-5276-63c0-ed3a-bf0000000000}2749/opt/ngrokroottcptruefalse10.0.1.20-53442-false54.161.241.46-443-
354300x800000000000000058381873Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:33:26.539{ec265aa6-5276-63c0-ed3a-bf0000000000}2749/opt/ngrokroottcptruefalse10.0.1.20-58898-false54.192.76.75-80-
354300x800000000000000058381857Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:33:26.466{ec265aa6-5276-63c0-ed3a-bf0000000000}2749/opt/ngrokroottcptruefalse10.0.1.20-52308-false3.133.228.214-443-
154100x800000000000000058381849Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-3934-2023-01-12 18:33:26.386{ec265aa6-5276-63c0-ed3a-bf0000000000}2749/opt/ngrok-----./ngrok http 80/optroot{ec265aa6-0000-0000-0000-000000000000}01no level-{ec265aa6-4c9d-63c0-4804-b3071e560000}2450/bin/bashbashroot