11241100x800000000000000088319838Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-8786-2022-07-27 21:12:22.478{ec28c72e-aa36-62e1-4854-3a610e560000}17680/bin/bash/root/.ssh/authorized_keys2022-07-27 21:12:22.478root 154100x800000000000000088319835Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-8786-2022-07-27 21:12:22.476{ec28c72e-aa36-62e1-d029-2aa2a2550000}17683/bin/cat-----cat /root/.ssh/authorized_keys/tmproot{ec28c72e-0000-0000-0000-000001000000}0706no level-{00000000-0000-0000-0000-000000000000}17682--- 154100x800000000000000088319821Linux-Sysmon/Operationalsysmonlinux-mhaag-attack-range-8786-2022-07-27 21:12:22.473{ec28c72e-aa36-62e1-4854-3a610e560000}17680/bin/bash-----bash -c if [ -f ~/.ssh/authorized_keys ]; then ssh_authorized_keys=$(cat ~/.ssh/authorized_keys); echo $ssh_authorized_keys > ~/.ssh/authorized_keys; fi;/tmproot{ec28c72e-0000-0000-0000-000001000000}0706no level-{00000000-0000-0000-0000-000000000000}17588---