154100x8000000000000000173026Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:25:07.443{CCA468B6-2B03-6375-CC03-000000009402}2748C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--"C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe" http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{CCA468B6-26BA-6375-A902-000000009402}4944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000171453Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:24:13.644{CCA468B6-2ACD-6375-C403-000000009402}4364C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--"C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe" tcp 22C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{CCA468B6-26BA-6375-A902-000000009402}4944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000170118Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:23:40.149{CCA468B6-2AAC-6375-BD03-000000009402}5412C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--ngrok.exe tcp 3389 --cidr-allow 0.0.0.0/32C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{CCA468B6-2AAC-6375-BC03-000000009402}3936C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c ngrok.exe tcp 3389 --cidr-allow 0.0.0.0/32WIN-HOST-MHAAG-\Administrator 154100x8000000000000000170109Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:23:40.141{CCA468B6-2AAC-6375-BC03-000000009402}3936C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c ngrok.exe tcp 3389 --cidr-allow 0.0.0.0/32C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{CCA468B6-26BA-6375-A902-000000009402}4944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000168914Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:22:55.284{CCA468B6-2A7F-6375-B903-000000009402}4504C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--ngrok.exe tcp 3389 --cidr-allow 0.0.0.0/32C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{CCA468B6-2A7F-6375-B803-000000009402}4336C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c ngrok.exe tcp 3389 --cidr-allow 0.0.0.0/32WIN-HOST-MHAAG-\Administrator 154100x8000000000000000168905Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:22:55.276{CCA468B6-2A7F-6375-B803-000000009402}4336C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c ngrok.exe tcp 3389 --cidr-allow 0.0.0.0/32C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{CCA468B6-26BA-6375-A902-000000009402}4944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000158543Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:12:18.945{CCA468B6-2802-6375-6A03-000000009402}5364C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{CCA468B6-2802-6375-6903-000000009402}5516C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c ngrok.exe http 80WIN-HOST-MHAAG-\Administrator 154100x8000000000000000158532Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:12:18.938{CCA468B6-2802-6375-6903-000000009402}5516C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{CCA468B6-26BA-6375-A902-000000009402}4944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000151285Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:07:11.399{CCA468B6-26CF-6375-4203-000000009402}2844C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{CCA468B6-26CF-6375-4103-000000009402}3648C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c ngrok.exe http 80WIN-HOST-MHAAG-\Administrator 154100x8000000000000000151276Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:07:11.389{CCA468B6-26CF-6375-4103-000000009402}3648C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{CCA468B6-26BA-6375-A902-000000009402}4944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000144517Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:06:59.208{CCA468B6-26C3-6375-F002-000000009402}5100C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--"C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe" http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\WIN-HOST-MHAAG-\Administrator{CCA468B6-2696-6375-B154-1D0000000000}0x1d54b12HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{CCA468B6-26BA-6375-A902-000000009402}4944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000103422Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:59:52.727{0BBB6F36-2518-6375-E400-000000009502}5060C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{0BBB6F36-2518-6375-E300-000000009502}1428C:\Windows\System32\cmd.execmd.exe /c ngrok.exe http 80ATTACKRANGE\Administrator 154100x8000000000000000103413Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:59:52.720{0BBB6F36-2518-6375-E300-000000009502}1428C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /c ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{0BBB6F36-2500-6375-D900-000000009502}6484C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator 154100x8000000000000000102443Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:59:37.836{0BBB6F36-2509-6375-E200-000000009502}6204C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{0BBB6F36-2500-6375-D900-000000009502}6484C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator 154100x800000000000000097269Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:58:45.890{0BBB6F36-24D5-6375-D200-000000009502}4380C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--ngrok.exe http 80C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{0BBB6F36-24C8-6375-CC00-000000009502}6160C:\Windows\System32\cmd.execmd.exe /KATTACKRANGE\Administrator 154100x800000000000000096776Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:58:32.969{0BBB6F36-24C8-6375-CC00-000000009502}6160C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /KC:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{0BBB6F36-24C5-6375-C700-000000009502}5184C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe"C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe" ATTACKRANGE\Administrator 154100x800000000000000096561Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:58:32.870{0BBB6F36-24C8-6375-CB00-000000009502}6764C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeC:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{0BBB6F36-24C5-6375-C700-000000009502}5184C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe"C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe" ATTACKRANGE\Administrator 154100x800000000000000095560Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:58:30.086{0BBB6F36-24C6-6375-C800-000000009502}6548C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{0BBB6F36-24C5-6375-C700-000000009502}5184C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe"C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe" ATTACKRANGE\Administrator 154100x800000000000000095539Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:58:29.935{0BBB6F36-24C5-6375-C700-000000009502}5184C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe-The ngrok agent gets you online in one line.ngrok agent--"C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exe" C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ATTACKRANGE\Administrator{0BBB6F36-2486-6375-69F8-0B0000000000}0xbf8692HighMD5=9DC7237AC63D552270C5CA27960168C3,SHA256=370D3B2AC96306A83CC49F1C5929A0BADBEB2459D966046D88BC38709FB0245F{0BBB6F36-2488-6375-A100-000000009502}4968C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECKATTACKRANGE\Administrator 22542200x8000000000000000174598Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:25:53.885{CCA468B6-26A3-6375-5402-000000009402}2084eb61-52-33-245-159.ngrok.io02600:1f16:d83:1200::6e:3;C:\Program Files\Mozilla Firefox\firefox.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000174597Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:25:53.882{CCA468B6-26A3-6375-5402-000000009402}2084eb61-52-33-245-159.ngrok.io03.134.125.175;C:\Program Files\Mozilla Firefox\firefox.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000174596Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:25:53.881{CCA468B6-26A3-6375-5402-000000009402}2084eb61-52-33-245-159.ngrok.io0::ffff:3.134.125.175;C:\Program Files\Mozilla Firefox\firefox.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000203644Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 18:25:13.326{0BBB6F36-2493-6375-AF00-000000009502}5680eb61-52-33-245-159.ngrok.io02600:1f16:d83:1200::6e:3;C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administrator 22542200x8000000000000000203643Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 18:25:13.325{0BBB6F36-2493-6375-AF00-000000009502}5680eb61-52-33-245-159.ngrok.io03.134.125.175;C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administrator 22542200x8000000000000000203642Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 18:25:13.323{0BBB6F36-2493-6375-AF00-000000009502}5680eb61-52-33-245-159.ngrok.io0::ffff:3.134.125.175;C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administrator 22542200x8000000000000000173749Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:25:06.802{CCA468B6-2B03-6375-CC03-000000009402}2748crl.ngrok.com0::ffff:54.192.76.65;::ffff:54.192.76.63;::ffff:54.192.76.53;::ffff:54.192.76.75;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000173745Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:25:06.679{CCA468B6-2B03-6375-CC03-000000009402}2748tunnel.ngrok.com0::ffff:3.20.27.198;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000203376Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 18:24:58.125{0BBB6F36-2493-6375-AF00-000000009502}56804.tcp.ngrok.io9501-C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administrator 22542200x8000000000000000203375Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 18:24:58.123{0BBB6F36-2493-6375-AF00-000000009502}56804.tcp.ngrok.io03.131.147.49;C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administrator 22542200x8000000000000000203374Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 18:24:58.122{0BBB6F36-2493-6375-AF00-000000009502}56804.tcp.ngrok.io0::ffff:3.131.147.49;C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administrator 22542200x8000000000000000201517Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 18:24:40.231{0BBB6F36-25AA-6375-F800-000000009502}63004.tcp.ngrok.io0::ffff:3.131.147.49;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeATTACKRANGE\Administrator 22542200x8000000000000000172183Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:24:13.084{CCA468B6-2ACD-6375-C403-000000009402}4364crl.ngrok.com0::ffff:54.192.76.65;::ffff:54.192.76.63;::ffff:54.192.76.53;::ffff:54.192.76.75;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000172179Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:24:12.953{CCA468B6-2ACD-6375-C403-000000009402}4364tunnel.ngrok.com0::ffff:3.20.27.198;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000171010Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:23:39.539{00000000-0000-0000-0000-000000000000}5412crl.ngrok.com0::ffff:65.8.66.100;::ffff:65.8.66.126;::ffff:65.8.66.85;::ffff:65.8.66.20;<unknown process>WIN-HOST-MHAAG-\Administrator 22542200x8000000000000000171008Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:23:39.420{00000000-0000-0000-0000-000000000000}5412tunnel.ngrok.com0::ffff:3.20.27.198;<unknown process>WIN-HOST-MHAAG-\Administrator 22542200x8000000000000000169690Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:22:54.668{00000000-0000-0000-0000-000000000000}4504crl.ngrok.com0::ffff:65.8.66.100;::ffff:65.8.66.126;::ffff:65.8.66.85;::ffff:65.8.66.20;<unknown process>WIN-HOST-MHAAG-\Administrator 22542200x8000000000000000169680Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:22:54.539{00000000-0000-0000-0000-000000000000}4504tunnel.ngrok.com0::ffff:3.20.27.198;<unknown process>WIN-HOST-MHAAG-\Administrator 22542200x8000000000000000159386Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:12:18.371{CCA468B6-2802-6375-6A03-000000009402}5364crl.ngrok.com0::ffff:54.192.76.53;::ffff:54.192.76.75;::ffff:54.192.76.65;::ffff:54.192.76.63;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000159382Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:12:18.244{CCA468B6-2802-6375-6A03-000000009402}5364tunnel.ngrok.com0::ffff:3.20.27.198;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000152177Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:07:10.764{CCA468B6-26CF-6375-4203-000000009402}2844crl.ngrok.com0::ffff:54.192.76.63;::ffff:54.192.76.65;::ffff:54.192.76.75;::ffff:54.192.76.53;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000152173Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:07:10.646{CCA468B6-26CF-6375-4203-000000009402}2844tunnel.ngrok.com0::ffff:3.20.27.198;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000147512Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:06:59.207{CCA468B6-26C3-6375-F002-000000009402}5100crl.ngrok.com0::ffff:54.192.76.63;::ffff:54.192.76.65;::ffff:54.192.76.75;::ffff:54.192.76.53;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000147508Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-11-16 18:06:59.026{CCA468B6-26C3-6375-F002-000000009402}5100tunnel.ngrok.com0::ffff:3.20.27.198;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeWIN-HOST-MHAAG-\Administrator 22542200x8000000000000000104156Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:59:53.403{0BBB6F36-2518-6375-E400-000000009502}5060crl.ngrok.com0::ffff:54.192.76.75;::ffff:54.192.76.53;::ffff:54.192.76.65;::ffff:54.192.76.63;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeATTACKRANGE\Administrator 22542200x8000000000000000104154Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:59:53.276{0BBB6F36-2518-6375-E400-000000009502}5060tunnel.ngrok.com0::ffff:3.16.250.205;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeATTACKRANGE\Administrator 22542200x8000000000000000103324Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:59:40.751{0BBB6F36-2509-6375-E200-000000009502}6204crl.ngrok.com0::ffff:54.192.76.53;::ffff:54.192.76.63;::ffff:54.192.76.75;::ffff:54.192.76.65;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeATTACKRANGE\Administrator 22542200x8000000000000000103322Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:59:40.640{0BBB6F36-2509-6375-E200-000000009502}6204tunnel.ngrok.com0::ffff:3.136.132.147;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeATTACKRANGE\Administrator 22542200x800000000000000097990Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:58:46.591{0BBB6F36-24D5-6375-D200-000000009502}4380crl.ngrok.com0::ffff:54.192.76.53;::ffff:54.192.76.63;::ffff:54.192.76.75;::ffff:54.192.76.65;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeATTACKRANGE\Administrator 22542200x800000000000000097988Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-540.attackrange.local-2022-11-16 17:58:46.465{0BBB6F36-24D5-6375-D200-000000009502}4380tunnel.ngrok.com0::ffff:3.136.132.147;C:\Users\Administrator\Downloads\ngrok-v3-stable-windows-amd64\ngrok.exeATTACKRANGE\Administrator